ConfigServer Firewall vs Juniper SRX 300 with cPHulk

bgarrant

Well-Known Member
Jun 27, 2012
78
10
8
cPanel Access Level
Root Administrator
I have a single cPanel server and it is currently protected by a Juniper SRX 300 Hardware Firewall and CPHulk. I would really like to remove the hardware firewall and go back to use CSF, but I am wondering if anyone can advise on what I would lose or gain in making the change? I know CSF can do a lot more, but do I lose any major security by removing the hardware firewall? Since I have just one shared hosting server the hardware firewall seems like overkill. Any advice?
 

rpvw

Well-Known Member
Jul 18, 2013
1,088
446
113
Spain
cPanel Access Level
Root Administrator
Quite a good article here: bobcares.com/blog/hardware-vs-software-firewall-a-brief-comparison/ that might help you decide.

Personally, I find the tools that come supplied with cPanel combined with CSF are normally sufficient to keep your server safe (unless you are hosting something contentious or compelling to hackers)

The resources that a software firewall might consume will depend heavily on the server traffic. You must appraise that yourself since you should know what amount of traffic you get, and what your available resources are.
 
Last edited by a moderator:
  • Like
Reactions: cPanelLauren

bgarrant

Well-Known Member
Jun 27, 2012
78
10
8
cPanel Access Level
Root Administrator
Thanks for the great info. The issue with the hardware firewall to me is administration. I try to manually allow clients access via FTP and CPanel and then leave web and email ports open. While this works well it is hard to
Maintain with dynamic IPs constantly changing.