Routers Vs. Firewall
-
What do systems like VyOS and pfSense/OPNsense be considered as? VyOS makes sense to be called a router.
But what about pfSense/OPNsense? -
@black3dynamite said in Routers Vs. Firewall:
What do systems like VyOS and pfSense/OPNsense be considered as? VyOS makes sense to be called a router.
But what about pfSense/OPNsense?VyOS is a router/firewall. Period.
pfSense is a router/firewall that lets you easily add on UTM functions. Once you do that, it is a UTM.
I have never used OPNsense.
-
VyOS runs on Debian, so you can obviously turn it into a pseudo UTM, but it is not all in a single GUI like pfSense.
-
@jaredbusch said in Routers Vs. Firewall:
@wrcombs said in Routers Vs. Firewall:
@jaredbusch said in Routers Vs. Firewall:
Yeah, a SonicWall is not a router or a firewall. It is a UTM. A shitty one btw. This is a totally different concept than a router or a firewall.
A UTM contains a firewall, router, IPS, IDS, endpoint antivirus, etc.
So we were both wrong? LOL
More or less. But in your defense, the terms router and firewall are perfectly interchangeable.
The subsequent argument is fucking stupid, and from how it was presented here, reinforces how sorry I feel for you.
The argument started because I made a statement, and It wasn't just my direct boss. The service manager also jumped in and was telling me i was wrong (basically)
-
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets. On a practical level you cannot buy a pure router, and a pure firewall blackbox is so rare as to be nonexistent. In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive. You're correctly identifying one element of its purpose, but it is too narrow an identification to be accurate.
-
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
-
@kelly said in Routers Vs. Firewall:
In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive.
It's a bit different. A hard drive is a necessary component to make up a computer. You can buy a hard drive that isn't a computer. A computer can have many hard drives. It seems similar, but it's actually quite different as an analogy goes. A hard drive is part of what makes something a computer rather than a function that a computer performs.
It's more like calling a computer a data storage device, because it contains a hard drive. A computer is definitely a data storage device. It is also a data manipulation device. And a communications device. These are aspects of the computer, not parts of it.
Routing isn't a part of the firewall or UTM. The three are distinct aspects of the whole. Just like I'm male, American, and 42. I'm all three things. You can't correct someone calling me 42 as being incorrect because I'm ALSO mail and he didn't mention it. That I'm other things doesn't make me not 42.
Is the SonicWall blue? Yes
Is the SonicWall networking hardware? Yes.
Is the SonicWall a router? Yes.
Is the SonicWall a firewall? Yes.
Is the SonicWall a UTM? Yes.Those things all remain true regardless of additional functionality or aspects being added.
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive.
It's a bit different. A hard drive is a necessary component to make up a computer. You can buy a hard drive that isn't a computer. A computer can have many hard drives. It seems similar, but it's actually quite different as an analogy goes. A hard drive is part of what makes something a computer rather than a function that a computer performs.
It's more like calling a computer a data storage device, because it contains a hard drive. A computer is definitely a data storage device. It is also a data manipulation device. And a communications device. These are aspects of the computer, not parts of it.
Routing isn't a part of the firewall or UTM. The three are distinct aspects of the whole. Just like I'm male, American, and 42. I'm all three things. You can't correct someone calling me 42 as being incorrect because I'm ALSO mail and he didn't mention it. That I'm other things doesn't make me not 42.
Is the SonicWall blue? Yes
Is the SonicWall networking hardware? Yes.
Is the SonicWall a router? Yes.
Is the SonicWall a firewall? Yes.
Is the SonicWall a UTM? Yes.Those things all remain true regardless of additional functionality or aspects being added.
Nothing ruins a good simile like over analyzing it.
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
-
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
Except users call computers a hard drive all the time. It is totally common.
-
@jaredbusch said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
Except users call computers a hard drive all the time. It is totally common.
Yes, but THAT is wrong.
-
@jaredbusch said in Routers Vs. Firewall:
But a router is never only a router in today's world. Every single router is a router and a firewall.
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa), it just means that the two products are generally interchangeable and indistinguishable in the real world.
Saying "Every single router is a router and a firewall." is different from saying "Every single router is a firewall"
So I'm kind of with the boss, on a purely abstract, pedantic level. I guess that makes me "sub-intern" :grinning_face_with_smiling_eyes: Oh well, I've been called worse on here.
-
@carnival-boy said in Routers Vs. Firewall:
So I'm kind of with the boss, on a purely abstract, pedantic level.
No, if you are pedantic, the boss is wrong. The more pedantic, the more wrong. A router is a router, no matter what else is added to it, it doesn't stop being a router. The boss isn't "kind of wrong", he's not wrong only technically, he's wrong in every sense. The more semantics, the more pedantic, the more accurate... the more wrong.
Like the male and 42. Calling me male isn't wrong just because you didn't mention that I'm 42.
-
@carnival-boy said in Routers Vs. Firewall:
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....
In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.
-
Before I read everything I will include my 2 cents.
Technically your definitions look correct.
Routing and firewalls are different functions.
They can each accomplish the same thing.
They will use different methods to do this.
Routers almost always have firewalls built in.So any particular device can be either a firewall or router because both functionalities are always in the same box.
-
@scottalanmiller said in Routers Vs. Firewall:
@carnival-boy said in Routers Vs. Firewall:
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....
In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.
But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.
-
@kelly said in Routers Vs. Firewall:
But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.
Is that true? That gets a bit more murky. If the firewall is there and just wide open, is it not still there? Does a router stop being a router when it loses power? In a sense, yes. But it's not the generally accepted use of the terminology. Something is a router or a firewall because of what it can do, not because of what it is doing at the moment.
E.g. I can still call the spare SonicWall on the shelf a router, even when not plugged in and actively routing.
-
@kelly
Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall? -
@pete-s said in Routers Vs. Firewall:
@kelly
Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?It really depends on the breadth of the definition. @scottalanmiller appears to be arguing that if a device has any type of firewall functionality it should be classified as a firewall. I would personally prefer to classify a device by what it does as a primary role in the organization. If the device handles primarily routing then it is a router. If it handles switching primarily it is a switch. If it handles edge protection then it is a firewall.