ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Routers Vs. Firewall

    Scheduled Pinned Locked Moved IT Discussion
    routersfirewalls
    66 Posts 10 Posters 7.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Kelly
      last edited by

      @kelly said in Routers Vs. Firewall:

      On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.

      The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.

      So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.

      KellyK 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Kelly
        last edited by

        @kelly said in Routers Vs. Firewall:

        In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive.

        It's a bit different. A hard drive is a necessary component to make up a computer. You can buy a hard drive that isn't a computer. A computer can have many hard drives. It seems similar, but it's actually quite different as an analogy goes. A hard drive is part of what makes something a computer rather than a function that a computer performs.

        It's more like calling a computer a data storage device, because it contains a hard drive. A computer is definitely a data storage device. It is also a data manipulation device. And a communications device. These are aspects of the computer, not parts of it.

        Routing isn't a part of the firewall or UTM. The three are distinct aspects of the whole. Just like I'm male, American, and 42. I'm all three things. You can't correct someone calling me 42 as being incorrect because I'm ALSO mail and he didn't mention it. That I'm other things doesn't make me not 42.

        Is the SonicWall blue? Yes
        Is the SonicWall networking hardware? Yes.
        Is the SonicWall a router? Yes.
        Is the SonicWall a firewall? Yes.
        Is the SonicWall a UTM? Yes.

        Those things all remain true regardless of additional functionality or aspects being added.

        KellyK 1 Reply Last reply Reply Quote 0
        • KellyK
          Kelly @scottalanmiller
          last edited by

          @scottalanmiller said in Routers Vs. Firewall:

          @kelly said in Routers Vs. Firewall:

          In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive.

          It's a bit different. A hard drive is a necessary component to make up a computer. You can buy a hard drive that isn't a computer. A computer can have many hard drives. It seems similar, but it's actually quite different as an analogy goes. A hard drive is part of what makes something a computer rather than a function that a computer performs.

          It's more like calling a computer a data storage device, because it contains a hard drive. A computer is definitely a data storage device. It is also a data manipulation device. And a communications device. These are aspects of the computer, not parts of it.

          Routing isn't a part of the firewall or UTM. The three are distinct aspects of the whole. Just like I'm male, American, and 42. I'm all three things. You can't correct someone calling me 42 as being incorrect because I'm ALSO mail and he didn't mention it. That I'm other things doesn't make me not 42.

          Is the SonicWall blue? Yes
          Is the SonicWall networking hardware? Yes.
          Is the SonicWall a router? Yes.
          Is the SonicWall a firewall? Yes.
          Is the SonicWall a UTM? Yes.

          Those things all remain true regardless of additional functionality or aspects being added.

          Nothing ruins a good simile like over analyzing it.

          1 Reply Last reply Reply Quote 0
          • KellyK
            Kelly @scottalanmiller
            last edited by

            @scottalanmiller said in Routers Vs. Firewall:

            @kelly said in Routers Vs. Firewall:

            On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.

            The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.

            So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.

            I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Kelly
              last edited by

              @kelly said in Routers Vs. Firewall:

              @scottalanmiller said in Routers Vs. Firewall:

              @kelly said in Routers Vs. Firewall:

              On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.

              The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.

              So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.

              I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.

              Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @scottalanmiller
                last edited by JaredBusch

                @scottalanmiller said in Routers Vs. Firewall:

                @kelly said in Routers Vs. Firewall:

                @scottalanmiller said in Routers Vs. Firewall:

                @kelly said in Routers Vs. Firewall:

                On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.

                The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.

                So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.

                I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.

                Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.

                Except users call computers a hard drive all the time. It is totally common.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @JaredBusch
                  last edited by

                  @jaredbusch said in Routers Vs. Firewall:

                  @scottalanmiller said in Routers Vs. Firewall:

                  @kelly said in Routers Vs. Firewall:

                  @scottalanmiller said in Routers Vs. Firewall:

                  @kelly said in Routers Vs. Firewall:

                  On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.

                  The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.

                  So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.

                  I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.

                  Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.

                  Except users call computers a hard drive all the time. It is totally common.

                  Yes, but THAT is wrong. 🙂

                  1 Reply Last reply Reply Quote 0
                  • C
                    Carnival Boy @JaredBusch
                    last edited by Carnival Boy

                    @jaredbusch said in Routers Vs. Firewall:

                    But a router is never only a router in today's world. Every single router is a router and a firewall.

                    Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa), it just means that the two products are generally interchangeable and indistinguishable in the real world.

                    Saying "Every single router is a router and a firewall." is different from saying "Every single router is a firewall"

                    So I'm kind of with the boss, on a purely abstract, pedantic level. I guess that makes me "sub-intern" :grinning_face_with_smiling_eyes: Oh well, I've been called worse on here.

                    scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Carnival Boy
                      last edited by scottalanmiller

                      @carnival-boy said in Routers Vs. Firewall:

                      So I'm kind of with the boss, on a purely abstract, pedantic level.

                      No, if you are pedantic, the boss is wrong. The more pedantic, the more wrong. A router is a router, no matter what else is added to it, it doesn't stop being a router. The boss isn't "kind of wrong", he's not wrong only technically, he's wrong in every sense. The more semantics, the more pedantic, the more accurate... the more wrong.

                      Like the male and 42. Calling me male isn't wrong just because you didn't mention that I'm 42.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Carnival Boy
                        last edited by

                        @carnival-boy said in Routers Vs. Firewall:

                        Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....

                        In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.

                        KellyK 1 Reply Last reply Reply Quote 0
                        • jmooreJ
                          jmoore
                          last edited by

                          Before I read everything I will include my 2 cents.
                          Technically your definitions look correct.
                          Routing and firewalls are different functions.
                          They can each accomplish the same thing.
                          They will use different methods to do this.
                          Routers almost always have firewalls built in.

                          So any particular device can be either a firewall or router because both functionalities are always in the same box.

                          1 Reply Last reply Reply Quote 0
                          • KellyK
                            Kelly @scottalanmiller
                            last edited by

                            @scottalanmiller said in Routers Vs. Firewall:

                            @carnival-boy said in Routers Vs. Firewall:

                            Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....

                            In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.

                            But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Kelly
                              last edited by

                              @kelly said in Routers Vs. Firewall:

                              But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.

                              Is that true? That gets a bit more murky. If the firewall is there and just wide open, is it not still there? Does a router stop being a router when it loses power? In a sense, yes. But it's not the generally accepted use of the terminology. Something is a router or a firewall because of what it can do, not because of what it is doing at the moment.

                              E.g. I can still call the spare SonicWall on the shelf a router, even when not plugged in and actively routing.

                              1 Reply Last reply Reply Quote 0
                              • 1
                                1337 @Kelly
                                last edited by

                                @kelly
                                Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?

                                KellyK scottalanmillerS 2 Replies Last reply Reply Quote 0
                                • KellyK
                                  Kelly @1337
                                  last edited by

                                  @pete-s said in Routers Vs. Firewall:

                                  @kelly
                                  Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?

                                  It really depends on the breadth of the definition. @scottalanmiller appears to be arguing that if a device has any type of firewall functionality it should be classified as a firewall. I would personally prefer to classify a device by what it does as a primary role in the organization. If the device handles primarily routing then it is a router. If it handles switching primarily it is a switch. If it handles edge protection then it is a firewall.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @1337
                                    last edited by

                                    @pete-s said in Routers Vs. Firewall:

                                    @kelly
                                    Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?

                                    An L3 is a "multi-port" router, that's correct. And it is a switch (presumably.) But I've never heard of an L3 switch / multi-port router that had zero firewall functionality. Again, it can exist. But to the best of my knowledge, none does. It's purely a theoretical case to have an L3 switch without any security mechanisms.

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @Kelly
                                      last edited by

                                      @kelly said in Routers Vs. Firewall:

                                      I would personally prefer to classify a device by what it does as a primary role in the organization. If the device handles primarily routing then it is a router.

                                      In a situation like this, obviously is someone disabled one function or another, it would be pretty clear how it would fit your definition. But once they do both, and essentially all orgs use them for both, how do you quantify "how much" of each task they do since each task is so different?

                                      Is the ocean more wet or more blue? You can't compare a quantity of wet to a quantity of a colour. Just as a quantity of routing (measured in routes, packets, etc.?) can't be compared against a quantity of firewall rules. They simply aren't comparable.

                                      But even then, under this definition, a product could never be sold as a router, firewall, or UTM. They'd all have to be sold as "mysterious boxes, to be discovered when used" as you couldn't call it anything, as there is no generic term for a blank box of that nature, until you were able to determine its primary role. And if it heavily did many things, you'd run into problems.

                                      ......

                                      1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        Imagine how "only the primary function" rule would apply....

                                        Auditor: "We require that your network be firewalled, do you firewall your traffic?"
                                        IT: "Yes, we do."
                                        Auditor: "Okay, good, show me your firewall."
                                        IT: "We don't have a firewall."

                                        You'd have your business unable to use basic terms, because by combining things, and not being able to call it by a non-primary identity, you loose the ability to claim that you have that identity.

                                        Because while they are "roles", they are also identities. Like male and 42. I'm 100% male and 100% 42. You can't measure an amount of one versus the other. Nor does being one stop me being the other, in any way.

                                        1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Think of the physical device that does routing, firewalling, UTM, etc. as a "network server." Now treat it like any other server. If you put AD and File Services on a single VM, you don't start saying you don't have AD just because the VM is used for file services "more often" than it is used for AD. You say you have an AD server and a file server. They are just the same VM.

                                          Likewise, put a router VM onto a server. How do the rules of "primary use" affect that VM, the host that runs that VM, etc.

                                          1 Reply Last reply Reply Quote 2
                                          • KellyK
                                            Kelly
                                            last edited by

                                            You went pretty fast up the hyperbole chain there @scottalanmiller. I don't think this discussion is helpful to continue with the ways you're choosing to discuss things.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post