Hosting Discussion

Hosting Discussion (
-   Web Hosting Discussion (
-   -   Firewall protection (

amaya 07-18-2017 10:23 PM

Firewall protection
Hardware and software firewalls, which is better and provides more security ? Is firewall protection provided with every hosting service?

24x7server 07-18-2017 11:31 PM

Both Hardware and software firewalls have their own advantages and disadvantages.

If you have multiple servers then you should consider Hardware firewall and otherwise software firewall is the option.

Most of the hosting providers do provide firewall protection by default as it helps to determine whether connection is valid or not.

On Linux server CSF (ConfigServer Firewall) is my preferred option due to its easy installation, use and modification.

On Windows servers, its better to use their own firewall as 3rd party application increases the overall load on the server. :)

ughosting 07-20-2017 11:26 PM

+1 for CSF

Even if you have hardware firewalls you will still benefit from having a software firewall on the local machine.
This would allow for a more dynamic configuration than would be practical on a hardware firewall.

WHGBTom 07-23-2017 01:34 AM

Like others have already said, its probably best, if your situation allows it to have both.

24x7CSM 07-23-2017 10:16 PM

having a properly installed and configured CSF is a good option , Since CSF is a software firewall you can install and configure it as per your own requirement

Anaisa 07-26-2017 05:50 AM

Having your server protected with both hardware and software firewalls ensures security to a maximum level.

ughosting 07-26-2017 08:33 AM

If you do use CSF on a dedicated server (not a VM) then use the IPSET option, it will not slow down as you start blocking 10's of thousands to millions of IPs.
Using IPTables to blocks 1000s of IPs starts to delay your time to first byte.

PeteCCS 07-26-2017 09:39 AM


If you have a good hardware firewall add a second firewall is useless(there's some cases where it is usefull, if you want to add a security layer between users on a same network).
A hardware firewall is supposed to be better because it has both the software and hardware optimised to do the job.
Plus whereas software firewall can be installed anywhere a hardware firewall has to have its own machine.
If you compare a software firewall installed on a server that counts because mixing roles weakens the firewall (by adding security holes or consume ressources) you dont have this issue with a hardware firewall.

zomgmike 07-26-2017 11:22 AM


Originally Posted by amaya (Post 223597)
Is firewall protection provided with every hosting service?

Yes and no. Your host may not be doing anything at the network level *but* most OSs have a firewall built into them. So it's possible that you are behind a firewall just from that. (Assuming it is turned on by default.)

amaya 08-09-2017 06:23 AM

I have seen some hosts providing only software firewall protection. Should we contact them to addon a hardware firewall protection too?

Certa_Hosting 08-15-2017 07:56 AM

Not every provider offers a firewall. There are many software firewalls but its always recommended that you use a hardware or virtual firewall.

Softsys Hosting 08-16-2017 07:38 AM

You'll need to select a firewall - internal or external - depending on whether you want traffic to be filtered "before" it enters the server or "after" it enters the server. It is always better to offload traffic filtering / protection outside the server with specialised equipment / devices which are designed for it. However, it will add up to your budget significantly. Most providers have border firewall protection available on core / distribution routers but advanced features like IDS / IPS / etc will be easier to be setup on dedicated firewalls.

Racks&Cloud 10-08-2017 01:41 AM

Hardware will be more secure and its helps to keep the server online when you are getting attack. because hardware means a server or machine which is dedicated to working only for Firewall.

all operating systems are comes with default software firewall. ie, iptables in Linux, windows firewall in windows. But you have to configure it as per your requirements. By default, it will allow all connections.

cPanel Web hosting companies usually using CSF to configure the iptables.

Dedicated server provider companies usually using hardware firewall to protect the servers and network from attack like DDoS.

HostCheetah 12-31-2017 03:52 PM

Dedicated and VPS some will provide h/w firewall but not under your control, for VPS / Dedicated running WHM/cPanel - CSF / is a welcome addition - in addition to Brut Force attack tools they also provide some other server tools to make your admin job easier. Used them and their support, for upwards of 10+ years - great product, great support.

ClouDNS 01-09-2018 09:31 AM

No matter what firewall you are using, in case of DDoS, everything depends on how bigger are your ports. For me it is better, if you define the firewall rules in front of the service/application servers - to the routers or to the firewall servers.

All times are GMT -6. The time now is 06:29 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0