%201fc0a.png "NetgateColorLogoRegisteredRGB.png")
pfSense Fundamentals and Advanced Application
Home broadband use is at an all-time high, as is overall internet use, with 93% of American adults online. And it’s not just in the U.S. Fully 60% of the world’s population actively uses the internet. With a growing cut of that population now working from home, a network firewall appliance is often the best choice to ensure that you, your family, and all of your IoT devices are protected from online threats.
The growing work-from-home model is driving 2021 home firewall purchases up from consumer-grade firewalls to solutions capable of addressing more demanding internet connection needs. Buyers want faster VPN connections to their place of employment and the cloud in general, and a better ability to manage network traffic control and priority.
Employers expect or demand that stronger security measures be utilized to help prevent potential threats from entering their networks. But because the appliance is typically purchased by the home user, consumer-tolerable price points, aesthetics, and ease of use still come into play. Fortunately, there is good news.
There are numerous capable and affordable home-based network security appliances ranging in price from $200 to $600+ that can protect you, your family, and all those with whom you connect - personally and professionally.
A lot can be said about firewalls for sure. We’re focusing on performance as the common thread here because it is the single biggest factor that sets this class of product apart from more commonly used consumer-grade alternatives. One thing to note right upfront though. Some vendors base throughput claims on Iperf, others on IMIX. IMIX is a better “real world” measuring stick than Iperf, and it’s not always stated which standard is being used. So, as you delve in, check the vendor’s fine print for details. We’ll assume most users interested in this article have an internet connection advertised at somewhere between 100 Mbps and 1 Gbps.
Here are five popular options we think buyers often consider.
For buyers in search of a combination of ease-of-use, configuration flexibility, quiet operation, high throughput, and the really necessary elements of security for effective work-from-home, the Netgate 2100 is a solid choice.
The product supports up to 1.5 Gbps of routing speed, 850 Mbps of firewall throughput, and up to 118 Mbps of IPsec VPN throughput (IMIX). Its user-friendly pfSense Plus GUI enables precision configuration of traffic routing, content filtering, load balancing, and IDS/IPS control. No-charge add-in packages address traditional NGFW features including IDS/IPS, website blocking, threat intelligence, etc.
For those who need a quiet solution, especially for videoconferencing - or other work impeded by background noise - the Netgate 2100’s passive cooling solution keeps your unit from overheating without the sound of a fan. While the Netgate 2100 is an ideal solution for the majority of people working from home, there may be some users who need more than the 8 GB of storage that the base unit offers if they enable logging for the firewall or add-on packages. To meet those high storage demands, users may want to opt for the 2100 Max option, which provides 32 GB of storage.
Relative to competitors, Netgate goes for more of an “all in” approach. All firewall routing and VPN software capabilities are included with the purchase of the appliance at no additional charge. The Netgate 2100 is $299 with 8 GB of storage, and $342 with 32 GB of storage.
The Ubiquiti Dream Machine is popular with buyers who lean towards ease of use and want integrated Wi-Fi and switching capabilities. Its Wi-Fi strength comes from its 802.11ac Wave 2 4x4 MU-MIMO for 5 GHz and 802.11n for 2.4 GHz. Its port capacity is 5 GbE ports - 1 WAN and 4 LAN. Ubiquiti does a good job with its GUI - making the install, configure, and ongoing firewall management experience popular with many users.
It also has solid performance claims: 930 Mbps deep packet inspection (DPI) (not IDS/IPS), 850 Mbps DPI with IDS/IPS, and 600 Mbps IPsec VPN throughput. However, many users voice that it comes under some strain when you need to go under the covers with more specialized routing and firewall configuration needs. As a result, it’s not uncommon to see users deploy the Dream Machine for Wi-FI and local device connectivity, but then opt for a separate firewall solution to handle more stringent VPN and security needs. The Dream Machine starts at $299.
Cisco, far better known for its enterprise-class gear, offers its Cisco RV260 for small business and remote office users. However, at this price point, it is a viable contender for upper-end firewall home use. The product is equipped with a single SFP/RJ45 WAN port, and (4) 1GbE RJ45 LAN ports, and claims performance at 800+ Mbps (NAT) and 75+ Mbps (IPsec VPN traffic). At that level of VPN throughput, the RV260 registers towards the low end of performance for this type of firewall - and as with other vendor solutions herein, out-year software features are subscription-based. The RV260 starts at $209.
The SonicWall SOHO 250 is capable of fulfilling robust security and VPN throughput needs in the 200 to 600 Mbps performance range, depending on how many concurrent software features are activated. It is reported to achieve firewall inspection throughput at up to 600 Mbps, application inspection throughput at up to 275 Mbps, IPS throughput at up to 250 Mbps, threat prevention throughput at up to 200 Mbps, and VPN throughput at up to 200 Mbps.
It is equipped with (5) 1GbE ports, but no SFP/SFP+ ports, and no expansion slots. The SOHO 250 starts at $300, but can quickly escalate to $699, depending on software feature licensing.
Fortinet’s FortiGate 30E is a relatively strong firewall option, particularly as its threat protection is powered by Fortinet’s FortiGuard threat intelligence system. This enables the unit to leverage insights into a wide range of malware and other threats on the worldwide landscape. The FortiGate 30E, therefore, gives home users the same protection it provides industry-leading enterprises.
You also get the adequate speed with the FortiGate 30E, which supports 950 Mbps of potential firewall throughput. Your upload and download speeds will take a big performance hit if you choose to use all of its filtering features simultaneously, but you will still get 150 Mbps. For many users, this line of defense is enough to protect their home network, including multiple devices streaming and videoconferencing at the same time, as well as large downloads.
Fortinet’s compact, the affordable firewall comes with enough features to support most home network protection setups. It has one USB port, a console port, one GE RJ45 WAN port, and four GE RJ45 switch ports. The 30E is also controlled by FortiExplorer, which makes setup and configuration straightforward and accessible on iOS devices.
From a performance perspective, the product achieves 950 Mbps of firewall throughput, 300 Mbps IPS throughput, 200 Mbps of full NGFW throughput, 150 Mbps of Threat Protection coverage. The FortiGate 30E base price is around $340 and requires subscriptions after the first year to keep IPS, malware, and Web Filter data feeds up-to-date, usually for less than $100 a year per service. While the FortiGate 30E is towards the upper end of full threat protection, work-from-home buyers may scoff at all of the annual license fees.
Well, our article is titled “5 Popular Work-From-Home Network Firewalls for 2021”. The above are the chosen contenders. That said, the WatchGuard T15 deserves “honorable mention.”
For lower relative bandwidth needs, the Watchguard Firebox T15 may be a fine solution.
The Firebox T-15 is equipped with three 1 GbE ports. Users also get five branch office VPNs and five mobile VPNs, as well as the stateful, and deep packet, inspection many ‘pro’ users appreciate in a firewall. With stateful inspection, the firewall uses an approved, ‘safe state’ as a baseline for checking for anomalies - which could be threats. Deep packet inspection enables the firewall to look beyond the basic header information of data packets, gleaning insights into threats hidden in the packets themselves.
The Firebox T15 works at both 2.4 and 5 GHz frequency bands for more connection options. It also has three gigabit Ethernet ports to set up your LAN and WAN. You can also easily connect to a VPN using a simple drag-and-drop setup feature. Users can get up to 120 Mbps (IMIX) of throughput with firewall protection, 150 Mbps VPN (UDP 1518) throughput, or 46 Mbps VPN (IMIX) throughput.
When all unified threat management (UTM) features are turned on, you’ll experience up to 90 Mbps of filtered content streaming through to your network. At only 7.5” by 6.0”, the Firebox T-15 is a small footprint play that suffices well for low network bandwidth needs. However, for users that may need protection at higher speeds, the Firebox T15 may cause a significant bottleneck in their network.
The Firebox T15 starts at around $360 with one year of Basic Security included, $195 a year after the first year, and around $600 with one year of Total Security Suite included, $406 a year after the first year.
The global movement of workers from office to home has led to a need for a home firewall / VPN solution that outstrips the capabilities of more commonly used consumer-grade appliances. Buyers need solutions that provide greater control over configuration specifics and more effectively match up to their internet connection speed. And, they want devices that are quiet, aesthetically pleasing, and don’t break the bank. A sizable array of solutions are available in the $200 - $600 price range, and a given vendor may even have multiple price-point solutions in that band. The five network firewalls highlighted above, with one honorable mention, offer readers a good cross section of popular options.
Each lives in the space between consumer-grade and heavier commercial-grade segments and makes them solid options for work-from-home professionals. Each has its respective pros and cons across the spectrum of security and VPN feature set, performance (the attribute which most importantly defines this market space), and price - both initial and annual recurring.
Check them out in detail to select the best solution for your household needs, and you’ll be well on your way to creating a safe and performant work-from-home environment.