firewall recommendation

zerochilly

n00b
Joined
Apr 24, 2017
Messages
13
Hi, I'm in the market for a new firewall and I'd like to hear the community recommendations.

I have checked out a bunch of hardware firewalls and I think I have narrowed it down to Fortigate and Zyxel. I would like a fully featured hardware firewall that has VPN capabilities so I can connect remotely, but I would also not like to have to purchase a yearly support contract (cisco and fortinet).

I have used a few different manufacturers firewalls in that past, but i have no loyalty to any particular brand. I just need something for my home office and would not like to have to subscribe to something in order to get updates until the product is end-of-life.

My home internet is 100mbps and i have a separate wifi AP. So whatever firewall I get does not need wifi.

What would you all suggest I look into? I really love the fortigate firewalls but I will not spend $300+ for the firewall and then another $250 for a 3-year contract for updates for it. I think I can do much better by purchasing something in the same price range that includes updates, and then purchase some other device in 3 years that will have more features.

Thanks for your help!
 
Ya the fortigate is overkill for home network firewall.

Get an Ubiquiti USG Unified Secure Gateway. I just recently got one, and its great. Its a small package but built well. Plenty fast for your 100mb connection (I have 200mb int).

You can control it with either using ssh CLI, or the Ubiquiti controller web.

What I like about it, is the DPI (deep packet inspection), and the web controller software you can see all the stats. Free updates, no support contract.

Oh and its cheap too, only paid $111 for it. https://www.amazon.com/gp/product/B00LV8YZLK/ref=ox_sc_sfl_title_1?ie=UTF8&psc=1&smid=A2BCS1LJ2I36L4

gXMSYr9kso83EbiatFFeJSS7GE-UObZQgkPZ54iuvNBZhaxOE8n0pvwsCIY9c0F1tX9-Hur-J56WLtREU73Tvuh7tztk13EGBHr9xq0dTSAmPpi9cWARn6qa7p7zYzBcoGzKyeR_G_wNIgOPBNFkCYsz3lAqxuBfMGpkpA_DFy6khkBQelhXwSOXeVzxoPDuXdztugTjjY8ZBEJUfslFY480LXJwfW9IzuAXaqOYOJ7ixuBhz1hgA8ncow23od-vaBimceY5nJzBhhWExKt6EhwCmi14ZJMwIttq-ANnPFt6kUiH1qilWbXF55RfSWGahFOU61ad5h9U3-xDIjC2V6u7mkqC_Fl9lgWJ2kx2sznayu5Qrb7HFyW9FXD7Izs81RN8l9m0Y2fPJlr-BcqrddC5G1VVnvVs6PnDzsfVOXqRL410M4-wlDsuXPYnEPJPLNGFKaKCrQPwohI0T1ova8yzt77rJHxknmORRuodUo8A0FpM11zFit9cRhWGzdLNjNUGxISA_c_FBhrxjSuXi71rVbbqSSSVy3BSA3qdMYUU1fnXHf-v8WvT9o0yCJ0sxNsPXq0D8E6qDP24xHtMtPtrORKp8LvCx0NtEKN8BfufabcdIo02=w1793-h971-no


4AzbgGkFinAWbU7uyzaiYISSPLIt9mIccHwh5M1y6_6Jph91Pd7S8EOnkJ6RO-kDhYVZcEl4ezquW_pBLV932zyxyRyE5z3p6OkZOm80TvRW9MwpbzS1G8Gwyox68oNycU3w-xewamTmnogpDDpIk08EdoM1XobRnumg6R3OVBClFuzf8Vq8Q4-JIuTxNFWFT1cquM_EgX9hBfo7zHrpkq8pZnYjL7V1hGkkNC7BCFVc_11RNk8QIK4VfPYQK_ursPXJfreUI2g6648yyPk3-w3ZVXy0qMpWRb4ZjV0glAFFY0WStEmbA-itOTipdLGCjN3WYApzqrrnG4gwboiRLpNbJ3wH4LgM9C3CbMjlL6fS5PEqaeRpDuY0QdRNISm1jmviBYWb65Qe6w6i29q6264G2SDSqZhWe_eBT6M87V_YmrQdoAvh2ldk1jVFNSGDRKoJiJMFysT09JDCBnJute7wrenuydT2_PsBKhAOnLzytnPYnQ0XSV_fKTXfrjz0DuFNMz_wsScmJ0jCEEb8zy-JnVLxyozcegJ6QwFy0Jy2KW19BC9ah5wW-f3B2KNQ0RRLGqCNdmtBz7M5I6zS-r76ePLL4nHEn4GD8b8-XmFOFc121H1j=w732-h834-no
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
excellent, thank you for the recommendation. i have one on the way now :)

Sweet, let us know what your experience is with it. If you need any config, command help, etc. It runs Linux, but has similar commands to Junos.

After you get it setup.

To create a User based vpn connection. Using the Controller software.

Go to settings, Network. Add new network.

rpAJ6inD6USJ2nQ9rdh816jLmx6wdOa176ZIfYH4lPrktIrcWkSMC04uuqWS6EHocEMKoXb-lsIodZLIEMwwOUUmDX7kwAZ_KNMs1Z4o9XS8h_0L91e7Uj-gUhEz80-4sGYTQF123lcz8xuQqKLJ3oidE_dek-Imr_PMDaLknC_PsKUKIiDgSQz1VeKeYv21iawcEWofK7n9bxqvQhCAZNh3MqIOSShY9sWg8g_nIt-7h7N7-MR5EuFQd4FdpJX1wTfYpruAmz8fTI0gT4FIc2Ty6O6q1vqNwFlgXa7ZNfzTbYbpfM8-M9XPdG3W0tnd8Xyj3lRtr7ocZ_ag07TMBjWoMYgYnQGkK9PdP4uNFeb27E_3OVeBhe9b3DzuyMjdQLc6auGaOvJfuNBRh27toOnAWBDtGqQ7ZXne4SOdmADYgyMRmxWr0fJmunsLH2w9ghymfvmRXqgQVf_kXGKRepSioE1vaz6ic7J3IekT2lmykkg8CAX8Jj374afulLrMy8JglW52LxjeO3r5-_-bpgD2QwVYMDpMsLdHqL8YpQIdhdpzdO1SI-6xCNQwyVfRBQf1_Dhg9HkEv4Hxbic0z27W0P02tvFeMMbFB6KW0nJm-ScDoOPV=w1793-h967-no
 
Last edited:
i'm familiar with linux and bsd just rusty.

i read somewhere that i can put the controller software on an amazon AWS server.... do you know anything about that? Or is it okay to run on one of my pc's at home? if the controller goes down/offline/etc i presume that the firewall retains its config and still works.. fingers crossed! :D
 
Yes just run the controller software on your pc at home. Its only needed for changes, and monitoring, so everything on the USG will run with your current settings.

Also you can ssh to the USG, without needing the controller software.
 
i'm familiar with linux and bsd just rusty.

i read somewhere that i can put the controller software on an amazon AWS server.... do you know anything about that? Or is it okay to run on one of my pc's at home? if the controller goes down/offline/etc i presume that the firewall retains its config and still works.. fingers crossed! :D

Yes, you can run it on AWS, and yes the config is retained. I currently have my home controller on this exact setup, and it's been flawless.

https://help.ubnt.com/hc/en-us/arti...UniFi-Cloud-Controller-on-Amazon-Web-Services
 
well so far i've been impressed with this USG! right now i have the controller running on a windows pc but would like a more permanent solution so maybe AWS is the ticket.

i have not tried setting up the VPN yet but it looks like it should be fairly straightforward.

oh, and for anyone else new to this, my unit came with the Lan1 and Wan1 ports, and a third port (not VOIP like in the docs) for Lan2/Wan2. don't make the mistake and think that even if you configure the port as Lan2, that it means "Lan1, port 2" lol. It took me a while to realize that it's really a whole separate Lan on Lan2.... :D
 
Very nice, glad you like it. Its a pretty nice and cheaper solution than that fortigate you were considering.

Yep those Lan ports are basically like separate vlans.
 
heh, i thought about pfsense but i decided against it because i knew that i'd be constantly tinkering with it and ultimately have it down more than up lol. :D
 
I'm a home user with 75mb/s cable service, and need to upgrade my firewall / router as well. Looking at Ubiquity USG, but the EdgeRouter X is half the price and seems to be more powerful... Reading their forums, it looks like a refresh is coming next month. So much to read!
 
I'm a home user with 75mb/s cable service, and need to upgrade my firewall / router as well. Looking at Ubiquity USG, but the EdgeRouter X is half the price and seems to be more powerful... Reading their forums, it looks like a refresh is coming next month. So much to read!

funny you should mention that, i came back just now to post the same thing. wondering what everyone thinks of their EdgeRouter line? the ER lite is still around $100 but does not need the controller app to configure - it has its own web interface and CLI of course. for $100 i'm considering buying it to play with, and putting the USG in my parents' house.
 
Back
Top