Firewall hardware acts as an invaluable second line of defense for your network, protecting all the systems between an uplink and client system (like a server, employee desktop computer, WFH system or IoT device).
Firewall hardware devices, like CUJO AI Smart Internet Security Firewall and Fortinet FortiGate NGFW are often integrated into routers as part of their design.
1. CUJO AI Smart Internet Security Firewall
The CUJO AI Smart Internet Security Firewall is designed to connect directly to your router via an Ethernet cable and monitor all incoming and outgoing data – helping stop cyber-attacks from targeting devices within your home network, and prevent sensitive information from leaving.
CUJO can also be configured in bridge mode, connecting it between your router and another network device such as another router or Ethernet switch to help reduce double-NAT and increase performance. This solution helps avoid double-NAT restrictions that can reduce double-NAT and boost overall network performance.
GearBrain was able to put this device through rigorous tests and confirmed its functionality as advertised. It features two gigabit Ethernet ports for network connectivity and claims to protect up to 50 devices simultaneously.
Dojo, Rattrap and AKITA cost less hardware-wise but more than Keezel, Cujo and BOX 2. Furthermore, CUJO features parental controls with content filtering; however this feature won’t become available until fall 2016. CUJO can strengthen home network security.
2. Ubiquiti Unifi Security Gateway
The Ubiquiti UniFi Security Gateway (USG) combines effective security features with high-performance routing technology in a wall-mountable form factor, making it the perfect device for small businesses or home networks looking to increase network security and efficiency.
The USG offers an array of networking solutions including gateway, routing, VPN and firewall services as well as threat protection, deep packet inspection and wireless network management via its integrated UniFi Controller software. In addition, its front-facing bay can even be used to record surveillance camera footage if an additional hard disk is inserted.
The USG is equipped with a dual-core 500MHz processor for standard hardware-accelerated performance and comes with gigabit Ethernet ports for connectivity. Remote management can be accomplished using the UniFi Controller app that also manages UniFi switches and access points; additionally it facilitates simple firewall policy configuration through this tool.
3. NetGate pfSense Appliances
NetGate pfSense Appliances provide outstanding performance, versatility, and low total cost of ownership – perfect for home and small office networks requiring outstanding firewall performance, advanced WAN optimization features such as failover capabilities and comprehensive networking features.
The SG-1100 is an inexpensive microdevice from pfSense offering stateful firewall, VPN and routing capabilities at an attractive price point. With passive cooling and low power draw to operate undetected on desktop or wall surfaces and an efficient thermal management system to reduce footprint and noise level; its Dual Core ARM Cortex A53 1.2 GHz processor delivers up to 2.20 Gbps routing throughput as well as 964 Mbps firewall throughput throughput rates respectively.
pfSense open source software has long been recognized as the world’s premier firewall solution with more than 7 Million installations globally across businesses, schools and governments. NetGate pfSense appliances were designed to host this secure solution while offering an intuitive web interface and high throughput performance for large networks – even multi-gigabit LAN environments!
OPNsense Firewall is a free and open source firewall software solution developed on HardenedBSD by Deciso as a fork of the pfSense platform in January 2015. This OS offers advanced features, capabilities and “nerd knobs”, but requires greater technical expertise for installation and administration.
OPNsense provides network flow monitoring, full mesh VPN routing, hardware failover and high-performance traffic shaping features. Furthermore, OPNsense’s firewall comes equipped with a captive portal which enables administrators to set up personalized login pages as well as enforce bandwidth limits for Wi-Fi users.
OPNsense also features an intrusion prevention system (IPS) utilizing multithreaded Suricata instead of its predecessor, Snort, providing anti-virus scanning and malware signature updates as well as performing anti-virus scanning itself. Furthermore, its firewall features aliases which are useful for grouping networks, hosts or ports for easier management as they reduce the number of rules needed and simplify management. Moreover, the web GUI displays both rules and aliases clearly for easier administration of OPNsense configuration.