Most software-only firewalls are based on the PC architecture and may adopt optimized OS as their operating platforms. The features are as follows: good scalability, adaptability, easy upgrade, and far lower cost than the hardware-based firewall. Most hardware-based firewalls use ASIC, and do not require OS support. They feature fast speed, good stability, and higher security factor than software firewalls, however, the cost is higher, the scalability and scalability are not as good as the software firewall. The full name of ASIC is Application Specific Integrated Circuit, which refers to a dedicated Integrated circuit. It is an accelerated processor with logic processing. Simply put, ASIC is to use the logic circuit of hardware to implement software functions. The purpose of ASIC Technology for network products is to hand over some of the regular work previously completed by the CPU to dedicated hardware for completion, so as to achieve breakthrough performance improvement. ASIC technology is widely used in vswitches, routers, firewalls, smart IC card IDs, and other fields. The CPU chip and ASIC chip have their respective advantages and disadvantages. The biggest advantage of CPU is its high flexibility. It uses instruction sets and software to complete a variety of work, but the actual processing capability of CPU is often limited by the specifications of PCs and general operating systems. ASIC is an integrated circuit with a single function to complete process processing. Although it sacrifices flexibility, it gains high reliability and powerful processing capabilities, and belongs to the category of "dedicated hardware. The ASIC chip and CPU have their own characteristics and are also specific to applications. In order to meet the needs of various applications, people want to use CPUs. In a relatively single field, people want ASIC to bring high computing efficiency. Because the CPU and ASIC are different in different application fields, we cannot simply compare the two, but depend on their specific application fields. In the early stages of development of some technologies, in order to save development costs, people often use CPU-based general-purpose PCs to complete some applications. As technology matures and applications become increasingly complex, ASIC is being considered for stricter and more efficient performance. A typical example of this development trend is the evolution of routers: PC routing software-> dedicated routers-> ASIC-based routing switches and exchange routers. Similarly, in the security field, firewall is also experiencing a similar development process. The development of firewalls can be roughly summarized into three phases: pure software firewalls, soft and hardware firewalls, and ASIC hardware firewalls. The pure software firewall is based on a PC and runs on general operating systems such as UNIX and windows. Generally, operating systems are not customized for network security. Therefore, many vulnerabilities or bugs are inevitable. In this way, even data packets that are regarded as normal by firewall filtering may be a "bomb" used to attack the operating system ". Once the operating system is compromised, the firewall also loses value. In addition, such firewalls do not have proprietary resources, and all work must use the same resources as other task processes, including public CPU, ram, and PCI bus. The firewall performance is naturally affected. A firewall that combines hardware and software does not use a general operating system, but uses a dedicated or self-developed (optimized) operating system. These customized operating systems for network security fundamentally solve the security risks of the software firewall and greatly improve the overall processing performance than the software firewall. However, the basic encryption and decryption processes of such firewalls still need to be completed by software and still belong to the firewall in the PC structure. ASIC hardware firewalls have developed considerably recently. With the increasing complexity of network construction and the development and popularization of broadband networks, it is found that the combination of hardware and software firewalls is still unsatisfactory in terms of speed, function, and stability, this has all become the driving force for the development of ASIC hardware firewalls. The ASIC hardware firewall uses ASIC chips and multi-bus and parallel processing methods, so that the process that originally required thousands or even tens of thousands of commands can be completed in an instant by several cycles, the multi-bus structure ensures that efficient data processing can still be performed inside the firewall when data is transmitted on the port, without being limited by the traditional "interruption. The ASIC hardware firewall uses a dedicated operating system, which provides high security. In fact, the CPU of such firewalls usually only uses mid-range products, but this does not prevent independent ASIC from having ultra-high processing capability, this is because the operating system and CPU of such firewalls only act as ASIC hardware drivers and provide management interfaces. They are only responsible for overall coordination, but are not involved in basic processing of any firewalls. When the ASIC chip is fully engaged in data processing, the CPU is still in a low usage status, without affecting the response speed to device management. Therefore, the ASIC hardware firewall can fully utilize its own speed and processing capabilities, regardless of the number of sessions. In addition, the ASIC hardware firewall completely removes the impact of the PC structure. Next we will compare the firewall in the PC structure with the firewall in the ASIC structure. If a firewall in a PC structure is able to complete a task (such as address translation under a single policy or Session), it can also achieve or be close to the processing capability of the ASIC firewall, however, in a typical broadband application environment, tens of thousands or even hundreds of thousands of parallel sessions not only bring more interruptions to the firewall of the PC structure, but also greatly reduce its processing capability; this problem does not exist in the ASIC structure, and the number of sessions has almost no impact on the processing capability. In terms of encryption and decryption capabilities, the firewall of the PC structure needs to use expensive encryption cards to achieve a certain processing speed. The ASIC chip integrates basic firewall operations, even when high-strength encryption and decryption are run, the processing speed will not be greatly reduced. In terms of short-term and long-term costs, the cost of purchasing ASIC firewalls is higher than that of software firewalls. However, considering the future upgrade of Enterprise Networks, ASIC firewalls can effectively protect enterprises' existing investment, saves daily maintenance costs.
