OS X server firewall any good / sufficient?


macrumors newbie
Original poster
Feb 8, 2005
Hi all,

After being switched to Apple I have now decided to replace the last Windows part in my network: the Win2000 server. In a few days I will be the proud owner of a nice shiny G5 xserve

I will be using this xserve to host our companies files, our crm software, use its VPN, DHCP, NAT and the firewall. Having learned (and found out in practice) that OS X is so safe I now have to decide wether I will use OS X Server's firewall only or add an additional dedicated stand alone firewall device. I have some average knowledge of running servers but not too deep.

In my current situation I share a firewall with another company in the building as this was absolutely necessary with unsecure windows machines. But I don't have any control over it so I would need to purchase a new firewall.

Is this necessary??? In other words is the firewall software on OS X Server good enough as the sole defence knowing that I will have all my company data on the xserve and don't want anyone having access to these by accident. Or should I absolutely add the extra device?

Any feedback would be greatly appreciated!!!


Sun Baked

macrumors G5
May 19, 2002
Some of the NAT routers have another level of actual firewall capabilities (like the SonicWall and Netgear Firewall Routers) for businesses in addition to their VPN functions.

Of course this means actually subscribing to their yearly update service -- but in addition to their firewall functions they have some simple content filtering services.

However, you'll see huge activity on the Firewall's log if it is connected directly to the outside world until you drop the Firewall behind a simple $30 NAT router.


Moderator emeritus
Mar 16, 2004
Andover, MA
My opinion is that the OS X firewall is sufficiently powerful, however, I'd opt for a separate firewall. Why? Two reasons. First, the true power of the OS X FW is only achieved by using the Terminal app to get at some settings. The prefs windows are a bit simplistic.

Second, a dedicated FW will not only completely offload the processing from your server but will also likely provide much better capabilities (policy management, hardware support, stateful packet inspection, etc).

So, while the OS X FW is great for individual users, I would recommend a dedicated FW for businesses.


macrumors 603
Jul 17, 2004
jsw said:
So, while the OS X FW is great for individual users, I would recommend a dedicated FW for businesses.

A small business might be able to get away without a dedicated Firewall, but because a cheapie router with NAT will work as a firewall (well enough) its better to do it that way. And with Windows it is the only way. Window's new built in firewall hasn't been too good at keeping my computer clean...
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.