Router vs Firewall
First I can connect several PCs to a router, then connect this router to an ADSL modem, and finally via this model (which is connected to an local ISP), all the PCs on the LAN can access to the internet;
Now, let's do this with a firewall, i.e., connect several PCs to a Firewall, then connect this Firewall to an ADSL modem, and finally via this model (which is connected to an local ISP), all the PCs on the LAN can access to the internet, too.
So, my question is when should we use the router and when to use firewall?
Especially, nowadays, a router contains "some" firewall inside, while a firewall also contains "some" router inside.
Thanks to help
Scott
Scott
First you posted exactly this same question of the Getting Started with LANs forum. Then you posted it on this forum. I suggest that we consolidate the discussion on the Getting Started forum.
HTH
Rick
Similar Messages
-
I have AppleTV and Ipad2 running VJay app to my TV over a private cisco router disabled firewall but I keep loosing the video on my TV after a few minutes what can I do?
I also get this problem on my iPad, so probably not related to the AppleTV. On the iPad I restarted Airport Extreme this time, and then the iPad saw my Home Sharing.
So to recap, restarting the router or Airport Express allowed the iPad and AppleTV to see Home Sharing. Restarting AppleTV also allows AppleTV to see Home Sharing.
So does anyone have any idea?
Thanks -
I have just been informed by Apple Care that my entire implementation for my Xserve is off base. We only got to this problem when Kerberos wouldn't work. I had judiciously followed the manual and had my Ether1 and 2 ports set up to do external (1) internal (2), provide DHCP, NAT, VPN the whole nine yards. Ran gateway assistant, got my FQDN, promoted to open directory. And now I am told by my Apple Care guy that this is not at all the way to go; that I need to have an external router with firewall and assign the static IP to it and then run the server interally only. Let me just say I took the 4 day server essentials class and that was noticably lacking in the discussion. So I guess what I am asking today is what an ideal router/firewall product would be suggested. I'd prefer it be rack mounted. I also need a product that the company is going to support. So suggestions are greatly appreciated.
I guess I am back to square one on this. Full reinstall. Sigh.1. Run OD and AFP on the fixed IP Master. This should
be your strongest, fastest server and must have a
real fixed IP address, not allocated by DHCP. You
need an FQDN for this IP address entereted in your
internal DNS.
WES: I believe I am hearing you say that the VPN/Firewall server (the weaker one) would now carry the static IP address on ethernet1; and have say 192.168.2.1 as it's manualy set internal IP on ethernet2; say 192.168.3.1. The better server would have it's IP manually set to, say 192.168.3.1.
2. Run internal DHCP and DNS services on the Master
also.
WES: I am not sure why one would run DHCP and DNS here though? I figured that was a simplier process to accompish off the weaker server.
3. On your firewall machine (the Replica, maybe
running Tiger Server 10-user) run your webpages &
VPN.
WES: But as I understood it, one had to run this off of the machine with the FQDN. Same as mail. More below....
4. Put Mail on a completely separate box in your
DMZ.
WES: I'm not sure I follow you here. I am out of boxes. Actually I'll have to buy another one if I got this route at all. I don't have nearly a large enough operation to justify three servers -- maybe not two -- except for this problem.
One advantage of using a Tiger Server Master/Replica
over a cheap firewall box is that you have redundancy
available for all your Tiger Server apps (DHCP, DNS,
etc). You also have an automatic backup of all user
accounts/passwords and you don't need to configure
separate VPN accounts/profiles for your users.
WES: Yes that makes sense.
Plus, if you're serious about VPN, 'proper' routers
start to get real expensive if you need concurrent
connections.
WES: There is another issue that I am a bit uncertain about. Where I got into trouble here was trying to get Kerberos to work. However, I am not sure that in the end that's a service I'm going to need. If VPN encrypts all traffic over the internet is Kerberos necesssary. I DON'T need it in house as there isn't an internal security issue of any kind. Maybe I am shooting for something I don't need...which brings us to...I am still confused about the Apple Care guy's comment that with the set up as it is, he could essentially raid my OD. He rattled off a lot of cool talk that made me think he was right but I have never found any reference to this. Can anyone explain to me -- one box acting in this capacity for a small office with a public IP -- being that open to a security risk. Puzzles me. -
WRT54GS - Firewall - adding program to router's firewall
Need help. I have ATX 2007 tax software and I'm trying to do an e-filing. I contacted software vendor and was walked through adding the software in exceptions using Windows Firewall. I also disabled the windows firewall but still could not do a filing. I kept getting error message of no internet connection. Strange thing about this, I have ATX 2006 software and able to do e-filings and connect to internet. The techies at ATX said the problem was the router. They tried entering my computer remotely but could not get through because again they said router's firewall is blocking. How can I add my software through the router's built-in firewall? In the meantime, I have to revert back to dial-up (ugh!) on my old laptop just to do e-filings for my clients. Any suggestions?
The router only works with a broadband cable/dsl connection and not dial-up. Can you get online with the router?
The box said windows xp or better... So I installed Linux! -
Need Help in finding out Router, Switch, firewall n IDS 4 Datacentre
Hii All,
Greetings!!!
Iam workin on project for Datacenter. I need ur help in finding me out the exact Router, Switch, Firewall & IDS series based on my attached complete technical specification.
pls find attched tech info for router, switch, firewall & IDS. Ur prompt respnse will be appreciated..
Thanku in advance 4 ur kind cooperation & help.
Looking forward 4 ur prompt response.
Brgds
Arif....The write-up more sounds like it's an 7206VXR router, a 6500E with Sup720.
FW/ASA/PIX is an ASA 5510
Please don't forget to rate useful posts. Thanks. -
Can i setup my network such that i placed a Cisco ASA firewall between my mpls router and cisco switch ?
| MPLS Router | ------------- | ASA Firewall | --------------- | Switch | ------------ | VLANs |Hi
As per your senario it look like en enterprise network. So you won't requrie MPLS lable Propagation in your internet network.
If possible can clear that weather you want to Propagate the MPLS Lable in you internet network or do you run MPLS in you routers & switchs or do you have only an MPLS Link from your SP.
And if you won't require MPLS lable Propagation or you have not configured MPLS in intenal network then you can configure ASA in routed mode & can use all feature that you requried.
Regards
Chetan Kumar
http://chetanress.blogspot.com -
Extreme running in bridge mode, can't get out past router or firewall
Hello
I have my Laptop, Mini and an older PC connected to my wireless network via my new airport extreme. I had teh system connected and got the solid green light but no internet. After putting the extreme into bridge mode everything works fine. The problem I have now is that I can't activate my web cam it says that i am blocked behind a firewall or router. I have been told that to get out from behind the router of firewall I need to be out of the bridge mode, but when I try this I loose my internet connection??? Anybody have a suggestion???Warnercj7, Welcome to the discussion area!
I guess the AirPort Extreme base station (AEBS) is connected to a modem of some type. It appears that the modem is operating as a router.
You will need to configure the modem/router so that the appropriate ports are forwarded through the modem/router to the web cam. -
Url filtering Route policy Firewall ?
Hello,
I'd like to know if it's possible to make a route policy (based on an identity matched by url white list) that redirect http trafic to a firewall (Juniper SSG550M).
The objectif is to separate traffic depending on url request as professionnal and non professionnal traffic, but Juniper can't be used as Upstream Proxy because it can't be use as a proxy. So, is it possible to create 2 "Direct connection" routing policies and specify 2 différents gateway ?
Or, if you have any other idea to separate traffic depending on url, I take it !
Regards,
Romain.Hi Stella
AFAIK you can do URL filtering provided that you have a websense server installed at your site.
do refer this link for more info on the same..
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008d1f7.html
regds -
When an ISP issues a low grade box it is a router and a firewall. I am looking to take a box like this and put in a 3550. My question is can a 3550 do PPPOE, port forwarding, and Natting. Or would I have to put a PIX in line to do all of this?
use the link below to view the NAT / Catalyst Support Matrix.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a008011c629.shtml
3550 shows no support for NAT(may be added in newer releases so keep an eye out) -
FIOS router - real firewall - AP - FIOS app no worky)
I have Verizon FIOS service with an Actiontech M1434WR router getting the WAN info 192.168.1.1 and giving a wireless SSID. Behind that I have Sonicwall that gets an ip from the ActionTech and feeds desktops and an AP. Also, I have Ipods and Android tablets that pull the ip via the AP and running the Verizon FIOS App to watch television.
Certain parts of the app do not work correctly when the devices go through my AP but when on the FIOS network everything works fine.
Do I need to enable port forwarding in the ActionTech and open ports in my SonicWall fore this to work correctly? If so what?Problems having:
"There are no set-top boxes found"
Before I get into it this does not include all tech support, just some
Well I have been trying to get some kind of work around from Verizon techs and what a disappointment! I have basic triple play with actiontec (M1424WR Rev. E) router & DVR service. I have a iPhone 5 with the fios appt. (It once worked)
I have reached out to tech support, latest as of yesterday and we went thru basic resetting routers and DVR with no luck. And then they reset it thru there end with no luck. So they put another person (tech) to help trouble shoot with no luck and the funny enough while I was on phone with them the call got disconnect! No call back nothing, no email either. Also to let everyone know if not familiar when they do full reset you dont lose recordings but you do lose favorites and you personal setting for DVR. As for router you will be reset to original setting's on router, so you will need to change your admin password and check other setting you might of done. Like wpa which in last months they sent out notices to update setting for more security.
So I guess what needs to be know is there no work around for these issues and the app is that flawed that its not worth having?
Are they coming up with some kind of upgrade to address issues like this?
I have seen in some of forums of similar issues with android phone apps also.
To finish off by time I was done with tech support there was no way to even attempt to use the app as even a remote, I don't know if I mentioned before I called tech support I could still use the remote but not the DVR and TV listings not being available.
somebody help us -
Need Help in Finding out IDS, Firewall, Router, Switch series for Datacenter
Hii All,
Greetings!!!
Iam workin on project for Datacenter. I need ur help in finding me out the exact Router, Switch, Firewall & IDS series based on my attached complete technical specification.
pls find attched tech info for router, switch, firewall & IDS. Ur early response will be appreciated.
Thanku in advance 4 ur kind cooperation & help.
Looking forward 4 ur prompt response.
Brgds
Arif..For the router/switch I would suggest to evaluate the 6500.
For firewall the ASA5540, 5550 and 5580.
For IDS 42.40, 42.55 and higher.
I hope it helps.
PK -
How to configure listener across firewall and router
I am trying a test to see if the following scenario will work and I am looking for insight because I am not getting anywhere fast....
I have a computer on an internal network running oracle 9iR2. This computer has a web server exposed through a router/firewall with port 80 open. I want to open port 1521 and make the oracle listenser available to someone outside my network. The client only has internet access through their ISP. Basically it would be like hitting the web server over the internet. I am not sure if it is possible to use SQL*Plus to connect to a database server using the name of the router (www.company.com) and have the Oracle database available.I have serious doubts that this will work.This sould working definitely. But this question is more related to networking than DBA.
So this action (and aalso analysis) must be done by somebody who are responsible for (and unsterstand) routing and firewall administration.
This "networking person" (credited as somebody before) must prevent unauthorized access to your DB and also prevent sniffing (for example your 3rd parties will be connected via IPSEC connection). -
Hello,
would you please be so kind to assist me with a problem I have with the Linksys Wireless router's firewall (Linksys WRT110).
Running the firewall test, I am getting this message:
Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
Thank you very much.
Fred
Solved!
Go to Solution.You don't have a problem. You are just using a bad firewall test which gives bad advice. Your router is connected to the internet and it's there regardless whether you answer pings or not. With all those hacked bots available in the internet there is absolutely no need anymore use pings to "locate systems prior to further exploitation".
On the contrary, not responding to pings may attract more traffic in particular because most personal firewalls so throughless filter pings and many other important things and personal firewalls frequently have security vulnerabilities making the making them an interesting target for hackers.
Don't bother filtering pings. -
Internet Edge Router and the Firewall
What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
We want to pull more information from the edge router like netflow. We can use SNMPv3 and ACLs to keep the router secure.
But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
I am running an ASA and a 2821.I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
Getting Netflow from your router doesn't add much more than getting it from your ASA.
If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it. -
If i have my router firewall turned on, is it ok to have my imac firewall turned on aswell?
If i have my router firewall turned on, is it ok to have my imac firewall turned on aswell?
Welcome to the Apple Support Communities
You won't have any problem if you turn on the firewall of your computer while the router's firewall is turned on, so you can do that
Maybe you are looking for
-
Create ADF Task Flow for Human task outside of SOA Composite
Hi, Is there any way you can create ADF Task Flow form (for the task Details to be display in worklistapp) for a Human task out side of the SOA Composite applicaiton?. I know we can create ADF Task flow form for task details based on Human Task in SO
-
Please help I REALLY need.my PC For school Yesterday I turned my Laptop on and it was updating something, I don't know what itthe update is for but sometimes it says it is in the process of updating, I haven't had any problems before with it, but the
-
Difference between nio-file-manager and nio-memory-manager
Hi, what's the difference between nio-file-manager and nio-memory-manager? The documentation doesn't really discuss the differences as far as I know. They both use nio to store memory-mapped files don't they? What are the advantages/disadvantages of
-
Create a test and development environment : only one CMS running
Hi, Can anyone tell me how to create a test and Develpment environment for one CMS? I'm running BO XI 3.1 enterprise edition. Thanks Peter
-
I wanna export a pdf to a job application. How?