Multiple firewalls?

Discussion in 'LnS English Forum' started by AJohn, Oct 9, 2004.

Thread Status:
Not open for further replies.
  1. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I was just wondering everyones thoughts on using multiple firewalls like 8Signs with LNS? I have been doing so for about a week now and they seem to run very smooth together. I was just thinking maybe running two might help them catch what the other misses (if any) ...
     
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, Generally not recomended running two firewalls togther, same with AV pros.
    But if your not having any problems then why not.
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It is not recommended to run more than one software firewall on a system. Both 8Signs and LnS packet filtering work at a low level (more so than some other firewalls) and this could cause conflicts.

    Properly configured, neither should miss anything. So pick the one you feel best suits you needs and stick with it.

    Regards,

    CrazyM
     
  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    is that a fact or a myth i remember back in the day i ran black ice and zap it seem to work perty damn well

    is there any proof that multi layer fire wall dont work
     
  5. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    They have been working perfectly together so far. I am going to keep using both of them until one of them stops working correctly because of it. I figure if they work together than why not. As small as they both are I can use them as backups for ejother.
     
  6. ?Dingo

    ?Dingo Guest

    Well if you go to options_and de-select automatic selection, under network interfaces and remove all the checkmarks and unselect internet filtering, then it won't conflict at all! (just make sure you unselect everything else that you have selected in options, such as, solve ip address names-through Display pornt name and value. Then you will have a perfect (unclashing combo) of app filtering and an excellent Statefull firewall! :D
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Black Ice was/is used in conjunction with firewalls more for it's IDS qualities which would compliment the firewall, not for it's firewalling (packet filtering) abilities.
    Most developers will not recommend running more than one software firewall on a system. If you want multi layer firewalling you are better served by using a hardware device and then a single application on systems behind it.

    Regards,

    CrazyM
     
  8. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    I have a better idea!
    I will leave everything turned on and they will work perfectly together!

    I am just testing this and was wondering what everyone thought on the subject. I am not saying it is a good idea.
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    And hope that there is some indication of the failure and your system is at risk?
    The question should by why? It is not going to afford you any additional protection.
    Neither one of these firewalls needs a backup ;). As I noted above, if you want to layer firewalling, use a hardware device in addition to a single application on systems behind it.

    Regards,

    CrazyM
     
  10. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Good point about it effecting me without me knowing. I am currently using LinkSys so I have that covered. Guess I will get rid of 8Signs :D Thanks for the input.
     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Only purpose for running Look ā€˜nā€™ Stop along side another Software Firewall is if you wanting to use its App-Filtering, and trying to use two Software Firewalls packet filtering systems would generate conflicts noticeable or otherwise. ;)
     
  12. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    yes there is.
    From my own personal tests, I have witnessed ZA blocking an application trying to call out while installed alone, but to fail to do so with few ones when another firewall was installed, this one even being "disabled" (the drivers are still loaded at startup).

    It can work, but it can fail to work too, and not necessarely in an obvious and visible behaviour, hence the danger to do so.
    Now if you use the application filtering of one with the network filtering of another it should be ok, but stress your setup to be sure of this.

    regards,

    gkweb.
     
  13. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    The key word here is they seem..
    I used to think the same thing until i was proven wrong few years back when a friend managed to get through 2 firewalls installed when in fact each one alone was able to block.
    The problem is that they may each fight access to the stack and let things through that way without you being able to notice anything.
    If you don't trust the firewall you have to do the job, my advice is change for another one...
     
  14. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Thanks gkweb for the first example in which it doesn't work,
    I've been testing this for quite a while (using 2 SW firewalls together) and never saw any problem.
    Because i can't be sure it works with EVERY 2 firewalls,
    * * * i wouldn't recommend it ! * * *

    But i agree that it is more a feeling that, it is not good to run 2 FW's together.
    And the fact is .. that most firewalls companies doesn't like to have a 2nd running, then it is based on facts.

    I have tried several firewalls together, and never saw a problem.
    Most of the time , what the first one didn't catch the other did....
    If one has a port open and the other has the same port closed,
    no traffic was allowed (TEST THIS YOURSELF!)

    I am conviced that a lot of XP SP2 users will run 2 (build in and another one),
    so we will hear more about this in the future.

    Gkweb, can you inform me how i can reproduce the situation you've mentioned.
    Because i like to see this for myself.
     
  15. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    I would have to agree, an subtract my previous coments.

    Running two firewalls would place your system in danger and offer you absolutly no extra protection.

    You can check your firewall settings here with the leak test

    http://grc.com/lt/scoreboard.htm


    Windows SP2 security centre will turn off the built in firewall by default when it detects a third party firewall, as running two with SP2 can cause major system instability.
     
  16. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  17. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    When I had or have doubts about my firewall setup, I double-check by running CommView, Port Explorer, or Ethereal. You should be able to see if anything is getting through. Although I have used BI with ZA, ConSeal (formerly 8Signs), and Sygate without any problems in the past, I now use Outpost Pro behind a Linksys with good results.

    Nick
     
  18. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    Yes!, i've tried several other combinations, and OF COURSE tested them (for months each!!!),
    but i could not produce a situation that closed ports where suddenly open,
    or that sofware got acces to outside suddenly.

    So pure firewalls (without the extra's like TPF etc.) have never given
    a problem , i have tested a lot because of a bet we had here in our company.
    :>)


    So again, i don't recommend it, but instead of saying it is dangerous (fine ..for the novice),

    Please give me an example on how i can reproduce an problem with
    any 2 firewalls you can find.

    And i agree on the more features that are added on a firewall
    the greater the risk. But then you can expect to find the SW conflicts
    in the Extra's.
     
  19. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    BTW were had 3 pc's with each 2 SW firewalls ,
    behind a cisco 2611 Router with IOS Version 12.2(1) with PIX of course !!
    And Cabletron/Enterasys IDS.
    This to monitor the traffic, and to be sure we didn't overlook something.
    The tests were done in a lab, we run a lot of external tests, to see the behaviour. Again... those were SW firewalls-only and not combined security software solutions.
     
  20. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Just as an update to this post I would like to add that I have continued trying out combinations of firewalls. I have decided to use LNS with Tiny. LNS as IPS and Tiny as IDS and application control. Also I would like to say that BlackIce 3.6 works great along LNS (as others have said), as does Tiny. :)
     
Thread Status:
Not open for further replies.