Well, I ordered both my server and a hardware firewall a few days ago and I am having quite a bit of trouble. I definitely need some advice and not a "sales" job. First off, I must mention that my server is my livelihood, so I want to make sure that security is priority number 1. With this in mind, I ordered a dedicated server and added a very costly "Cisco PIX 506e" firewall. My server has cPanel installed and unfortunately this is where the trouble begins. I have a third-party company that is helping me and they have notified me about a potential problem that may plague me whenever an update is ran for cPanel. The problem lies in the fact that because my hardware firewall is NAT configured thus requiring my server to rely on internal IP addresses that are different from my assigned (from the data center) IP Addresses, several files need to be manually modified for my Name Servers and accounts to run properly and cPanel may try and undo those modifications each time that cPanel is updated. They have already setup a software firewall on my server and since I have Floodguard on all of my IPs, they recommend getting rid of my hardware firewall.
Many of you have an enormous amount of experience when it comes to this kind of issue and I really need some feedback. It sounds to me that the hardware firewall simply blocks unused ports and when it comes to protecting against DDOS, Brute Force or other attacks that a hardware firewall is no better then a software firewall. What do you all think, should I get rid of my hardware firewall? Is the software firewall just as good and secure especially considering that I have Floodguard on all of my IPs? Or should I keep the hardware firewall and bare the extra burden of manually updating files everytime cPanel is updated? Is keeping the hardware firewall worth all of the trouble and added monthly expense?
