When operating a network, is it safe to forego firewall software on the second machine and rely on the Internet-facing machine firewall?

    Requires Free Membership to View

While you might be safe using a single firewall, this is generally frowned upon within the security community because it fails to implement the "defense-in-depth" strategy. By eliminating your software firewall, the Internet-facing firewall is the only device protecting your network. If something happens to that firewall (a malfunction, misconfiguration, compromise, etc.), you don't have any fallback.

Given the fact that most operating systems come with free integrated firewalls, there's no reason to disable your host-based firewalls. I'd strongly encourage you to leave them turned on at all times.


  • Learn how to design and implement a firewall solution.
  • Learn why firewalls are essential to any network security strategy.
  • This was first published in July 2006

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: