A client asked me the other day if a firewall slows down your Internet connection. I said that any performance hit would probably be pretty minimal given the power and memory in today's computers.

This begs a question though: how much lag time does it add to your Internet connection? Are some firewalls faster? (e.g. is the XP Firewall faster than ZoneAlarm?)

If you remember from staff days, Saro was telling us about the deep-scan firewalls, and was saying that only within the past few years had they reached the full scan capability without impacting network speed. Given that we're there with those, I would imagine that the basic rule based firewalls have little to no resultant packet latency.

I'm talking more about software firewalls.

Does a firewall slow down your internet connection: Yes
Will you notice it: No

Unless, as Josh posted, your firewall is doing a deep scan of the packet contents, most firewalls simply look at the packet header, and decide if the packet goes through or gets trashed. This is really fast. The XP firewall only examines incoming packets, where Zone Alarm can examine incoming and outgoing packets depending on your settings. So technically I suppose the XP firewall could be considered 'faster'.

I still say you'll never notice unless you do some exotic speed tests.

This begs a question though: how much lag time does it add to your Internet connection? Are some firewalls faster? (e.g. is the XP Firewall faster than ZoneAlarm?)

Dude! Lag! It's that l4m3 f1r3w4ll p0wnz0ring my p1ngz!!!1!!1

As Mark said, probably barely measurable differences for a simple desktop firewall, though it could be interesting to test. Keep in mind the XP firewall is processing half a dozen rules most of the time, and a complicated Kerio setup probably won't top 200 rules inspecting the 40 byte IP header.

- nick

I had ZoneAlarm Pro for a few years but for whatever reason, my laptop took a HUGE performance hit when I tried to use it with SP2. I have no idea why, since I have tons of RAM and a very fast processor.

Thanks for the info, guys.

I've had ZoneAlarm w/ Antivirus on my comp at home and it runs great on SP 2 :\