I was just wondering everyones thoughts on using multiple firewalls like 8Signs with LNS? I have been doing so for about a week now and they seem to run very smooth together. I was just thinking maybe running two might help them catch what the other misses (if any) ...
Hi, Generally not recomended running two firewalls togther, same with AV pros. But if your not having any problems then why not.
It is not recommended to run more than one software firewall on a system. Both 8Signs and LnS packet filtering work at a low level (more so than some other firewalls) and this could cause conflicts. Properly configured, neither should miss anything. So pick the one you feel best suits you needs and stick with it. Regards, CrazyM
is that a fact or a myth i remember back in the day i ran black ice and zap it seem to work perty damn well is there any proof that multi layer fire wall dont work
They have been working perfectly together so far. I am going to keep using both of them until one of them stops working correctly because of it. I figure if they work together than why not. As small as they both are I can use them as backups for ejother.
Well if you go to options_and de-select automatic selection, under network interfaces and remove all the checkmarks and unselect internet filtering, then it won't conflict at all! (just make sure you unselect everything else that you have selected in options, such as, solve ip address names-through Display pornt name and value. Then you will have a perfect (unclashing combo) of app filtering and an excellent Statefull firewall!
Black Ice was/is used in conjunction with firewalls more for it's IDS qualities which would compliment the firewall, not for it's firewalling (packet filtering) abilities. Most developers will not recommend running more than one software firewall on a system. If you want multi layer firewalling you are better served by using a hardware device and then a single application on systems behind it. Regards, CrazyM
I have a better idea! I will leave everything turned on and they will work perfectly together! I am just testing this and was wondering what everyone thought on the subject. I am not saying it is a good idea.
And hope that there is some indication of the failure and your system is at risk? The question should by why? It is not going to afford you any additional protection. Neither one of these firewalls needs a backup . As I noted above, if you want to layer firewalling, use a hardware device in addition to a single application on systems behind it. Regards, CrazyM
Good point about it effecting me without me knowing. I am currently using LinkSys so I have that covered. Guess I will get rid of 8Signs Thanks for the input.
Only purpose for running Look ānā Stop along side another Software Firewall is if you wanting to use its App-Filtering, and trying to use two Software Firewalls packet filtering systems would generate conflicts noticeable or otherwise.
yes there is. From my own personal tests, I have witnessed ZA blocking an application trying to call out while installed alone, but to fail to do so with few ones when another firewall was installed, this one even being "disabled" (the drivers are still loaded at startup). It can work, but it can fail to work too, and not necessarely in an obvious and visible behaviour, hence the danger to do so. Now if you use the application filtering of one with the network filtering of another it should be ok, but stress your setup to be sure of this. regards, gkweb.
The key word here is they seem.. I used to think the same thing until i was proven wrong few years back when a friend managed to get through 2 firewalls installed when in fact each one alone was able to block. The problem is that they may each fight access to the stack and let things through that way without you being able to notice anything. If you don't trust the firewall you have to do the job, my advice is change for another one...
Thanks gkweb for the first example in which it doesn't work, I've been testing this for quite a while (using 2 SW firewalls together) and never saw any problem. Because i can't be sure it works with EVERY 2 firewalls, * * * i wouldn't recommend it ! * * * But i agree that it is more a feeling that, it is not good to run 2 FW's together. And the fact is .. that most firewalls companies doesn't like to have a 2nd running, then it is based on facts. I have tried several firewalls together, and never saw a problem. Most of the time , what the first one didn't catch the other did.... If one has a port open and the other has the same port closed, no traffic was allowed (TEST THIS YOURSELF!) I am conviced that a lot of XP SP2 users will run 2 (build in and another one), so we will hear more about this in the future. Gkweb, can you inform me how i can reproduce the situation you've mentioned. Because i like to see this for myself.
I would have to agree, an subtract my previous coments. Running two firewalls would place your system in danger and offer you absolutly no extra protection. You can check your firewall settings here with the leak test http://grc.com/lt/scoreboard.htm Windows SP2 security centre will turn off the built in firewall by default when it detects a third party firewall, as running two with SP2 can cause major system instability.
When I had or have doubts about my firewall setup, I double-check by running CommView, Port Explorer, or Ethereal. You should be able to see if anything is getting through. Although I have used BI with ZA, ConSeal (formerly 8Signs), and Sygate without any problems in the past, I now use Outpost Pro behind a Linksys with good results. Nick
Yes!, i've tried several other combinations, and OF COURSE tested them (for months each!!!), but i could not produce a situation that closed ports where suddenly open, or that sofware got acces to outside suddenly. So pure firewalls (without the extra's like TPF etc.) have never given a problem , i have tested a lot because of a bet we had here in our company. :>) So again, i don't recommend it, but instead of saying it is dangerous (fine ..for the novice), Please give me an example on how i can reproduce an problem with any 2 firewalls you can find. And i agree on the more features that are added on a firewall the greater the risk. But then you can expect to find the SW conflicts in the Extra's.
BTW were had 3 pc's with each 2 SW firewalls , behind a cisco 2611 Router with IOS Version 12.2(1) with PIX of course !! And Cabletron/Enterasys IDS. This to monitor the traffic, and to be sure we didn't overlook something. The tests were done in a lab, we run a lot of external tests, to see the behaviour. Again... those were SW firewalls-only and not combined security software solutions.
Just as an update to this post I would like to add that I have continued trying out combinations of firewalls. I have decided to use LNS with Tiny. LNS as IPS and Tiny as IDS and application control. Also I would like to say that BlackIce 3.6 works great along LNS (as others have said), as does Tiny.