SOHO Firewall Appliances

View this month's Buyer's Guide

Even if you have a home office or work for a small company, you still need to protect your valuable data and network. Firewalls have become a de facto standard for all organizations—large and small—as a frontline perimeter-based defense against attackers who want to steal your information, hijack your resources, and otherwise vandalize your network. But finding the right kind of firewall can be a daunting task. Not too long ago, companies of all sizes had only two firewall options: basic broadband routers that offered protection almost as a by-product of their ability to share a Network Address Translation (NAT) Internet connection and large enterprise firewalls that cost thousands of dollars and often required networking savvy to properly install.

The firewall market has grown dramatically during the past few years, resulting in many new products that are designed specifically for customers such as small office/home office (SOHO) users. Enterprise firewall vendors that once targeted only large organizations now offer much less expensive firewall products that protect smaller networks. These powerful firewalls retain many of their more expensive brethren's powerful security features. Traditional entry-level broadband routers have also improved their functionality by offering features that once were reserved for more expensive models.

But a $70 broadband router obviously doesn't offer the security features and core firewall technology that a $500 firewall offers. Ultimately, you have to select the product that best fits the network you want to protect. This Buyer's Guide examines firewall appliances that cost $500 or less and target SOHO networks that have 10 and fewer users. Most of the enterprise firewall vendors have released less powerful versions of their large firewall products that are designed for SOHO users and are generally priced at about $500 or less, which is why we choice this price point.

Form Factor

SOHO firewall appliances typically have a small form factor—about the size of a hardback book. They usually have at least two interfaces you use to plug in your external (public) Internet connection and your internal (private) network connection. Most products support SOHO ISP features such as DHCP and Point-to-Point Protocol over Ethernet (PPPoE). They typically default to a NAT configuration, which makes installation easier, and most include wizards to walk you through configuration and setup. More sophisticated (and often more costly) SOHO firewalls often include advanced routing features or extra interfaces that let you create advanced firewall network configurations.

Sophisticated Features

Some SOHO firewall appliances descended from enterprise-class firewalls and retain some of their heritage features. All the products use Stateful Packet Inspection (SPI), which improves security. But SPI effectiveness varies across products, so make sure you review vendors' documentation to see how they implement SPI. Look for NAT and port-forwarding features that complement your network and let your internal computers access the Internet and your Internet customers access specific internal resources, such as your Web and email servers. Although all these products support network-based ACLs, the more sophisticated firewalls provide discrete control over the network traffic that enters and exits the network. The ability to inspect and optionally block network traffic can be useful for identifying and blocking a worm or an unwanted network application or service.

Logging

Blocking network traffic isn't the only important consideration for selecting a firewall, however. The firewall's ability to log network access is also crucial. Logging is an essential firewall feature because it provides important evidence about pending, current, or past attacks. Some products let you view the log in a Web browser or export logs to another application for analysis or archival. Some products alert you to detected suspicious behavior. Intrusion Detection System (IDS) features vary by product.

VPN Support

Some products support site-to-site VPN, and some act as VPN servers that let remote clients securely connect to your network. The accompanying table contains many other related features that you'll want to consider.

Important Protection

Choosing and installing a firewall is essential if you want to make sure that your home or small office is adequately protected. Your network needs to be able to react immediately to an attack, and the right firewall will mitigate attacks and protect your valuable resources.Editor's note: The information in the Buyer's Guide comes from the SOHO firewall vendors, who completed a detailed questionnaire about their products. We tried to contact all the vendors of SOHO firewalls and encouraged them to participate but not all responded.