Comparison of firewalls

Last updated

This is a comparison of firewalls.

Software firewalls

Firewall License Cost and usage limits OS
Avast Internet Security Proprietary Paid Windows
Comodo Internet Security Proprietary Trialware [a] Windows
G Data Internet Security Proprietary Paid [1] Windows
Intego VirusBarrier Proprietary Paid macOS on an Xserve
IPFilter GPLv2 Free UNIX-like
ipfirewall BSD Free *BSD
Kaspersky Internet Security Proprietary Trialware Windows
Lavasoft Personal Firewall Proprietary Paid Windows
Microsoft Forefront Threat
Management Gateway
Proprietary Discontinued Windows
Netfilter GPL Free Linux
NetLimiter Proprietary Paid Windows
nftables GPL Free Linux
Norton 360 Proprietary Paid Windows
NPF BSD Free NetBSD
PF BSD Free *BSD
Online Armor Personal Firewall Proprietary Discontinued Windows
Outpost Firewall Pro Proprietary Discontinued Windows
PC Tools Firewall Plus Proprietary Discontinued Windows
PeerBlock GPL Free Windows
Shorewall GPL Free Linux
Sygate Personal Firewall Proprietary Discontinued Windows
Windows Firewall Proprietary Included with Windows
XP SP2 and later
Windows
ZoneAlarm Proprietary Freemium Windows
Notes
  1. It was freemium until 2019

Appliance firewalls

Firewall License Cost OS
Clavister Proprietary Included on all Clavister
NGFWs
Proprietary operating system cOS Core
Check Point Proprietary Included on Check Point
security gateways
Proprietary operating system Check Point IPSO
and Gaia (Linux-based)
FortiGate Proprietary Included on all Fortigate
devices
Proprietary, FortiOS,

Based on the Linux kernel

Palo Alto Networks Proprietary Included on Palo Alto
Networks firewalls
Proprietary, PAN-OS,

Based on the Linux kernel

Sophos Proprietary Included on Sophos UTM Linux-based appliance
Cisco Firepower Proprietary Included on newer CISCO
ASA devices which support
the Firepower services
module or Firepower
Threat Defense
Proprietary operating system.

Based on the Linux kernel.

Cisco PIX Proprietary Included on all CISCO
PIX devices
Proprietary operating system
Juniper SSG Proprietary Included on Netscreen
security gateways
Proprietary operating system ScreenOS
Juniper SRX Proprietary Included on SRX
security gateways
Proprietary operating system Junos
SonicWall Proprietary Included on Dell applianceProprietary operating system SonicOS

Based on the Linux kernel

Barracuda Firewall Proprietary Included Firewall Next Generation appliance Windows-based appliance
embedded firewall distribution
Cyberoam Proprietary Included Firewall Sophos appliance Windows-based appliance
embedded firewall distribution
D-Link Proprietary Included Firewall DFL Windows-based appliance
embedded firewall distribution
Endian Firewall Proprietary Free / Paid Linux-based appliance
Forcepoint NGFW Proprietary Included on all Forcepoint NGFW devicesProprietary operating system
OPNsense Simplified BSD / FreeBSD License Free / Paid FreeBSD-based appliance
firewall distribution
pfSense Apache 2.0 / Proprietary (Plus)Free / Paid FreeBSD-based appliance
firewall distribution
Zeroshell GPL Free / Paid Linux/NanoBSD-based appliance
firewall distribution
SmoothWall GPL Free / Paid Linux-based appliance
embedded firewall distribution
IPFire GPL Free (Donations welcomed) Linux-based appliance
embedded firewall distribution
WatchGuard Proprietary Included on all Firebox devicesProprietary, Fireware OS,

Based on the Linux kernel

WinGate Proprietary Free / Paid Windows-based appliance
embedded firewall distribution

Appliance-UTM filtering features comparison

Can Target:Changing default policy to accept/reject (by issuing a single rule)IP destination address(es)IP source address(es)TCP/UDP destination port(s)TCP/UDP source port(s)Ethernet MAC destination addressEthernet MAC source addressInbound firewall (ingress)Outbound firewall (egress)
Trend Micro Internet Security YesYesYesYesYesNoNoYesYes
Vyatta YesYesYesYesYesYesNoNoYes
Windows XP Firewall NoNoYesPartial [a] NoNoNoYesNo
Windows Vista Firewall YesYesYesYesYesNoNoYesYes
Windows 7 /
Windows 2008 R2
Firewall
YesYesYesYesNoNoYesYesYes
WinGate YesYesYesYesYesNoNoNoYes
Zeroshell YesYesYesYesYesYesYesYesYes
Zorp YesYesYesYesYesYesNoNoNo
pfSense YesYesYesYesYesNoNoYesYes
IPFire YesYesYesYesYesYesYesYesYes
Notes
  1. can target only single destination TCP/UDP port per rule, not port ranges.

Advanced features comparison

Can:work at OSI Layer 4 (stateful firewall)work at OSI Layer 7 (application inspection)Change TTL? (Transparent to traceroute)Configure REJECT-with answerDMZ (de-militarized zone)Filter according to time of day (quota)Redirect TCP/UDP ports (port forwarding)Redirect IP addresses (forwarding)Filter according to User AuthorizationTraffic rate-limit / QoSTarpitLog
Sidewinder YesYesYesYesYesYesYesYesYesYesYesYes
WinGate YesYesYesNoYesYesYesNoYesYesNoYes
Zeroshell YesYesNoYesYesYesYesYesYesYesNoYes
OPNsense YesYesNoYesYesYesYesYesYesYesNoYes
pfSense YesYesNoYesYesYesYesYesYesYesNoYes
IPFire YesYes ?NoYesYesYesYes ?YesNoYes
Features:Configuration: GUI, text or both modes?Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ...Change rules without requiring restart?Ability to centrally manage all firewalls together
WinGate GUIProprietary user interfaceYes
ClearOS bothRS232, SSH, WebConfig,YesYes with ClearDNS
Zeroshell GUISSH, Web (HTTPS), RS232YesNo
OPNsense bothSSH, Web (HTTP/HTTPS), RS232YesNo
pfSense bothSSH, Web (HTTP/HTTPS), RS232YesNo
IPFire bothSSH, Web (HTTPS), RS232YesNo

Miscellany comparison

Features:Modularity: supports third-party modules to extend functionality?IPS : Intrusion prevention system Open-Source License?supports IPv6?Class: Home / ProfessionalOperating Systems on which it runs?
Vyatta YesYesYesYesProfessionalVyatta OS (built on Debian)
WinGate Yes [a]  ?NoNoProfessionalWindows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008. 32bit and 64bit.
OPNsense YesYes, with Snort and Suricata (modules)YesYesBothFreeBSD/NanoBSD-based appliance
pfSense YesYes, with Snort and Suricata (modules)YesYesBothFreeBSD/NanoBSD-based appliance
IPFire YesYes, with SuricataYesYes (manual setup needed)BothLinux (based on Linux From Scratch)
Notes
  1. WinGate 6.x supports 3rd party modules for data scanning only (e.g. antivirus and content filtering).

Non-Firewall features comparison

These are not strictly firewall features, but are sometimes bundled with firewall software or appliance. Features are also marked "yes" if an external module can be installed that meets the criteria.

Contents

Can: NAT [a] NAT64, NPTv6 Intrusion Detection System (IDS) [b] Virtual Private Network (VPN) [c] Antivirus (AV) Packet capture Profile selection [d]
Vyatta Yes (three NAT types) ?Yes (integrated Snort)Yes (IPsec and OpenVPN)Yes (with clamav, Sophos Antivirus (optional))Yes (with wireshark or tcpdump) ?
WinGate Yes ?Yes (with NetPatrol)Yes (proprietary)Yes (Kaspersky Labs)Yes (filtered capturing to pcap format)No
OPNsense YesYes (NPt)Yes (integrated Suricata)Yes (WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP)Yes (with squid and clamav)Yes (tcpdump)No
pfSense YesYes (NPt)Yes (with Snort)Yes (WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP)Yes (with squid and clamav)Yes (tcpdump)No
IPFire Yes ?Yes (with Suricata)Yes (OpenVPN, IPsec, IKEv2)Yes (with squid and clamav)Yes (tcpdump)No
Notes
  1. static, dynamic w/o ports, PAT
  2. monitors for malicious activity or policy violations
  3. types include: PPTP, L2TP, MPLS, IPsec, SSL
  4. store sets of firewall settings to switch between

See also

Related Research Articles

<span class="mw-page-title-main">Personal firewall</span>

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">ESET NOD32</span> Computer protection software

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.

<span class="mw-page-title-main">Microsoft Defender Antivirus</span> Anti-malware software

Microsoft Defender Antivirus is an antivirus software component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.

Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to Norton 360 in 2019.

<span class="mw-page-title-main">Norton Personal Firewall</span>

Norton Personal Firewall, developed by Symantec, is a discontinued personal firewall with ad blocking, program control and privacy protection capabilities.

<span class="mw-page-title-main">Windows Firewall</span> Firewall software for Windows

Windows Firewall is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."

ZoneAlarm is an internet security software company that provides consumer antivirus and firewall products. ZoneAlarm was developed by Zone Labs, whose CEOs were Kevin Nickel, Mouad Abid and Shahin and the Company was acquired in March 2004 by Check Point. ZoneAlarm's firewall security products include an inbound intrusion detection system, as well as the ability to control which programs can open outbound connections.

<span class="mw-page-title-main">McAfee VirusScan</span> Antivirus software

McAfee VirusScan is an antivirus software created and maintained by McAfee. Originally marketed as a standalone product, it has been bundled with McAfee LiveSafe, McAfee AntiVirus Plus, McAfee Total Protection and McAfee Gamer Security since 2010. McAfee LiveSafe is antivirus protection that defends against viruses, online threats, and ransomware with online and offline protection integrates antivirus, firewall and anti-spyware/anti-ransomware capabilities.
In 2006, British telecom company BSkyB started offering Sky Broadband customers a branded version of VirusScan for free upon broadband modem installation.

Outpost Firewall Pro is a discontinued personal firewall developed by Agnitum.

<span class="mw-page-title-main">Security and Maintenance</span> Microsoft Windows software

Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.

<span class="mw-page-title-main">Kaspersky Anti-Virus</span> Antivirus solution

Kaspersky Anti-Virus is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.

<span class="mw-page-title-main">Kaspersky Internet Security</span> Internet security suite developed by Kaspersky Lab

Kaspersky Internet Security is a internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.

<span class="mw-page-title-main">Comodo Internet Security</span> Internet security software suite

Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filtering.

Multiscanning is running multiple anti-malware or antivirus engines concurrently. Traditionally, only a single engine can actively scan a system at a given time. Using multiple engines simultaneously can result in conflicts that lead to system freezes and application failures. However, a number of security applications and application suites have optimized multiple engines to work together.

<span class="mw-page-title-main">Trend Micro Internet Security</span> Antivirus and online security software

Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

<span class="mw-page-title-main">Avast Antivirus</span> Antivirus computer program

Avast Antivirus is a family of cross-platform internet security applications developed by Avast for Microsoft Windows, macOS, Android, and iOS. Avast offers free and paid products that provide computer security, browser security, antivirus software, firewall, anti-phishing, antispyware, and anti-spam, among other services.

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a conventional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS-encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, third-party identity management integration, and SSL decryption

<span class="mw-page-title-main">Endian Firewall</span> Linux distribution

Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance.

References

  1. AG, G. DATA CyberDefense (2022-12-23). "Internet Security – strong online protection for all of your devices". gdata-software.com. Retrieved 2023-07-10.