ConfigServer Firewall vs Juniper SRX 300 with cPHulk

[bgarrant]

I have a single cPanel server and it is currently protected by a Juniper SRX 300 Hardware Firewall and CPHulk. I would really like to remove the hardware firewall and go back to use CSF, but I am wondering if anyone can advise on what I would lose or gain in making the change? I know CSF can do a lot more, but do I lose any major security by removing the hardware firewall? Since I have just one shared hosting server the hardware firewall seems like overkill. Any advice?

 

[rpvw]

Quite a good article here: bobcares.com/blog/hardware-vs-software-firewall-a-brief-comparison/ that might help you decide.

Personally, I find the tools that come supplied with cPanel combined with CSF are normally sufficient to keep your server safe (unless you are hosting something contentious or compelling to hackers)

The resources that a software firewall might consume will depend heavily on the server traffic. You must appraise that yourself since you should know what amount of traffic you get, and what your available resources are.

 

[bgarrant]

Thanks for the great info. The issue with the hardware firewall to me is administration. I try to manually allow clients access via FTP and CPanel and then leave web and email ports open. While this works well it is hard to
Maintain with dynamic IPs constantly changing.

 

[cPanelLauren]

hi @bgarrant

Beyond the advice provided by @rpvw I'd suggest enlisting a system/network administrator to assist with a solution that works with your needs specifically. If you don't have one you might find one here: System Administration Services | cPanel Forums.

Thanks!