Portal Home > Knowledgebase > Articles Database > Do you recommend a software firewall when behind a hardware firewall?

Do you recommend a software firewall when behind a hardware firewall?

Posted by AquariusStorage, 12-17-2008, 02:28 PM

Do you recommend a software firewall when behind a hardware firewall? All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking. __________________█ Aquarius Storage - Stop Searching, Start Hosting█ Fast

---

Posted by Jonathan Kinney, 12-17-2008, 02:40 PM

If the feature set of your Cisco ASA 5505 is lacking in some way that you can gain by using an additional layer, or if your hardware firewall goes down leaving you unprotected from time to time, then I would suggest adding some fallback rules via IPTables. But if none of that is the case, then I see no reason add another layer with no benefit, but a cost to time and administration. __________________ Jonathan Kinney Data Systems Specialist Advantagecom Networks, Inc.http://www.simplywebhosting.com

---

Posted by AquariusStorage, 12-17-2008, 02:43 PM

The Cisco ASA 5505 series is very feature rich and very reliable. I don't think any of the above apply to it, and we agree that it's probably just a cost of extra time and administration, we just want to get more opinions. Thank you Jonathan. __________________█ Aquarius Storage - Stop Searching, Start Hosting█ Fast

---

Posted by Mike - Limestone, 12-17-2008, 03:53 PM

I would still keep iptables, but I would not maintain too extensive a ruleset. Seems worthwhile to have a little extra protection just in case something goes wrong with the Cisco ASA. -mike __________________Limestone Networks - Dedicated Server Hosting Premium Network - 24/7/365 Support - Dual Intel Xeon Servers Now Available Dallas Datacenter - Fully Routed Backend Networkhttp://www.limestonenetworks.com 1-877-586-0555

---

Add to Favourites    Print this Article

Cant go in Horde webmail, is it becoz of PHP upgrade? (Views: 797)

What Reseller Hosting is best for hosting both Unix and Windows? (Views: 775)

Disable Apache Automatic Startup on WHM (Views: 800)

Commission Based Reseller Plans? (Views: 770)

Cloud linux resources (Views: 811)