Header Ads Widget

Responsive Advertisement

Do You Need to Get a Hardware Firewall?

Do You Need to Get a Hardware Firewall?

Dedicated hardware firewall. Those words might invoke the image of a giant server with loads of processing power fending off an onslaught of viruses and malicious code attacking your network every second. But the reality is not so extreme and it's really not such a crazy idea for an enthusiast home user to get their own specialized firewall hardware device to use in their own home which is what we're gonna go over today talk about, is it viable for someone to do that? Why they might want to do it.

When it comes to a hardware firewall in actuality you probably already have one in your house in the form of your consumer router because most consumer routers even have a firewall built-in. That's pretty basic. It's just going to block everything by default pretty much. But it may have a few advanced settings available such as Port Forward but there are plenty of other more sophisticated firewall devices out there if you do want to go a bit overkill with things and you do have a lot of options in this regard.


Buy a prebuilt proprietary hardware device

So first of all you could buy a prebuilt proprietary hardware device from any number of companies and those are all going to come with the preinstalled firewall operating system that's preconfigured to be guaranteed to work obviously with that particular hardware device that you bought it on. And a couple of examples out there are Untangle and Watch Guard are two popular ones and the one I have in particular is called the Untangled Z4. So that's the one I'll be using in a lot of the examples obviously because I have it.


Own hardware device

The option is to get your own hardware device. And you can usually do this by buying a prebuilt generic one off Amazon. Or you can build your own. You can literally build a mini PC box and run it on there. Or you can even just use an old computer lying around that you're not using now and use it for a firewall. In any of these cases though you will have to go and install a firewall operating system on it yourself such as pfSense or OPNsense.

Now when it comes to pfSense though actually, Netgate is a company that bought that project so it's free and open source but it is owned by a company and they do actually make proprietary hardware devices that are natively supported by pfSense. So for example I have the XG70 100 DT which I've used in the past but you can install pfSense on whatever you want. And actually, with some companies like Untangled, they do actually offer their firewall operating system as a standalone that you can install on your own hardware if you want to.

Now, these devices all typically are able to do the job of a router as well. So while you theoretically could have a dedicated firewall and then a dedicated router separately for basically any home network that would pretty much be double overkill. So usually it just makes sense to have this duty both routing and the firewall stuff because it's a lot easier to manage from one place.


What are the differences between a regular old consumer router even potentially a high-end one and of these hardware firewall devices?

First of all, it's probably going to be a lot more expensive. So while a consumer router might cost like 250 dollars on the high end that's pretty much the starting point of a lot of these dedicated specialized hardware devices. Unless of course you're gonna be building your own and or using an old computer that you already have lying around and then installing open-source that would probably be a lot cheaper if not free.

You also have to consider that a lot of these don't have WiFi so you would have to go out and buy a separate WiFi access point which could cost an extra dollar or more even still.

And Thirdly a lot of these propriety devices have a paid subscription requirement. Now they might be able to do the most basic stuff without the subscription. So it's not like if you don't pay then it's a complete brick. But still for a lot of the more advanced stuff that you would want to buy a more specialized device for do require And that's the whole point though with untangle at least they do have an option for home users which is a lot cheaper than the commercial plans.


2nd major difference

You're obviously going to get a lot more customization with one of these hardware devices as opposed to a consumer router but that also is going to make it a lot more complicated. Consumer routers typically make it extremely easy to set up sometimes requiring no setup at all. And I mean a lot of people probably have never even looked at the router configuration page that they have on the router. Maybe they didn't even know they had one.

And these consumer devices probably have some pretty typical settings about things like DHCP, DNS Port forwarding a basic firewall maybe even some basic VLAN settings on the higher end ones. But with a dedicated firewall that's usually able to at least be used in an enterprise environment. So you can pretty much set up a bespoke network. So you can do advanced configurations about individual hardware ports. You do things like advanced filtering rules, add-ons get really advanced reporting and obviously, we can get a lot more into detail with that sort of thing in a second.

You'll find on a firewall Privacy.com is a service I've actually been using for years. It basically lets you create virtual unique payment cards you can use to buy things online. So one type of virtual card you can create is a So-called burner card which only works once so you don't have to worry about being stolen. And the other type of card is a merchant card which will essentially be locked to the first place you use it. So even if it gets stolen somehow it can't be used anywhere else.

There are also other features you probably won't see with other regular credit cards such as being able to set spending limits for individual charges or by time frame. So you'll never be surprised by accidental double charges or price increases without your consent. They also have a Chrome extension making it easy to automatically create and remember cards for specific websites. And there's also a smartphone app so you can get push notifications for spending for example.

So now onto some examples for features, you might find in these firewalls. In my case, I'm using an untangle device so that's what I'll show you. But these other devices will probably have similar features just with a different interface. Obviously. They basically use Socalled apps to group together major features so you can either pay for apps individually by subscription or you can get a plan. But the home plan lets you have access to most of the apps. One example is the Web filter so you can block all sorts of categories across the network or just block individual sites.

You can then create Super advanced rules for when to block or allow based on any conditions you want. So certain devices can be blocked from certain categories or sites for example. And then you can even use the Policy Manager app to create different rules for applying different policies at different times. There's also the Virus Blocker app for example which can do basic scans on files before they even enter the network though if the file is downloaded via SSL that might complicate things. I'm not going to get into that.

You can also do stuff like advanced Quality of Service and bandwidth control so you can prioritize certain services and certain devices and most consumer routers will probably have basic quality serviceability but nothing this granular and even settings on here that are usually basic settings on consumer devices are a lot more customizable.

Like with DNS you can even set DNS servers to be overridden for individual domains which is interesting. You can't really do that on any consumer router. I know there are actually so many settings in here that if I'm being honest I don't even know what half of them are for which is something to keep in mind if you're gonna be going this route because a proprietary system like Untangle or Watchguard will at least have a good UI that's part of where the price comes from.

But with the open-source option pfSense, it's free and powerful but my God it's a pain to use. And this is especially so if you want to start making a lot of conditional rules. For example, there is no easy way to set up a time-based web filtering rule. I spend a ton of time looking up tutorials and documents and I'm sure theoretically it can be done but it's not worth the effort in my opinion. And there is OPNsense which is based on pfSense which seems to have a better UI but I have not tried that one in particular.

Now another major feature in these devices is the statistics and reporting abilities.

So this is more important if you're going to be running an enterprise or office where you want to be able to see what's going on in a large network and you pretty much can see that with these settings you can do things like see how much bandwidth devices are using for certain websites and even by the application and you can get alerts for specific events you might want to know about like if certain viruses are blocked that sort of thing.


Is it necessary to get a hardware firewall?

Realistically not for the average person. No, not at all. The thing is when it comes to the firewall itself and blocking malicious connections the real benefit is when you're running servers of your own and you need to actually let in some connections and block others. But at home, you're probably not running any public servers open to the world so you probably don't have to open any ports anyway. So it's just blocking everything.

And a consumer router will do just as good a job at blocking everything as an enterprise device. There's not really any nuance. Of course, there are other features that are beneficial like the web filter and the bandwidth control that we mentioned. But you might be able to get some of the basic settings like that out of a consumer router- just not so advanced.
 
And even though these devices have these advanced features if you aren't going to configure them. It's kind of pointless and a lot of people probably don't even know how to do that. So unless you're someone who is just really interested in this type of stuff like myself I definitely do not think you need to go out and spend money on a firewall. Because really your current router probably does all you needed to do at the moment. So I hope you guys found this article helpful let me know what you think down in the comments are you someone who uses a specialized firewall or do you just run a basic Linksys Netgear router or whatever you can let me know down there.

Post a Comment

0 Comments

class='back-top' title='Back to Top'/>