A hardware firewall is a physical filtering component that inspects data packets from the network before they reach computers and other devices on a network. A hardware firewall is a freestanding unit that does not use the resources of the computers it is protecting, so there is no impact on processing performance. The firewall can be configured to block multiple individual ports, a range of ports, or even traffic specific to an application. The Linksys E2500 wireless router is also a hardware firewall.
A hardware firewall passes two different types of traffic into your network:
- Responses to traffic that originates from inside your network
- Traffic destined for a port that you have intentionally left open
There are several types of hardware firewall configurations:
- Packet filter - Packets cannot pass through the firewall, unless they match the established rule set configured in the firewall. Traffic can be filtered based on different attributes, such as source IP address, source port or destination IP address or port. Traffic can also be filtered based on destination services or protocols such as WWW or FTP.
- Stateful packet inspection - This is a firewall that keeps track of the state of network connections traveling through the firewall. Packets that are not part of a known connection are dropped.
- Application layer - All packets traveling to or from an application are intercepted. All unwanted outside traffic is prevented from reaching protected devices.
- Proxy - This is a firewall installed on a proxy server that inspects all traffic and allows or denies packets based on configured rules. A proxy server is a server that is a relay between a client and a destination server on the Internet.
Hardware and software firewalls protect data and equipment on a network from unauthorized access. A firewall should be used in addition to security software. Figure 1 compares hardware and software firewalls.
To configure hardware firewall settings on the Linksys E2500, as shown in Figure 2, use the following path:
Security > Firewall > select Enable for SPI Firewall Protection. Then select other Internet filters and web filters required to secure the network. Click Save Settings > Continue
NOTE: Even on a secure network, you should enable the internal operating system firewall for additional security. Some applications may not operate properly unless the firewall is configured correctly for them.
A DMZ is a subnetwork that provides services to an untrusted network. An email, web, or FTP server is often placed into the DMZ so that the traffic using the server does not come inside the local network. This protects the internal network from attacks by this traffic, but does not protect the servers in the DMZ in any way. It is common for a firewall or proxy to manage traffic to and from the DMZ.
On the Linksys E2500, you can create a DMZ for one device by forwarding all traffic ports from the Internet to a specific IP address or MAC address. A server, game machine, or web camera can be in the DMZ so that the device can be accessed by anyone. The device in the DMZ however is exposed to attacks from hackers on the Internet.