Hard to read hardware firewalls

A more than 200,000 of the hardware firewall, but finally to 80,000 yuan to deal with the price. Behind this huge price gap, what is the truth hidden? And the more and more hot hardware firewalls on the market, are they really worth it? The reporter began to investigate.

The "True colors" of the hardware firewall

In an enterprise, the reporter saw this value of more than 200,000 yuan in a domestic well-known brand hardware firewall. It claims to support 100M bandwidth, concurrent 12,000 connections. However, the opening of this product, the reporter was surprised to find that this firewall under the shell, with a common PC "normal": PIII CPU, ASUS motherboard, D-link network card, Seagate hard disk, Kingmax memory ... The reporter almost thought that he had opened a PC assembled by the computer.

Reporter See, this hardware firewall network card and ordinary network card does not have any difference, remove the network card, install in the ordinary PC machine, the computer can recognize, use, and then remove the hard disk, loaded into the PC, the computer can start, and entered the firewall command line mode. It seems that this is a common PC, the only difference is that it installed a UNIX system + software firewall module.
At the same time, Beijing has also heard news: a network security experts called to tell reporters, he was also invited to open another well-known domestic brand hardware firewall, found that it uses a common notebook architecture: Celeron 900MHz CPU, 128MB laptop memory, 10GB of IBM notebook computer hard disk, As well as four of the 82559 network card, even the motherboard reserved USB interface is also impressively in the eye.
Thousands of miles apart, reporters and security experts see the situation is strikingly similar: two "hardware Firewall" is only a multiple network card PC, but the use of Unix-type operating system, and customized a special chassis-"box", the value of a hundredfold.

Tracking hardware Firewalls
Is the famous hardware firewall so common? What exactly is a hardware firewall? Reporters continue to follow.
The firewall is divided into two kinds: software firewall and hardware firewall. Software firewall is a software product installed on PC platform, it realizes network management and defense function optimization by working at the bottom of operating system. But after careful study of the hardware firewall products on the domestic market, the reporter found that the definition of hardware firewall, the manufacturers seem to still mixed. Most manufacturers of the introduction of products, often with a large amount of space to instill in the consumer product protection functions, and the actual configuration of the firewall, the basic did not mention. The reporter consults the manufacturer by telephone, or the other side is vague or refuses to answer.
Manufacturers of secrecy, so that "hardware firewall" added a bit more mysterious.
After consulting a large number of materials at home and abroad, the discovery of hardware firewalls generally have such a core requirement: its hardware and software need to be designed separately, there is a dedicated network chip to deal with the packet, at the same time, the use of specialized operating system platform to avoid the common operating system security vulnerabilities. For the special requirements of hardware and software, the actual bandwidth and the theoretical value of the firewall are basically consistent, with the advantages of high throughput, safety and speed.
And the domestic market hardware firewall, most of the so-called "hardware and software combination of firewalls," the use of custom chassis +x86 hardware architecture + Firewall software modules (most of which are based on UNIX-type system development), but also the PC box structure. The core technology of this kind of firewall is still software, the throughput is not high, easy to cause bandwidth bottleneck. and the PC architecture itself is inherently unstable and not even likely to run for long periods of time. This kind of firewall generally can only meet the low bandwidth of the security requirements, in high traffic environment will often cause network congestion and even system crashes.