Here at home, on our little, wired, house-wide, private LAN, we have a D-Link brand wired router with a built-in switch and firewall hardware appliance as the very first thing connected to the DSL modem… then all computers and printers are connected to said D-Link router/switch/firewall. And, of course, I have the firewall component of the home D-Link router/switch/firewall appliance turned on and fully functional. (The firewall component of the D-Link device is an actual firewall component, in addition to the device’s built-in NAT capability, which even in the absence of an actual built-in firewall component many consider to be almost as good as a firewall because of how NAT prevents direct addressability of any LAN device from the outside world.)
So, then, whenever either my wife or I are at home with our notebooks, connected to our little private rired LAN, we are safely behind the D-Link’s built-in hardware firewall (and NAT).
Now, we have both just installed COMODO INTERNET SECURITY version 3.8.64263.468 onto our respective notebooks… today (13 Feb 2009). And we know, of course, that whenever we’re away from the house and using our notebooks in a public WIFI hotspot (or pretty much anywhere where we can’t be assured that there’s a good firewall running… which, as far as I’m concerned, is any WAN or LAN other than my own, here at home), then, of course, we need to have the firewall component of the COMODO INTERNET SECURITY product turned on and running. We get that. No problem there.
However, in the wisdom of those here assembled, am I correct in assuming that as long as we’re at home, and our Internet connection is through that fully-functional, fully-up-to-date D-Link router/switch/firewall/NAT device, then the firewall component of the COMODO INTERNET SECURITY product may safely be turned off (disabled)?
I was always trained (and conventional wisdom has always been) that hardware firewalls are always generally better than software ones; and if a reliable, verifiable (and verified) hardware firewall appliance is in place and working on any given wired LAN, then all devices connected to said LAN on the protected side of said hardware firewall needn’t have any sort of software firewall (such as Comodo’s firewall) up and running on any of them.
Therefore, whenever our notebooks are at home, on our own private LAN, behind its hardware firewall, augmented by NAT, couldn’t we both just right-single-click on the COMODO INTERNET SECURITY system tray icon and select “Disabled” under “Firewall Security Level”?
Yes, of course, we must set it back to an enabled state if we take the notebook out into the world. But here at home, behind our little D-Link firewall, can’t we just disable the firewall component (and only the firewall component) of COMODO INTERNET SECURITY?
And remember: I’m only talking about the firewall portion of the INTERNET SECURITY product. The Antivirus and Defense+ components would still be working, no matter where we were. I’m just talking about disabling the firewall and nothing else.
If your answer is “no,” then why? (And please don’t make your answer something like “better safe than sorry” or something like that.) If my D-Link firewall appliance is as good as D-Link says it is (and it is), then is not the COMODO firewall just unnecessarily redundant? Does the firewall component (and only the firewall component) of the COMODO INTERNET SECURITY product do anything essentially or differently or inherently better than a good hardware firewall appliance would do?
And, yes, I know that the risk we run is forgetting to turn the firewall back on when we leave the house… but don’t worry about that for our purposes here. Let us worry about that. I simply want to know, by golly, if there’s any reason why we can’t disable our Comodo firewalls whenever we’re connected to our private wired LAN here, at home, protected by said LAN’s hardware firewall.
If the answer is still “no,” and if we shouldn’t turn off our software (Comodo) firewalls even when we’re at home, behind our hardware firewall, then will there be any conflicts between the Comodo firewall and the hardware firewall? Won’t it be too much filtering? Overkill? Might something fail to work properly because of it that anyone can think of?