is your PC more secure with 2 hardware firewalls or 1 is fine

Discussion in 'other firewalls' started by winterlord, Aug 27, 2009.

Thread Status:
Not open for further replies.
  1. winterlord
    Offline

    winterlord Registered Member

    hi i have a question. i have a real nice firewalll 300.00 cysco for my home, has all sorts of bells and whistles ect aplication annomaly detection ect. i also run FW and AV software.

    but i was wondering if i put a second router/firewall in (my old netgear web safe) wich is a very minor firewall would that make my PC and network even more secure? or would it not help.

    reason i ask is because i read somewhere of someone using 2 hardware firewalls.

    also i was wondering does a loopback adress mean your network could be compromised? i cant find the 127.0.0.0 adress since im using a new software firewall, but i know iv seen it in the past in the firewall section as an trusted adress.
  2. funkydude
    Online

    funkydude Registered Member

    If anything, your network would be slightly slower, by about 1ms or so. I don't see any extra benefit from the 2nd hardware firewall at all.

    So unless you have another reason (other than wanting another firewall) I suggest you stay with 1 router.
  3. winterlord
    Offline

    winterlord Registered Member

    ok, yea my firewall is great i can't complain rvs series corprate :) but honestly i get paranoid on the net at times lol. just wondered if there was any merit to running 2 hardware firewalls. i know the second firewall i have is a cheapo. but im not to much of an networking exper to know the answer
  4. funkydude
    Online

    funkydude Registered Member

    Well the answer is no, it wouldn't add any extra protection, everything is already protected. It would most likely cause more problems than anything else.
  5. Seer
    Offline

    Seer Registered Member

    No. Loopback interface is a virtual adapter and referrs to your own computer. Anything sent to this address is immediately received on it as well, meaning that no hardware adapters are used in the process.

    Regarding your inital question on 2 h/w firewalls, I fully agree with funkydude. Of course, you would benefit from Cisco if Netgear is in front, but why would you want to do such a thing is beyond me.
  6. tipstir
    Offline

    tipstir Registered Member

    BlueCoat hardware as most administered as do all hardware firewall on the higher end. Business end should use two hardware firewalls on domain. Home users have routers with NAT, SPI, Intrusion Dection an etc. Then you can run software firewall on your clients boxes on workgroup or small business domain.
  7. HKEY1952
    Offline

    HKEY1952 Registered Member

    Chaining the routers out of one network to one modem will not add or increase security, the networks security is only as strong as the weakest link. However, using one modem, and,
    installing an second router to create another segregated network to deliberately isolate the networks, will definitely increase security between the two internal networks.
    One might want to utilize isolated networks to segregate the adults computers from the children's computers, or business computers from home computers.
    Computers behind firewall router one can not see computers behind firewall router two and visa versa, the topology can be found here:
    http://www.wilderssecurity.com/showpost.php?p=1521487&postcount=5

    If only one printer is available, print traffic can be configured within the routers to rout the print traffic to the destination IP.



    HKEY1952
  8. blacknight
    Offline

    blacknight Registered Member

    Better than using two hw firewalls would be to use behind your pc an hw firewall and a linux based pc as server.
  9. noone_particular
    Offline

    noone_particular Registered Member

    For a standard home network, one hardware firewall is plenty. When a network includes a server that can be accessed from the web and a private LAN, a 2nd hardware firewall can be used to isolate the two, but that's beyond the needs of an average home network. For a home network, the most you would need is one hardware firewall out front and a software firewall on each of the PCs. You'll get different opinions as to whether the software firewall would even be necessary.
  10. winterlord
    Offline

    winterlord Registered Member

    ok thanks guys
  11. YeOldeStonecat
    Offline

    YeOldeStonecat Registered Member

    Even in business networks it's more common/desired to still use just 1 hardware firewall/UTM appliance. They're robust enough to "orange zone" or VLAN servers exposed to the public side, so they're separated from the main office LAN.

    Double NAT from multiple firewalls/routers isn't desired in biz networks either.
  12. mack_guy911
    Offline

    mack_guy911 Registered Member

  13. mack_guy911
    Offline

    mack_guy911 Registered Member

    strange i also wonder and wanted to know if one firewall is comprised for ex let say in that case if the netgear firewall is in front and some how some one know through tools like nmap......etc and some he manage to break the 1st firewall what happen then

    1. will it also by default bypass through cisco firewall as well
    2. will it stop on cisco firewall mode.....

    i mean a attack


    please comment
  14. winterlord
    Offline

    winterlord Registered Member

    looks o me like in that example that you would put the cheaper older router on the outside as an external router? not sure if that makes any since to me though because evwen though id want my pc more protected then my fiances who is nto computer savy when it comes to security and websites not to go to. like .ws .de ect

    so even though i want high security i want her to have security by the much better firewall i have to wich would mean puting it on te outside. and the older one in?>
  15. Meriadoc
    Offline

    Meriadoc Registered Member

    Its a good way of isolating part of your network, (I've mentioned here before about isolating mine/my kids machines) and perimeter subnets.
Thread Status:
Not open for further replies.