Firewalls for Home Use
A question I see often is what firewall is the best for a home/residential environment? Before I get into that, we must realize that the majority of non tech-savvy people do not even have a firewall, or they have one but it’s not enabled/configured correctly, or they’re just not sure. In an age where we see more weaponized vulnerabilities and threats year after year – this is a huge problem. The problem though, is as big as an issue for consumers as it is for businesses such as ISPs and network device manufactures.
“Home router firmware hasn’t change much over time. In early 2016, The Wall Street Journal looked at the security capabilities of the top 20 home routers. Only six of those had up-to-date ﬁrmware at that time, and just two of them had good password processes. The recent ASUS settlement with the Federal Trade Commision over the critical security flaws in their home routers is further proof that home router manufacturers don’t take security seriously. Today’s home router selections don’t offer you the ﬂexibility to set up your network the way you see fit. They also don’t provide you visibility into the devices that are connecting to your network“ says Untangle.
There is a wide array of security practices that would probably make you shake your head. Just the other day I was at my parents place and found that the ISP provided modem/gateway’s firewall was set to “NAT only”. The firewall was disabled and it even stated that this was the default option and that enabling the firewall was “optional”. I would highly suspect that this is the default configuration for all of the ISP’s customers. This means the firewall functionality and security legwork is responsibility of the end-device. Scary!
For home/residential use there isn’t too many options for third-party firewalls. Below is a list I’ve compiled that would be suitable and affordable for using at home. All of these firewalls have robust features and are either free or have a discounted licencing for home use.
Home Use Firewalls:
- Sophos UTM / XG (free)
- Untangle (free or $50/year premium)
- pfSense (free)
- Ubiquiti (hardware)
- Cisco Meraki (hardware)
- Cisco ASA (hardware)
Keep in mind that it will take a tech-savvy person to properly deploy and configure any of these into your home network. If you’re that person then I would consider taking a good look at all of the above and decide what would be most suitable for your network. Some are more difficult to deploy than others and some can be run as either hardware (physical) or software (virtual).
I have personally used pfSense, Untangle and Sophos quite extensively over the years. My current preference is Sophos. It’s free. Loaded with features, robust, highly-available and fully supports my personal needs for advanced configuration capabilities (DNSSEC, load balancing, NAT rules, multi-pathing, VPN, end-point protection, etc).
Untangle or pfSense would be my second choices because I have experience with them. Untangle recently launched a new home license for $5 per month or $50 per year which gives you full access to all the features of the firewall, you can also get it for free with a more limited feature set. Not something they had available when I was using Untangle and this makes it more appetizing.
If you’re not comfortable deploying a third-party firewall at least try and check your ISP provided hardware to ensure that security features are enabled and change the default passwords. Otherwise make sure that your end-devices are running some type of anti-virus with firewall capabilities.
Am I missing any firewalls for home use? Have questions or feedback? Let me know in the comments below!