what is a 'hardware firewall'??

Hi,

I am using a router, but I'm not quite sure what a
hardware firewall is.

I phoned the manufacturer, but even they don't seem
to understand what a hardware firewall is...

Can anyone explain what it is?
or perhaps kind enough to show me the screenshot of the setting ?

Thanks!

 

http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp

 

A "hardware" firewall is a "software" firewall (not to be confused with a personal firewall) running on a seperate machine. Typically it's a machine running Unix dedicated to filtering, but routers commonly include a firewall.

 

Hi Hama , I think you may find the pertinent info by googling "NAT as a firewall". For example:

http://www.networkclue.com/routing/Firewalls/nat.aspx

http://en.wikipedia.org/wiki/Network_address_translation

 

To put it simply:
A hardware firewall is a dedicated device that sits between an internal network (such as your PC's) and and external network (such as the internet) and filters traffic to protect the internal network. The hardware firewall runs software so in that sense it's not different from a personal software firewall you run on a PC. The difference is it's separate from your PC, and can do complex filtering without impacting the performance on your PC the way a personal software firewall can.

A NAT router is a dedicated device that takes the single connection coming from your cable/DSL modem and makes it available to multiple computers. It also changes the IP address assigned to your computer which provides additional isolation/protection. Last, it is common for home routers to have some firewall functionality as well. They are not as sophisticated as dedicated firewalls, but they provide pretty good protection for small home networks. Hope this helps.

 

Thanks all for your replies,
I really appreciate it.

I found out that my router has the NAT thingy,
and the port forwarding thingy.

However, I'm not quite sure how to configure it.
Can anyone give me a good link on how to configure?

Thanks!

 

What router brand are you using?

 

I'm not sure if you would know even if I tell you.
It is 'ipTIME G204', probably from Korea.

Is the configuration different for each brand?

 

Hi Hama .

Maybe you're not fully understanding. All routers need to do NAT in order to do what they do. And the "side-effect" of NAT, is that unsolicited incoming connections are dropped (ref 1st link). So in effect, the router acts like a firewall giving u "incoming protection" by blocking/dropping unsolicited incoming traffic.

There's no switch to "turn on" the firewall, if that's what you're asking. If you are behind a router, u have a "hardware firewall" blocking unsolicited incoming connections.

Do you p2p/torrent, or do u need to access your home PC from outside of home? In those cases, you'll need to do "port forwarding" - in essense, it's like telling your router to route those incoming connections to your PC, instead of blocking/dropping them. But no need to do port forwarding if you don't p2p or need access from outside.

Edit: Oh, and online gaming probably req to port forward too.

 

Network Address Translation (NAT) is automatic. If you open a command window and type ipconfig you will see that your PC's IP address is likely in the 192.168.x.x address range. The IP address assigned by your ISP (internet service provider) is different. That address is taken by the router instead.

Regarding "port forwarding", that is only necessary under certain circumstances. Are you experiencing any connectivity problems?

Regarding the router's firewall features, they are not necessarily ON by default. You will have to go into the router's settings and view the options. To access the router's settings open a command window, type ipconfig and note the gateway IP address. Type that address in a web browser like this:

http://x.x.x.x

The router will likely ask you for a user name and password. The default varies. You can try admin/password, admin/admin, admin/______ (blank). Once you're into the settings let us know what you find

 

You might find this site helpful: http://portforward.com/

 

Is it possible to specify which incoming connections are to be allowed and which aren't? Thanks.