4 Replies Latest reply on Jun 29, 2009 7:25 AM by synapsemedia

    firewalls, routers vs local firewalls




      Yes I realise this has nothing to do with adobe products but I thought this would be a good place to ask as there appears to be many most knowledgeable gentlemen on this forum.


      If you are using a router with a built in firewall (which i believe most of them have) is there any point in having a local firewall on the computer? eg windows firewall or zonealarm or live onecare etc??


      do they work together, do they both do different things? is it safe to turn off the windows firewall if the router firewall is on


      questions, questions...






      p.s. I figure if this is answered there would be many other people on this forum who would benefit from the extra knowledge

        • 1. Re: firewalls, routers vs local firewalls
          Mylenium Most Valuable Participant

          desertfilm_interactive wrote:


          is it safe to turn off the windows firewall if the router firewall is on


          Generally there is no harm in leaving the operating system's firewall in place. It does not interfere with most daily operations, so you will not notice and there is no performance hit. The real issue underlying your question is, how reliable your router's software actually is and how strict a regimen you have established. If you get my meaning: The best firewall is of no use, if it's not password protected or all the ports are open. That's really what it boils down to. If you are constantly streaming torrents, run your own webserver, use chat applications, skype, play online games and so on, you will be required to open up additional ports on your router and since this is usually a rigid thing, they are either open or closed based on your configuration. After a while you may simply forget that you opened a specific port even if you no longer use it, and *eeek*, you have another potential weak point. Also do not forget, that those firewalls really only prevent you from network stuff - all they ever see, is already encoded packets. They have no concept from which local service those packets may have originated and with what program they are associated. Should you ever be so unlucky, that would also include any malware, that otherwise a local virus scanner or firewall may be able to suppress based on behavioral analysis. There is also any number of secondary not-so-good network behaviors, that in themselves are not malicious, but may serve as an entry point for baddies. Things like port scans or pings are normal, but in there nature can be used to detect gaps in your security. Likewise, short package attacks, packet injection or simply damaged frames (in the networking sense of frames) in the data stream may simply make the network app or your system crash, so it's actually good if they get filtered by a local firewall. One last thing in favor of a third-party software firewall: most of them also offer web protection by supressing pop-ups, filtering JavaScript and advertising. some sites are so much nicer without all this banner bling-bling....



          • 2. Re: firewalls, routers vs local firewalls
            synapsemedia Level 1

            Hey Mylenium


            Thanks for the excellent response.


            The reason why I ask is because I have been suffering from incredibly slow network transfer speeds across my network of 4 computers (3 vista and windows home server) my whole network including the switch is all gigabit capable but i never got more that 6 megabytes per second transfer speeds. my friend pascale visited me yesterday for a nice BBQ and I mentioned to him my vexing problem with my network. being a computer guru he had a look at my pc's and clicked around here and there, switched off a whole bunch of services etc on windows home server including the firewall and voila my transfer speeds jumped to 50 megabytes per second (still not fast enough but a helluva lot better) I asked him if he knew what was wrong and he said he wasnt sure but that he switched of all unnecessary stuff. I was a bit worried about the fact that he had switched of windows firewall (on windows home server) and I asked him if that would expose me to problems from the internet as the server runs constantly and is connected to the net. he said not to worry because my router had a built in firewall. Even though he knows WAY more than I do about networking it left me with a gnawing, nagging feeling in the back of my mind so I thought I would ask on this forum. 


            I use pretty much all the services you mentioned, msn, skype ftp uploads via dreamweaver etc. i think i may just turn on the windows firewall again. can firewalls slow down network speeds??




            Angus Farquharson

            DesertFilm Interactive



            mobile: 0619 570 118

            Dorpsstraat 523

            Assendelft 1566BL

            The Netherlands

            landline: (uk) 00442081239665

            • 3. Re: firewalls, routers vs local firewalls
              Mylenium Most Valuable Participant

              desertfilm_interactive wrote:


              can firewalls slow down network speeds?


              A tiny bit, but not as severe as your description sounds. A firewall will normally introduce about 6-10 ms delay, but not affect the actual throughput. Only very sophisticated firewalls that do very deep packet inspection and use quarantine procedures (they intentionally delay packets for a few more miliseconds und use additional handshake operations to "ask" the next gateway/ network interface whether it wants to accept certain packets) will notably slow down things, but you would exclude your internal sub-net from such firewalls anyway and only have them as external access points. Performance-wise, the Windows Firewall takes almost no processing power. According to MS it consumes about 3% CPU time per clock cycle, but that is so low, you really don't notice it. Also, the default firewall is a passive one, meaning in itself it does not initiate additional network traffic, opens no ports or closes them. It merely watches and blocks, if something suspicious comes up. Anyway, it seems like your friend has managed to straighten things out. 50MB per second sounds about right, when you do the rough math --> 1000MBit/8 = 120MB minus precision tolerance, minus overhead, minus network protocol layers, minus signal fading, minus losses caused by network collisions etc.. I'd have to look it up, but at best you could arrive at something like 103 MB or so, but that is under ideal conditions with short cables. Also be aware, that your router may throttle down bandwidth based on some of the mentioned parameters and prioritize bandwidth allocation based on availability and stability of a connection. And lastly, of course, depending on what model you have, it may generally only offer full bandwidth on one of its ports, but always run the otehrs with reduced rates.



              • 4. Re: firewalls, routers vs local firewalls
                synapsemedia Level 1

                Hey mylenium


                Once again thanks for all the info. I will take a bit of time to digest all of this ....