Would a hardware based firewall be suitable for a home?

Bryan Lam

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
So, recently i've wanted to get rid of all my software firewalls including windows firewall, and Emsisoft firewall which has been implemented into Emsisoft Internet Security. The main reasons for this is that even with customised filters, everything was being scanned and caused massive CPU Usage, I have a gaming PC and having High CPU usage isn't optimal for everyday gamers. I am not looking for another software firewall but alternatively a hardware firewall. I was looking for something with a basic UI, that isn't that expensive.

Some people may be thinking by now, this guy is crazy! Why would he need a firewall for home? Well the amount of times a partly non intrusive firewall will save me is countless.

I was looking at the following

Cisco PIX 501 Firewall Bundle, PIX-501-BUN-K9-Newegg.com

New in Box Fortinet FortiWifi-60B VPN Firewall Security Appliance fwf-60b-Newegg.com

I am literally uneducated in terms of hardware firewalls and most networking related hardware apart from routers and such basic things.

Thank you for reading,

~ Bryan
 
  • Like
Reactions: AtlBo, Deleted member 2913, askmark and 1 other person
Bryan Lam

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
No, I was using windows firewall at the start, that slowed down everything drastically, then i used Emsisoft IS which ate up all my CPU. I do have an i7 6700k so i don't know why performance would go down but asides from this, i've given up on software firewalls.
 
  • Like
Reactions: AtlBo, Deleted member 2913, askmark and 1 other person
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Bryan Lam said:
No, I was using windows firewall at the start, that slowed down everything drastically, then i used Emsisoft IS which ate up all my CPU. I do have an i7 6700k so i don't know why performance would go down but asides from this, i've given up on software firewalls.
Click to expand...
something was going wrong over there. a firewall is not supposed to do that. I am sure other people will jump into this discussion and help to troubleshoot.

by the way, if you are behind a home router, and it is properly configured, you don't really need a firewall at all, unless you want to have granular control over how your apps connect to the internet.
 
  • Like
Reactions: AtlBo, Deleted member 2913 and askmark
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
You don't need a hardware firewall, you need to diagnose why your security software is using so much cpu.
Windows firewall should have little to no impact on cpu usage. However Windows Defender can be a cpu hog.
When you're experiencing high cpu usage you need to identify which process is using the most cpu.
 
  • Like
Reactions: AtlBo and Deleted member 2913
Bryan Lam

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
I know I have to diagnose it but the main issue that arises is the fact that i always disable my firewall and such before gaming just in case i get interrupted or anything. I'd honestly prefer to buy a hardware firewall, mainly for a higher sense of security.
 
  • Like
Reactions: AtlBo, Deleted member 2913 and askmark
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Bryan Lam said:
I know I have to diagnose it but the main issue that arises is the fact that i always disable my firewall and such before gaming just in case i get interrupted or anything. I'd honestly prefer to buy a hardware firewall, mainly for a higher sense of security.
Click to expand...
Okay I was simply suggesting what I would do if I was in your position.
I think a hardware firewall is overkill if you only have one device to protect - unless you do have more?
The two models you are considering are both good firewalls. I would say the Fortinet device would be easiest to use if you have very little experience of configuring firewalls. Cisco is much more complicated IMO.
I use Fortigate devices at work so if you want advice or help you can always PM me.
 
  • Like
Reactions: AtlBo, Deleted member 2913 and shmu26
Z

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
YES YES YES you should buy a hardware firewall.

Consumer modems/routers are garbage. Even when you spend $300+ on a consumer model they are filled with vulnerabilities and exploits.

First I need to know how much is your budget? Your budget will be the biggest factor in choosing a enterprise grade router.

Enterprise firewalls work on a subscription mode for AV/IPS/URL REPUTATION services. You can buy 1/2/3 year subscriptions.

You will need a subscription to receive importnant future firmware updates. Subscriptions can cost anywhere from $100 to $25,000 a year

Both those models you listed the Cisco Pix & Fortinet 60B are end of life models. New better models have replaced them.

I would look into these models first:

Fortinet 60E/61E uses a new powerful asic cpu and has a throughput of 3Gbps. You can buy a new 60E/61E with a 1 year subscription package for around $600/$700 on cdw.com/amazon.com/ebay.com. I have used Fortinet 61E firewall's in production environments and they destroyed the old Cisco routers for price/performance ratio.

Cisco ASA 5506 with Firepower services or Cisco 5508 with Firepower services. Solid units that scored the best protection on Gartner's Firewall protection test. Cisco you always pay a premium so they are much more expensive than other models. You do get great community support and you can talk to customer service reps 24/7.

Barracuda NextGen Firewall X-Series X50/X100. Barracuda is known for it's spam gateways and filters but they make excellent network gear too. I haven't used them in a production setting before but I've only heard good things.

Cisco Meraki 64W. Meraki's are cloud based. I've deployed a few Meraki's firewalls and AP's and you just configure them through the cloud console Cisco provides you with. Easy to setup and maintain. You can find great deals on eBay for a Meraki 64 with a 3 year year cloud subscription for around $400.


You can also look at Juniper, Sophos, Checkpoint, SonicWall, and Pan Alto firewalls. I've worked with most of them over the years but they are at the bottom of the list on what firewall I would buy.
 
  • Like
Reactions: Handsome Recluse, AtlBo and RoboMan
askmark

askmark

Level 12
Verified
Top Poster
Well-known
Aug 31, 2016
578
Zero Knowledge said:
YES YES YES you should buy a hardware firewall.

Consumer modems/routers are garbage. Even when you spend $300+ on a consumer model they are filled with vulnerabilities and exploits.

First I need to know how much is your budget? Your budget will be the biggest factor in choosing a enterprise grade router.

Enterprise firewalls work on a subscription mode for AV/IPS/URL REPUTATION services. You can buy 1/2/3 year subscriptions.

You will need a subscription to receive importnant future firmware updates. Subscriptions can cost anywhere from $100 to $25,000 a year

Both those models you listed the Cisco Pix & Fortinet 60B are end of life models. New better models have replaced them.

I would look into these models first:

Fortinet 60E/61E uses a new powerful asic cpu and has a throughput of 3Gbps. You can buy a new 60E/61E with a 1 year subscription package for around $600/$700 on cdw.com/amazon.com/ebay.com. I have used Fortinet 61E firewall's in production environments and they destroyed the old Cisco routers for price/performance ratio.

Cisco ASA 5506 with Firepower services or Cisco 5508 with Firepower services. Solid units that scored the best protection on Gartner's Firewall protection test. Cisco you always pay a premium so they are much more expensive than other models. You do get great community support and you can talk to customer service reps 24/7.

Barracuda NextGen Firewall X-Series X50/X100. Barracuda is known for it's spam gateways and filters but they make excellent network gear too. I haven't used them in a production setting before but I've only heard good things.

Cisco Meraki 64W. Meraki's are cloud based. I've deployed a few Meraki's firewalls and AP's and you just configure them through the cloud console Cisco provides you with. Easy to setup and maintain. You can find great deals on eBay for a Meraki 64 with a 3 year year cloud subscription for around $400.


You can also look at Juniper, Sophos, Checkpoint, SonicWall, and Pan Alto firewalls. I've worked with most of them over the years but they are at the bottom of the list on what firewall I would buy.
Click to expand...
The two firewalls he's looking at are both less than $100. I'd be very surprised if his budget stretched to the cost of a new device costing $700... a year.
 
  • Like
Reactions: AtlBo and shmu26
Z

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
askmark said:
The two firewalls he's looking at are both less than $100. I'd be very surprised if his budget stretched to the cost of a new device costing $700... a year.
Click to expand...

And those models he listed are end of life. No more security updates. No more firmware updates. Waste of money.

Who knows what his budget is? That's why I asked how much did he want to spend :)

You want good protection? You have to pay for it with security firewall's. You get what you pay for in the end.

shmu26 said:
a home user does not need expensive firewall/network protection.
Click to expand...

Sorry but your wrong in so many ways. Attitudes like yours is why consumer grade routers have terrible security.
 
  • Like
Reactions: AtlBo
Bryan Lam

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
First off, I do apologise if i sounded extremely "on edge" in my last post. I thank you all for your help n
Zero Knowledge said:
And those models he listed are end of life. No more security updates. No more firmware updates. Waste of money.

Who knows what his budget is? That's why I asked how much did he want to spend :)

You want good protection? You have to pay for it with security firewall's. You get what you pay for in the end.



Sorry but your wrong in so many ways. Attitudes like yours is why consumer grade routers have terrible security.
Click to expand...
You can't put a price on security :)
 
  • Like
Reactions: AtlBo and RoboMan
woodrowbone

woodrowbone

Level 10
Verified
Dec 24, 2011
480
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W
 
  • Like
Reactions: AtlBo and Myriad
Bryan Lam

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
woodrowbone said:
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W
Click to expand...
Do I need 2 network cards for home iso?
 
  • Like
Reactions: AtlBo
Myriad

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
woodrowbone said:
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W
Click to expand...

Good post !

But that thing with needing two NICs is a real PITA if the only spare hardware you have lying around is old laptops :)

I would love to put pfSense on one of my old 32-bit machines , but I would have to rip out some unneeded gizzards ,
and then hack some extra holes in the case ....
 
  • Like
Reactions: AtlBo
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
The best set up imo would be Sophos free for home use firewall. With the free software, you can make your own firewall for your entire network:

https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

It requires a dedicated PC as the firewall is the OS for the computer that it is installed onto. There is fairly decent support with YouTube videos, but there is a learning curve involved. However, when you remove the expertise of the security programmers from the system (remove their programs), then I guess one should expect to have to do some research to replace that with something. :)

I really want to do this. Maybe it's not necessary, but I like the idea, and it does seem like a great option for a gamer.
 
You must log in or register to reply here.

Similar threads

Ink
    • Like
Serious Discussion How to Build your own Next-Generation Firewall (NGFW) at Home
Replies
0
Views
1,031
Hardware Discussions
Ink
Ink
eonline
    • Like
Advice Request The best Firewall distribution for a 32-bit cpu?
Replies
4
Views
865
ChromeOS & Linux
ForgottenSeer 72227
F
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
Jensd: Upgrade to Windows 11 22H2 on unsupported hardware
Replies
11
Views
1,608
Windows 11
anirbandutta01
anirbandutta01

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top