Router Firewall's effect on speed?

[badb0y]

Hey guys,

 

I have an Arris TG1672G-NA modem with built-in Wireless router. Though speed is not a problem for me with my current plan of 300Mbps. However, Being a online gamer, I do have a question about a routers built-in Firewall. Does it slow downs your online gaming in terms of speed/ latency/ ping etc. Because firewall scans every packet that goes in? 

 

I do have windows firewall and having 2 firewalls make no sense to me. Any thoughts?

 

thanks

[+BudMan]

Disable it not best way - just turn it off in the control panel.  This is how I run local PC.

 

[Praetor]

Hey guys,

 

I have an Arris TG1672G-NA modem with built-in Wireless router. Though speed is not a problem for me with my current plan of 300Mbps. However, Being a online gamer, I do have a question about a routers built-in Firewall. Does it slow downs your online gaming in terms of speed/ latency/ ping etc. Because firewall scans every packet that goes in? 

 

I do have windows firewall and having 2 firewalls make no sense to me. Any thoughts?

 

thanks

 

unless that router is from 90's, i really doubt it will affect speed since all current routers are fast enough, so low latency is not an issue. 

 

You can however disable the build in firewall and test the latency, so you can compare those values with the firewall on, but it won't affect.

[+BudMan]

You are correct there is little need of your software host filewall - unless you have hostiles on your local lan your blocking.  Or you have some "reason" to block outbound - which to be honest again is pointless.  Why would you even run something that you would need to block outbound in the first place.

 

But the firewall in general should not be an issue for performance.  You mention 300mbps plan - I doubt your seeing that wireless to be honest.  I show the wireless on that router 3x3, but even at 3 streams 40mhz N your talking 450mbps RAW!!!  So /2 your looking at best wireless about 200ish - and that is if you have a 3 stream wireless card - which seems unlikely, unless you have pcie card in your PC?

[Praetor]

Why would you even run something that you would need to block outbound in the first place.

 

*cough* pirated software that calls home *cough*

[+BudMan]

^ that is a valid reason now is it.. ;)

 

And if I wanted to block something outbound from my network I would block it at my edge firewall anyway..  Simple enough to block outbound ports, ips, dns, etc.  There is there is not even a not legit reason to run it on the host -- unless your host is in a hostile local environment.

[badb0y]

Thanks Praetor and +BudMan.

 

So Disabling Windows Firewall is a good idea as compared to router firewall? 

 

thnx

 

edit- I dont have any "Special" "Photo editing" software installed. Its  a gaming PC which is free of piles of files etc....

[badb0y]

thanks :D

[The_Decryptor]

The wifi is going to have a bigger impact on your latency than a firewall would.

[goretsky]

Hello,

 

Out of curiosity, have you done any testing to benchmark the difference in speeds with the firewall enabled and then disabled?  If the difference is negligible, you might as well leave it enabled for the additional layer of security it provides, even if it is only a small amount.

 

Regards,

 

Aryeh Goretsky

[+BudMan]

"you might as well leave it enabled for the additional layer"

 

I really do not drink this sort of koolaid..  You could also look at it as additional layer of headache, pain, grief, frustration ;)  We are not talking about enterprise network here, talking about a home use scenario.  Where the machines are all yours, they only run software you agree to run.  They don't enter and leave the network, etc. If the laptop does leave and connects to different network it wears a condom - see in my setting where public networks firewall is on, etc..

 

If enterprise then its a complete different ballgame!

 

So you have 2 doorman to let you info the building - you now have have to tip both of them, you have to show them both your ID, you have to wait for both of them to open the doors, etc.  Where is example when 1st one lets you in to be stopped by second one?  That would justify this hassle?

 

"The wifi is going to have a bigger impact on your latency than a firewall would."

 

Agreed!

[goretsky]

Hello,

First off, a bias note: I should mention I work for a security software company.

In a home use environment (which I'll also expand to cover apartments and dorms), you may end up sharing a connection with folks who don't practice the same level of network hygiene that you do, or, as you mentioned, one or more of the machines may be portable and connect to other networks (work, school, coffeshop, etc.). One of the not-managed-by-you or wandering machines gets infected with some form of replicating malware like a worm or even a computer virus (which are somewhat rarer these days) and it goes off on the network looking for other boxes to exploit.

I would make the tradeoff that spending a few minutes configuring a firewall (assuming it doesn't autoconfigure, or you accept the pre-populated option config options, etc.) is worth it, especially compared to the potential hours lost from repairing a malware infestation. Again, my opinion, but perhaps I'm biased by seeing too much of the seedier side of the 'net.

Regards,

Aryeh Goretsky

"you might as well leave it enabled for the additional layer"

 

I really do not drink this sort of koolaid..  You could also look at it as additional layer of headache, pain, grief, frustration ;)  We are not talking about enterprise network here, talking about a home use scenario.  Where the machines are all yours, they only run software you agree to run.  They don't enter and leave the network, etc. If the laptop does leave and connects to different network it wears a condom - see in my setting where public networks firewall is on, etc..

 

If enterprise then its a complete different ballgame!

 

So you have 2 doorman to let you info the building - you now have have to tip both of them, you have to show them both your ID, you have to wait for both of them to open the doors, etc.  Where is example when 1st one lets you in to be stopped by second one?  That would justify this hassle?

 

"The wifi is going to have a bigger impact on your latency than a firewall would."

 

Agreed!

[duoi]

Hello,

 

To build on what Aryeh has said: although they are both called firewalls, they are not the same thing. The Windows firewall is what is known as a Personal Firewall, and what it does is very different to a router's firewall.

 

To be brief, a personal firewall primarily deals with specific application permissions. For example, it would block malware from being able to connect to the network-- this level of application-layer control would not take place on the router's firewall which typically does not discriminate between different programs or performs deep packet inspection. It would assume that all traffic leaving the computer has been approved to leave.

 

Compare this to a conventional firewall, such as your router's firewall, which would only really be concerned about certain types of packets coming in (such as packets from websites you've blacklisted, or dropping packets that appear to be coming from a DoS attack).

 

Although the above is very abstract and both are able to overlap in some ways, it still helps emphasize the difference between the two. Using the doorman example, the router's firewall is the doorman greeting people in and out of the building, however the personal firewall is what give or prevents access to your specific room.

 

Regards,

Steven Johns

[+BudMan]

"may end up sharing a connection with folks"

 

Agree this would be "hostile" lan..  As I mentioned..

 

"I would make the tradeoff that spending a few minutes configurin"

 

Here is the thing to be properly configured users have to have a much higher understanding than they do - or they run into frustration and pain.  They might want to share files with their computer, but not with the machines in the apt complex.  So now they need to understand how to setup their machine to have a static, which may or may not be under their control if they are on a shared network like the apt, etc.  Setting their firewall to allow file and print sharing for the local network, that is shared with hostile machines just made that firewall setting a complete waste of time and the firewall is not doing anything.

 

Well all agree if the box is in a hostile network, then a firewall can be used to mitigate the risk.  The problem is that is NOT a typical home setup - all they want to do in their home is get computer A to play game with computer B -- why doesn't it work!!!  Arrrghhh ;)

 

Sorry duoi but you don't have to explain software firewalls to me ;)  Give an example of when when the router firewall allows something in, but firewall B blocks it..  Just one example all I am asking..  Sorry but if you exe code as admin, it can shut down your software firewall.. We have gone over it and over it and over it here on neowin for years!!  Give one legit example of blocking legit software from talking to the internet that makes sense -- other then hey you don't run that software in the first place if you don't want it talking to the network.

 

Yes in the hands of someone that understand their use, and how network works - they can be very useful.  They are also to be honest some the most hyped oversold software products on the market.  Sorry but the built if firewall can protect against a hostile network just as well as that 50$ 3rd party version.

 

Blocking outbound connections is not security practice..  If your having to block something from talking on the network you have already lost!!

[sc302]

Fwiw, I fully agree with budman.

[cork1958]

"may end up sharing a connection with folks"

 

Agree this would be "hostile" lan..  As I mentioned..

 

"I would make the tradeoff that spending a few minutes configurin"

 

Here is the thing to be properly configured users have to have a much higher understanding than they do - or they run into frustration and pain.  They might want to share files with their computer, but not with the machines in the apt complex.  So now they need to understand how to setup their machine to have a static, which may or may not be under their control if they are on a shared network like the apt, etc.  Setting their firewall to allow file and print sharing for the local network, that is shared with hostile machines just made that firewall setting a complete waste of time and the firewall is not doing anything.

 

Well all agree if the box is in a hostile network, then a firewall can be used to mitigate the risk.  The problem is that is NOT a typical home setup - all they want to do in their home is get computer A to play game with computer B -- why doesn't it work!!!  Arrrghhh ;)

 

Sorry duoi but you don't have to explain software firewalls to me ;)  Give an example of when when the router firewall allows something in, but firewall B blocks it..  Just one example all I am asking..  Sorry but if you exe code as admin, it can shut down your software firewall.. We have gone over it and over it and over it here on neowin for years!!  Give one legit example of blocking legit software from talking to the internet that makes sense -- other then hey you don't run that software in the first place if you don't want it talking to the network.

 

Yes in the hands of someone that understand their use, and how network works - they can be very useful.  They are also to be honest some the most hyped oversold software products on the market.  Sorry but the built if firewall can protect against a hostile network just as well as that 50$ 3rd party version.

 

Blocking outbound connections is not security practice..  If your having to block something from talking on the network you have already lost!!

"Blocking outbound connections is not security practice..  If your having to block something from talking on the network you have already lost"

 

Amen to that one!!