Would a hardware based firewall be suitable for a home?

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
So, recently i've wanted to get rid of all my software firewalls including windows firewall, and Emsisoft firewall which has been implemented into Emsisoft Internet Security. The main reasons for this is that even with customised filters, everything was being scanned and caused massive CPU Usage, I have a gaming PC and having High CPU usage isn't optimal for everyday gamers. I am not looking for another software firewall but alternatively a hardware firewall. I was looking for something with a basic UI, that isn't that expensive.

Some people may be thinking by now, this guy is crazy! Why would he need a firewall for home? Well the amount of times a partly non intrusive firewall will save me is countless.

I was looking at the following

Cisco PIX 501 Firewall Bundle, PIX-501-BUN-K9-Newegg.com

New in Box Fortinet FortiWifi-60B VPN Firewall Security Appliance fwf-60b-Newegg.com

I am literally uneducated in terms of hardware firewalls and most networking related hardware apart from routers and such basic things.

Thank you for reading,

~ Bryan
 

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
No, I was using windows firewall at the start, that slowed down everything drastically, then i used Emsisoft IS which ate up all my CPU. I do have an i7 6700k so i don't know why performance would go down but asides from this, i've given up on software firewalls.
 

shmu26

Level 85
Verified
Helper
Top poster
Content Creator
Well-known
Jul 3, 2015
8,155
No, I was using windows firewall at the start, that slowed down everything drastically, then i used Emsisoft IS which ate up all my CPU. I do have an i7 6700k so i don't know why performance would go down but asides from this, i've given up on software firewalls.
something was going wrong over there. a firewall is not supposed to do that. I am sure other people will jump into this discussion and help to troubleshoot.

by the way, if you are behind a home router, and it is properly configured, you don't really need a firewall at all, unless you want to have granular control over how your apps connect to the internet.
 

askmark

Level 12
Verified
Top poster
Well-known
Aug 31, 2016
579
You don't need a hardware firewall, you need to diagnose why your security software is using so much cpu.
Windows firewall should have little to no impact on cpu usage. However Windows Defender can be a cpu hog.
When you're experiencing high cpu usage you need to identify which process is using the most cpu.
 

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
I know I have to diagnose it but the main issue that arises is the fact that i always disable my firewall and such before gaming just in case i get interrupted or anything. I'd honestly prefer to buy a hardware firewall, mainly for a higher sense of security.
 

askmark

Level 12
Verified
Top poster
Well-known
Aug 31, 2016
579
I know I have to diagnose it but the main issue that arises is the fact that i always disable my firewall and such before gaming just in case i get interrupted or anything. I'd honestly prefer to buy a hardware firewall, mainly for a higher sense of security.
Okay I was simply suggesting what I would do if I was in your position.
I think a hardware firewall is overkill if you only have one device to protect - unless you do have more?
The two models you are considering are both good firewalls. I would say the Fortinet device would be easiest to use if you have very little experience of configuring firewalls. Cisco is much more complicated IMO.
I use Fortigate devices at work so if you want advice or help you can always PM me.
 

Zero Knowledge

Level 7
Dec 2, 2016
321
YES YES YES you should buy a hardware firewall.

Consumer modems/routers are garbage. Even when you spend $300+ on a consumer model they are filled with vulnerabilities and exploits.

First I need to know how much is your budget? Your budget will be the biggest factor in choosing a enterprise grade router.

Enterprise firewalls work on a subscription mode for AV/IPS/URL REPUTATION services. You can buy 1/2/3 year subscriptions.

You will need a subscription to receive importnant future firmware updates. Subscriptions can cost anywhere from $100 to $25,000 a year

Both those models you listed the Cisco Pix & Fortinet 60B are end of life models. New better models have replaced them.

I would look into these models first:

Fortinet 60E/61E uses a new powerful asic cpu and has a throughput of 3Gbps. You can buy a new 60E/61E with a 1 year subscription package for around $600/$700 on cdw.com/amazon.com/ebay.com. I have used Fortinet 61E firewall's in production environments and they destroyed the old Cisco routers for price/performance ratio.

Cisco ASA 5506 with Firepower services or Cisco 5508 with Firepower services. Solid units that scored the best protection on Gartner's Firewall protection test. Cisco you always pay a premium so they are much more expensive than other models. You do get great community support and you can talk to customer service reps 24/7.

Barracuda NextGen Firewall X-Series X50/X100. Barracuda is known for it's spam gateways and filters but they make excellent network gear too. I haven't used them in a production setting before but I've only heard good things.

Cisco Meraki 64W. Meraki's are cloud based. I've deployed a few Meraki's firewalls and AP's and you just configure them through the cloud console Cisco provides you with. Easy to setup and maintain. You can find great deals on eBay for a Meraki 64 with a 3 year year cloud subscription for around $400.


You can also look at Juniper, Sophos, Checkpoint, SonicWall, and Pan Alto firewalls. I've worked with most of them over the years but they are at the bottom of the list on what firewall I would buy.
 

askmark

Level 12
Verified
Top poster
Well-known
Aug 31, 2016
579
YES YES YES you should buy a hardware firewall.

Consumer modems/routers are garbage. Even when you spend $300+ on a consumer model they are filled with vulnerabilities and exploits.

First I need to know how much is your budget? Your budget will be the biggest factor in choosing a enterprise grade router.

Enterprise firewalls work on a subscription mode for AV/IPS/URL REPUTATION services. You can buy 1/2/3 year subscriptions.

You will need a subscription to receive importnant future firmware updates. Subscriptions can cost anywhere from $100 to $25,000 a year

Both those models you listed the Cisco Pix & Fortinet 60B are end of life models. New better models have replaced them.

I would look into these models first:

Fortinet 60E/61E uses a new powerful asic cpu and has a throughput of 3Gbps. You can buy a new 60E/61E with a 1 year subscription package for around $600/$700 on cdw.com/amazon.com/ebay.com. I have used Fortinet 61E firewall's in production environments and they destroyed the old Cisco routers for price/performance ratio.

Cisco ASA 5506 with Firepower services or Cisco 5508 with Firepower services. Solid units that scored the best protection on Gartner's Firewall protection test. Cisco you always pay a premium so they are much more expensive than other models. You do get great community support and you can talk to customer service reps 24/7.

Barracuda NextGen Firewall X-Series X50/X100. Barracuda is known for it's spam gateways and filters but they make excellent network gear too. I haven't used them in a production setting before but I've only heard good things.

Cisco Meraki 64W. Meraki's are cloud based. I've deployed a few Meraki's firewalls and AP's and you just configure them through the cloud console Cisco provides you with. Easy to setup and maintain. You can find great deals on eBay for a Meraki 64 with a 3 year year cloud subscription for around $400.


You can also look at Juniper, Sophos, Checkpoint, SonicWall, and Pan Alto firewalls. I've worked with most of them over the years but they are at the bottom of the list on what firewall I would buy.
The two firewalls he's looking at are both less than $100. I'd be very surprised if his budget stretched to the cost of a new device costing $700... a year.
 
  • Like
Reactions: AtlBo and shmu26

Zero Knowledge

Level 7
Dec 2, 2016
321
The two firewalls he's looking at are both less than $100. I'd be very surprised if his budget stretched to the cost of a new device costing $700... a year.

And those models he listed are end of life. No more security updates. No more firmware updates. Waste of money.

Who knows what his budget is? That's why I asked how much did he want to spend :)

You want good protection? You have to pay for it with security firewall's. You get what you pay for in the end.

a home user does not need expensive firewall/network protection.

Sorry but your wrong in so many ways. Attitudes like yours is why consumer grade routers have terrible security.
 
  • Like
Reactions: AtlBo

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
First off, I do apologise if i sounded extremely "on edge" in my last post. I thank you all for your help n
And those models he listed are end of life. No more security updates. No more firmware updates. Waste of money.

Who knows what his budget is? That's why I asked how much did he want to spend :)

You want good protection? You have to pay for it with security firewall's. You get what you pay for in the end.



Sorry but your wrong in so many ways. Attitudes like yours is why consumer grade routers have terrible security.
You can't put a price on security :)
 
  • Like
Reactions: AtlBo and RoboMan

woodrowbone

Level 10
Verified
Dec 24, 2011
489
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W
 
  • Like
Reactions: AtlBo and Myriad

Bryan Lam

Level 3
Thread author
Verified
Well-known
Apr 19, 2015
130
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W
Do I need 2 network cards for home iso?
 
  • Like
Reactions: AtlBo

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
Untangle is great, the whole business package for only 50$ a year if you are a home user.
If you do not want to buy any of the appliances you can install their free ISO on a older computer with two nics and off you go, very simple.

/W

Good post !

But that thing with needing two NICs is a real PITA if the only spare hardware you have lying around is old laptops :)

I would love to put pfSense on one of my old 32-bit machines , but I would have to rip out some unneeded gizzards ,
and then hack some extra holes in the case ....
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Verified
Top poster
Content Creator
Well-known
Dec 29, 2014
1,723
The best set up imo would be Sophos free for home use firewall. With the free software, you can make your own firewall for your entire network:

https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

It requires a dedicated PC as the firewall is the OS for the computer that it is installed onto. There is fairly decent support with YouTube videos, but there is a learning curve involved. However, when you remove the expertise of the security programmers from the system (remove their programs), then I guess one should expect to have to do some research to replace that with something. :)

I really want to do this. Maybe it's not necessary, but I like the idea, and it does seem like a great option for a gamer.