9 Replies Latest reply: Apr 5, 2011 11:59 AM by Gerben Wierda
Vincenzo Baldacchino Level 1 (10 points)
Hi All,

I am in the process of ordering an AEBS (current Oct 2009 version) and in reading some extended reviews, I have learned that there is no built in firewall to the unit in handling SPI. Is this something I should be concerned about? I would have thought this would be a good thing to have and it seems to be standard on just about every router out there. However, I can't believe Apple simply overlooked this and there must be a good reason for not being included.

Would appreciate some guidance here as I am now a little worried about this and may need to look elsewhere unless someone can assure this is not a major issue.

Thanks in advance!

Mac Pro, Mac OS X (10.6.5)
  • Vincenzo Baldacchino Level 1 (10 points)
    Any network gurus out there know anything about this...?

  • hyuga Level 1 (0 points)
    Sadly there isn't Firewall on it, however if you have NAT on it, it will block most of the harm away.
  • Vincenzo Baldacchino Level 1 (10 points)
    Thanks for the reply. So NAT will be enough for home use? I just want to make sure it will provide enough security as I don't want to be an easy target on the internet although one would think Apple would have thought of this!
  • hyuga Level 1 (0 points)
    Yep, NAT will be enough for home use, just make sure that NAT is on and its sharing DHCP address to home computer(s).

    Firewall as meaning varies a lot between manufacturers. :/
  • Vincenzo Baldacchino Level 1 (10 points)
    OK - much appreciated!

    Do you know why Apple would not implement an additional Firewall layer (SPI etc.) into the router like most companies do with lesser/cheaper Wireless routers?
  • Tesserax Level 9 (50,586 points)
    The AirPorts only provides a basic NAT-type firewall interface. They do not offer either a SPI-type firewall or an Intrusion Prevention System function. If either of these features are important to you, then you should look at another manufacturer's solution that do.
  • Vincenzo Baldacchino Level 1 (10 points)
    Thanks for the feedback. I was hoping to be convinced differently as I have read nothing but great things about this router but I would sleep a lot better knowing that I have extra layers of security between my LAN and the outside world.

    Unfortunately, I will now be looking at another brand for my needs...

    Thanks all.
  • tbux Level 4 (1,670 points)
    I stopped using a Netgear wireless router which had a hardwall firewall in the form of SPI. It slowed my connection, was vulnerable to DOS attacks and what security it added was not necessary.

    WPA2, NAT and the OS X software firewall on your Mac are sufficient for consumer users. Why would you be targeted by someone capable of breaching all that when there numerous individuals using wireless networks with no or insufficient security?
  • Gerben Wierda Level 1 (135 points)
    Which solutions would be affordable improvements on the basic AE port-forwarding?

    I was thinking that several more intelligent firewalls would be able to handle DOS-attacks, etc. So, what would my most affordable option be if I am serious/paranoid about security?

    And does the AE accept source routed packets? That would be another reason to have a separate firewall, I guess.

    I am moving form a linksys DSL setup to a cable-modem based pure airport extreme setup. And on my LAN there are a few Macs (with firewalls turned on) but also some machines linke bluray players, personal video recorders etc, which all have some sort of basic OS (often Linux) running which I do not trust at all in terms of protection settings and often run old (and thus vulnerable) versions of the core Linux OS. So, I am interested in a decent firewall before or after the NAT of the AE.