This article needs additional citations for verification .(July 2023) |
This is a comparison of firewalls.
Firewall | License | Cost | OS |
---|---|---|---|
Clavister | Proprietary | Included on all Clavister NGFWs | Proprietary operating system cOS Core |
Check Point | Proprietary | Included on Check Point security gateways | Proprietary operating system Check Point IPSO and Gaia (Linux-based) |
FortiGate | Proprietary | Included on all Fortigate devices | Proprietary, FortiOS, Based on the Linux kernel |
Palo Alto Networks | Proprietary | Included on Palo Alto Networks firewalls | Proprietary, PAN-OS, Based on the Linux kernel |
Sophos | Proprietary | Included on Sophos UTM | Linux-based appliance |
Cisco Firepower | Proprietary | Included on newer CISCO ASA devices which support the Firepower services module or Firepower Threat Defense | Proprietary operating system. Based on the Linux kernel. |
Cisco PIX | Proprietary | Included on all CISCO PIX devices | Proprietary operating system |
Juniper SSG | Proprietary | Included on Netscreen security gateways | Proprietary operating system ScreenOS |
Juniper SRX | Proprietary | Included on SRX security gateways | Proprietary operating system Junos |
SonicWall | Proprietary | Included on Dell appliance | Proprietary operating system SonicOS Based on the Linux kernel |
Barracuda Firewall | Proprietary | Included Firewall Next Generation appliance | Windows-based appliance embedded firewall distribution |
Cyberoam | Proprietary | Included Firewall Sophos appliance | Windows-based appliance embedded firewall distribution |
D-Link | Proprietary | Included Firewall DFL | Windows-based appliance embedded firewall distribution |
Endian Firewall | Proprietary | Free / Paid | Linux-based appliance |
Forcepoint NGFW | Proprietary | Included on all Forcepoint NGFW devices | Proprietary operating system |
OPNsense | Simplified BSD / FreeBSD License | Free / Paid | FreeBSD-based appliance firewall distribution |
pfSense | Apache 2.0 / Proprietary (Plus) | Free / Paid | FreeBSD-based appliance firewall distribution |
Zeroshell | GPL | Free / Paid | Linux/NanoBSD-based appliance firewall distribution |
SmoothWall | GPL | Free / Paid | Linux-based appliance embedded firewall distribution |
IPFire | GPL | Free (Donations welcomed) | Linux-based appliance embedded firewall distribution |
WatchGuard | Proprietary | Included on all Firebox devices | Proprietary, Fireware OS, Based on the Linux kernel |
WinGate | Proprietary | Free / Paid | Windows-based appliance embedded firewall distribution |
Can Target: | Changing default policy to accept/reject (by issuing a single rule) | IP destination address(es) | IP source address(es) | TCP/UDP destination port(s) | TCP/UDP source port(s) | Ethernet MAC destination address | Ethernet MAC source address | Inbound firewall (ingress) | Outbound firewall (egress) |
---|---|---|---|---|---|---|---|---|---|
Trend Micro Internet Security | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes |
Vyatta | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes |
Windows XP Firewall | No | No | Yes | Partial [a] | No | No | No | Yes | No |
Windows Vista Firewall | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes |
Windows 7 / Windows 2008 R2 Firewall | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes |
WinGate | Yes | Yes | Yes | Yes | Yes | No | No | No | Yes |
Zeroshell | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Zorp | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No |
pfSense | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes |
IPFire | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Can: | work at OSI Layer 4 (stateful firewall) | work at OSI Layer 7 (application inspection) | Change TTL? (Transparent to traceroute) | Configure REJECT-with answer | DMZ (de-militarized zone) | Filter according to time of day (quota) | Redirect TCP/UDP ports (port forwarding) | Redirect IP addresses (forwarding) | Filter according to User Authorization | Traffic rate-limit / QoS | Tarpit | Log |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Sidewinder | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
WinGate | Yes | Yes | Yes | No | Yes | Yes | Yes | No | Yes | Yes | No | Yes |
Zeroshell | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
OPNsense | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
pfSense | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
IPFire | Yes | Yes | ? | No | Yes | Yes | Yes | Yes | ? | Yes | No | Yes |
Features: | Configuration: GUI, text or both modes? | Remote Access: Web (HTTP), Telnet, SSH, RDP, Serial COM RS232, ... | Change rules without requiring restart? | Ability to centrally manage all firewalls together |
---|---|---|---|---|
WinGate | GUI | Proprietary user interface | Yes | — |
ClearOS | both | RS232, SSH, WebConfig, | Yes | Yes with ClearDNS |
Zeroshell | GUI | SSH, Web (HTTPS), RS232 | Yes | No |
OPNsense | both | SSH, Web (HTTP/HTTPS), RS232 | Yes | No |
pfSense | both | SSH, Web (HTTP/HTTPS), RS232 | Yes | No |
IPFire | both | SSH, Web (HTTPS), RS232 | Yes | No |
Features: | Modularity: supports third-party modules to extend functionality? | IPS : Intrusion prevention system | Open-Source License? | supports IPv6? | Class: Home / Professional | Operating Systems on which it runs? |
---|---|---|---|---|---|---|
Vyatta | Yes | Yes | Yes | Yes | Professional | Vyatta OS (built on Debian) |
WinGate | Yes [a] | ? | No | No | Professional | Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008. 32bit and 64bit. |
OPNsense | Yes | Yes, with Snort and Suricata (modules) | Yes | Yes | Both | FreeBSD/NanoBSD-based appliance |
pfSense | Yes | Yes, with Snort and Suricata (modules) | Yes | Yes | Both | FreeBSD/NanoBSD-based appliance |
IPFire | Yes | Yes, with Suricata | Yes | Yes (manual setup needed) | Both | Linux (based on Linux From Scratch) |
These are not strictly firewall features, but are sometimes bundled with firewall software or appliance. Features are also marked "yes" if an external module can be installed that meets the criteria.
Can: | NAT [a] | NAT64, NPTv6 | Intrusion Detection System (IDS) [b] | Virtual Private Network (VPN) [c] | Antivirus (AV) | Packet capture | Profile selection [d] |
---|---|---|---|---|---|---|---|
Vyatta | Yes (three NAT types) | ? | Yes (integrated Snort) | Yes (IPsec and OpenVPN) | Yes (with clamav, Sophos Antivirus (optional)) | Yes (with wireshark or tcpdump) | ? |
WinGate | Yes | ? | Yes (with NetPatrol) | Yes (proprietary) | Yes (Kaspersky Labs) | Yes (filtered capturing to pcap format) | No |
OPNsense | Yes | Yes (NPt) | Yes (integrated Suricata) | Yes (WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP) | Yes (with squid and clamav) | Yes (tcpdump) | No |
pfSense | Yes | Yes (NPt) | Yes (with Snort) | Yes (WireGuard, OpenVPN, IPsec, L2TP, IKEv2, Tinc, PPTP) | Yes (with squid and clamav) | Yes (tcpdump) | No |
IPFire | Yes | ? | Yes (with Suricata) | Yes (OpenVPN, IPsec, IKEv2) | Yes (with squid and clamav) | Yes (tcpdump) | No |
A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.
ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package made by the Slovak company ESET. ESET NOD32 Antivirus is sold in two editions, Home Edition and Business Edition. The Business Edition packages add ESET Remote Administrator allowing for server deployment and management, mirroring of threat signature database updates and the ability to install on Microsoft Windows Server operating systems.
Microsoft Defender Antivirus is an antivirus software component of Microsoft Windows. It was first released as a downloadable free anti-spyware program for Windows XP and was shipped with Windows Vista and Windows 7. It has evolved into a full antivirus program, replacing Microsoft Security Essentials in Windows 8 or later versions.
Norton Internet Security, developed by Symantec Corporation, is a discontinued computer program that provides malware protection and removal during a subscription period. It uses signatures and heuristics to identify viruses. Other features include a personal firewall, email spam filtering, and phishing protection. With the release of the 2015 line in summer 2014, Symantec officially retired Norton Internet Security after 14 years as the chief Norton product. It was superseded by Norton Security, a rechristened adaptation of the original Norton 360 security suite. The suite was once again rebranded to Norton 360 in 2019.
Norton Personal Firewall, developed by Symantec, is a discontinued personal firewall with ad blocking, program control and privacy protection capabilities.
Windows Firewall is a firewall component of Microsoft Windows. It was first included in Windows XP SP2 and Windows Server 2003 SP1. Before the release of Windows XP Service Pack 2, it was known as the "Internet Connection Firewall."
ZoneAlarm is an internet security software company that provides consumer antivirus and firewall products. ZoneAlarm was developed by Zone Labs, whose CEOs were Kevin Nickel, Mouad Abid and Shahin and the Company was acquired in March 2004 by Check Point. ZoneAlarm's firewall security products include an inbound intrusion detection system, as well as the ability to control which programs can open outbound connections.
McAfee VirusScan is an antivirus software created and maintained by McAfee. Originally marketed as a standalone product, it has been bundled with McAfee LiveSafe, McAfee AntiVirus Plus, McAfee Total Protection and McAfee Gamer Security since 2010. McAfee LiveSafe is antivirus protection that defends against viruses, online threats, and ransomware with online and offline protection integrates antivirus, firewall and anti-spyware/anti-ransomware capabilities.
In 2006, British telecom company BSkyB started offering Sky Broadband customers a branded version of VirusScan for free upon broadband modem installation.
Outpost Firewall Pro is a discontinued personal firewall developed by Agnitum.
Security and Maintenance is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.
Kaspersky Anti-Virus is a proprietary antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.
Kaspersky Internet Security is a internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.
Comodo Internet Security (CIS) is developed and distributed by Comodo Group, a freemium Internet security suite that includes an antivirus program, personal firewall, sandbox, host-based intrusion prevention system (HIPS) and website filtering.
Multiscanning is running multiple anti-malware or antivirus engines concurrently. Traditionally, only a single engine can actively scan a system at a given time. Using multiple engines simultaneously can result in conflicts that lead to system freezes and application failures. However, a number of security applications and application suites have optimized multiple engines to work together.
Trend Micro Internet Security is an antivirus and online security program developed by Trend Micro for the consumer market. According to NSS Lab comparative analysis of software products for this market in 2014, Trend Micro Internet Security was fastest in responding to new internet threats, but as of June 2024 based on the chat support there is no known mechanism as with Microsoft Defender Antivirus to submit false positives like "Incorrectly detected as malware/malicious" or "Incorrectly detected as PUA " which may point to cutting corners and be the cause of application mislabeling e.g. as ransomware, while the mechanism for detecting real threats is not specified.
Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.
Avast Antivirus is a family of cross-platform internet security applications developed by Avast for Microsoft Windows, macOS, Android, and iOS. Avast offers free and paid products that provide computer security, browser security, antivirus software, firewall, anti-phishing, antispyware, and anti-spam, among other services.
A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a conventional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS-encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection, third-party identity management integration, and SSL decryption
Endian Firewall is an open-source router, firewall and gateway security Linux distribution developed by the South Tyrolean company Endian. The product is available as either free software, commercial software with guaranteed support services, or as a hardware appliance.