Something I often hear/read is that on a network that is connected to a NAT router that there ought to be a firewall between the internet and the NAT router. Personally I'm sceptical, but can anyone give me a reason why that would be desirable?
Thanks.
NAT is a method of Routing traffic, from one network to another. In the case of these home/residential grade devices they offer a method to take
1 IP (public) and allow MANY nodes (LAN/Private) to share it.A firewall may or may not implement NAT, and certainly doesn't have to do a 1:MANY solution, and could be completely transparent.
Many firewalls have additional firewall features that allow them to determine if (say you have a HTTP rule) TCP port 80 is being used for HTTP communications or some other communications and block the "some other". Many firewalls have features to inspect the traffic and remove malformed content or undesired content from the session.
A firewall can detect attacks and block them properly.
A firewall can block ranges of ports in and out of your network.
A firewall often allows for Branch Office VPN setups between locations.
The biggest difference between a firewall and a NAT Router is that the Firewall will block outbound connections and a NAT Router often has no method to block outbound or has limited ability to block outbound - in addition to the larger ability to detect attacks and block them.
Brian,
I would say the most important thing here is a good router, and not the kind that many ISPs give thier customers. I call these cheapo routers Bob=B4s Router because sometimes its hard to know who made them. Researchers find holes in these kinds of routers and so when a bad guy owns your router.....it's game over. In a most situations the router faces the world and the firewall sits behind it, hence the importance of having a solid router.
Later,
Lyle
Thank you.
Thanks Lyle.
As it happens I've only just recently ordered a replacement router for our office for the one the ISP provided. (Mostly because the current one restricts us on VPN.)
I would say the most important thing here is a good router, and not the kind that many ISPs give thier customers. I call these cheapo routers Bob´s Router because sometimes its hard to know who made them. Researchers find holes in these kinds of routers and so when a bad guy owns your router.....it's game over. In a most situations the router faces the world and the firewall sits behind it, hence the importance of having a solid router.
Later,
Lyle
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.