Register now or log in to join your professional community.
Basically the hardware fireall comes with a dedicated hardware...we can do nothing in that otherthan the preconfigured firewall...and the software firewall u can install in any recommended hardware...old era software firewalls were treated like desighned for minimal purpose like home users...bult TMG is pure feature packed typical industrial product...like every microsoft product ..master it to love it...
Hardware Firewalls: (Pros)
1) It has its own dedicated memory for building connection tables, translation tables, IPSec SAs, and other security parameters.
2) It has a dedicated encryption/hashing accelerator to handle encryption processes in IPSec VPNs, SSL VPNs, and other security features that needs encryption/hashing.
3) It normally comes with more physical interfaces than you can find in a normal NIC in a PC.
4) It is protected from physical breaches by design.
Hardware Firewalls: (Cons)
1) Not easy to manage. You have to be familiar with the complicated command line interface (CLI) commands.
2) Even if you want to use GUI, you need to install it first in the internal flash and then call it via web browser. The GUI is even not friendly. (talking about ASDM in Cisco here)
3) You have to reserve a new unused rack space for it.
Software Firewalls: (PROS)
1) Easy to manage and more GUI friendly.
2) Straightforward application installation.
3) You can use an existing server to install it and no need to purchase additional hardware for it.
Software Firewalls: (CONS)
1) Vulnerable to exploitation.
2) Encryption/Hashing processes is extremely slow and not accurate.
3) IPSec VPNs is not stable if the other end is a hardware VPN platform.
Well, that is what i remember for now. You're most welcome to add some additional thoughts to my list.