Routers Vs. Firewall
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
In your specific instance, calling a Sonicwall a router is like calling a computer a hard drive.
It's a bit different. A hard drive is a necessary component to make up a computer. You can buy a hard drive that isn't a computer. A computer can have many hard drives. It seems similar, but it's actually quite different as an analogy goes. A hard drive is part of what makes something a computer rather than a function that a computer performs.
It's more like calling a computer a data storage device, because it contains a hard drive. A computer is definitely a data storage device. It is also a data manipulation device. And a communications device. These are aspects of the computer, not parts of it.
Routing isn't a part of the firewall or UTM. The three are distinct aspects of the whole. Just like I'm male, American, and 42. I'm all three things. You can't correct someone calling me 42 as being incorrect because I'm ALSO mail and he didn't mention it. That I'm other things doesn't make me not 42.
Is the SonicWall blue? Yes
Is the SonicWall networking hardware? Yes.
Is the SonicWall a router? Yes.
Is the SonicWall a firewall? Yes.
Is the SonicWall a UTM? Yes.Those things all remain true regardless of additional functionality or aspects being added.
Nothing ruins a good simile like over analyzing it.
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
-
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
-
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
Except users call computers a hard drive all the time. It is totally common.
-
@jaredbusch said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
@scottalanmiller said in Routers Vs. Firewall:
@kelly said in Routers Vs. Firewall:
On a technical level they're not wrong. A router only routes packets. A firewall restricts packets.
The routing function only routes the packets. But the router doesn't "only" route packets. Like how the "car function" of a car is only to drive. But all cars have stereos. They aren't any less cars because they have additional features.
So on a technical level, they are wrong because they claimed that it was not a router. It most certainly is a router. It's more than just a router, but that doesn't make it less of a router.
I was referring to the distinction they were drawing between a router and a firewall, not the accuracy of their statement with regards to the Sonicwall.
Right, but calling it a router is just fine, unlike calling a computer a hard drive, which is not correct. That was my point. @WrCombs wasn't wrong, it's a router just as much as it is a firewall, just as much as it is a UTM. Calling it any of them is fine because there is no term for all three merged together. In theory, each one can be a separate device or VM, just silly and no one sells that.
Except users call computers a hard drive all the time. It is totally common.
Yes, but THAT is wrong.
-
@jaredbusch said in Routers Vs. Firewall:
But a router is never only a router in today's world. Every single router is a router and a firewall.
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa), it just means that the two products are generally interchangeable and indistinguishable in the real world.
Saying "Every single router is a router and a firewall." is different from saying "Every single router is a firewall"
So I'm kind of with the boss, on a purely abstract, pedantic level. I guess that makes me "sub-intern" :grinning_face_with_smiling_eyes: Oh well, I've been called worse on here.
-
@carnival-boy said in Routers Vs. Firewall:
So I'm kind of with the boss, on a purely abstract, pedantic level.
No, if you are pedantic, the boss is wrong. The more pedantic, the more wrong. A router is a router, no matter what else is added to it, it doesn't stop being a router. The boss isn't "kind of wrong", he's not wrong only technically, he's wrong in every sense. The more semantics, the more pedantic, the more accurate... the more wrong.
Like the male and 42. Calling me male isn't wrong just because you didn't mention that I'm 42.
-
@carnival-boy said in Routers Vs. Firewall:
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....
In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.
-
Before I read everything I will include my 2 cents.
Technically your definitions look correct.
Routing and firewalls are different functions.
They can each accomplish the same thing.
They will use different methods to do this.
Routers almost always have firewalls built in.So any particular device can be either a firewall or router because both functionalities are always in the same box.
-
@scottalanmiller said in Routers Vs. Firewall:
@carnival-boy said in Routers Vs. Firewall:
Yes, but a device that is both a router and a firewall does not mean that a router is a firewall (and vice versa)....
In the real world, every router is a firewall and every firewall is a router. You can't find one that isn't the other. We understand that theoretically you can build something that is one and not the other, but they don't really exist.
But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.
-
@kelly said in Routers Vs. Firewall:
But not every router implementation utilizes the functionality of the firewall. In that case it would be inaccurate to call the device a firewall because that isn't what it is doing.
Is that true? That gets a bit more murky. If the firewall is there and just wide open, is it not still there? Does a router stop being a router when it loses power? In a sense, yes. But it's not the generally accepted use of the terminology. Something is a router or a firewall because of what it can do, not because of what it is doing at the moment.
E.g. I can still call the spare SonicWall on the shelf a router, even when not plugged in and actively routing.
-
@kelly
Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall? -
@pete-s said in Routers Vs. Firewall:
@kelly
Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?It really depends on the breadth of the definition. @scottalanmiller appears to be arguing that if a device has any type of firewall functionality it should be classified as a firewall. I would personally prefer to classify a device by what it does as a primary role in the organization. If the device handles primarily routing then it is a router. If it handles switching primarily it is a switch. If it handles edge protection then it is a firewall.
-
@pete-s said in Routers Vs. Firewall:
@kelly
Wouldn't a layer 3 switch be considered a pure router (and switch) but not a firewall?An L3 is a "multi-port" router, that's correct. And it is a switch (presumably.) But I've never heard of an L3 switch / multi-port router that had zero firewall functionality. Again, it can exist. But to the best of my knowledge, none does. It's purely a theoretical case to have an L3 switch without any security mechanisms.
-
@kelly said in Routers Vs. Firewall:
I would personally prefer to classify a device by what it does as a primary role in the organization. If the device handles primarily routing then it is a router.
In a situation like this, obviously is someone disabled one function or another, it would be pretty clear how it would fit your definition. But once they do both, and essentially all orgs use them for both, how do you quantify "how much" of each task they do since each task is so different?
Is the ocean more wet or more blue? You can't compare a quantity of wet to a quantity of a colour. Just as a quantity of routing (measured in routes, packets, etc.?) can't be compared against a quantity of firewall rules. They simply aren't comparable.
But even then, under this definition, a product could never be sold as a router, firewall, or UTM. They'd all have to be sold as "mysterious boxes, to be discovered when used" as you couldn't call it anything, as there is no generic term for a blank box of that nature, until you were able to determine its primary role. And if it heavily did many things, you'd run into problems.
......
-
Imagine how "only the primary function" rule would apply....
Auditor: "We require that your network be firewalled, do you firewall your traffic?"
IT: "Yes, we do."
Auditor: "Okay, good, show me your firewall."
IT: "We don't have a firewall."You'd have your business unable to use basic terms, because by combining things, and not being able to call it by a non-primary identity, you loose the ability to claim that you have that identity.
Because while they are "roles", they are also identities. Like male and 42. I'm 100% male and 100% 42. You can't measure an amount of one versus the other. Nor does being one stop me being the other, in any way.
-
Think of the physical device that does routing, firewalling, UTM, etc. as a "network server." Now treat it like any other server. If you put AD and File Services on a single VM, you don't start saying you don't have AD just because the VM is used for file services "more often" than it is used for AD. You say you have an AD server and a file server. They are just the same VM.
Likewise, put a router VM onto a server. How do the rules of "primary use" affect that VM, the host that runs that VM, etc.
-
You went pretty fast up the hyperbole chain there @scottalanmiller. I don't think this discussion is helpful to continue with the ways you're choosing to discuss things.
-
@kelly said in Routers Vs. Firewall:
You went pretty fast up the hyperbole chain there @scottalanmiller. I don't think this discussion is helpful to continue with the ways you're choosing to discuss things.
It's not hyperbole, it's just common sense. You can't say a firewall isn't a firewall because you don't feel it does enough firewalling compared to routing. That's just silly.
Anything that you use to show why that's silly, will sound ridiculous, but it's a silly thing to have to explain. It's clearly not a viable way to name things.
A router is a router, no matter how much firewalling it does. It's status as a router is absolutely based on if it routes, not "if it does other things in some quantity."
Hyperbole would only apply if the silly examples were to some degree sillier than the original language. But they are not. The "I'm a man and I'm 42" is identical in every way to "it's a router and it is a firewall." Not in the slightest way exaggerated.
