What makes a good firewall

I would like to know what makes a good firewall?

The obvious answer is one that stops what you want to stop and allows what you need to allow.

There are many good firewalls on the market. What is best for your organization depends on your needs, such as bandwidth, complexity of the access rules needed, etc.

I personnaly prefer those firewalls that rely on port-blocking along with statefull inspection. While there is nothing inherently wrong with those based on proxies, I have found that some administrators have trouble setting them up correctly and maintaining them.

Flexibility in the rules sets is also a key. If you want to block a particular port from everyone except from a certain IP range, you want to make sure the firewall can do that. Some less capable packages have a port either on or off for everyone.

If your organization is large, you probably want to have multiple interfaces to the firewall, as well. That way you can effectively have different back-end networks served by the same firewall. The firewall should also support different rules sets for those separate networks. If both have to have the same rules set, the multiple interfaces don't do much good from a security standpoint.

This was first published in June 2001

Dig Deeper on Security Resources



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: