In the market for a physical hardware firewall. Suggestions?

I have a 250ish budget and i'm not a business just a home owner that has been constantly barraged by someone or some people over a year and i'm finally ready to invest in a firewall. I use malwares firewall controller on the software firewall side but I have no hardware firewall. I've heard SOPHOS XG is great but I have little experience. Id like to have all the new features that make older firewalls obsolete. Anyone? ideas? 

External Firewall is useless, microsoft defender has built-in firewall and its the best and its free.

Not with the persistent threat actors i'm dealing with. I need every single advantage I can get. an OS based firewall is NOTHING if i'm under an OS hijack scenario. Elevated privileged remote connected actors can bypass that easily. Not so much a hardware firewall.

Edited by CarrotKomii, 17 May 2021 - 09:29 AM.

Not with the persistent threat actors i'm dealing with. I need every single advantage I can get. an OS based firewall is NOTHING if i'm under an OS hijack scenario. Elevated privileged remote connected actors can bypass that easily. Not so much a hardware firewall.

If youre so worried about elevated privelege/bypass exploits then use an standard user account, it additionally nullifies 94% of exploits targeting Windows.

Edited by EmanuelJacobsson, 17 May 2021 - 09:37 AM.

Hi

As you budget is quite low, I would look to a software based filewall. I quite like pfsense. (www.pfsense.org). Put two network cards in an old PC and that will give you full control about what traffic flows between the outside and inside of your LAN.

If you had a bigger budget, I would look at Juniper boxes (maybe and SRX300) and an old favourite of mine, the Firebrick (https://www.firebrick.co.uk)

Incidentally, you DO need a firewall, Microsoft defender is not the best, for example, it can't resolve/reverse DNS, it can't even geo-code your IP traffic. Firewalls are much more that creating NAT rules - A firewall has to be able to rip open and analyse in real-time ever single packet entering and leaving your network.

Also, and sorry for being blunt but if you network, systems and data are important, could you not extend the budget to something more than the cost of a decent office chair?

Anyway, good luck with your project.

Lots of info and some tests you can run to check vulnerability of your present setup at GRC | ShieldsUP! — Internet Vulnerability Profiling

You can purchase any number or former enterprise servers or desktop machines that can run pfSense for around $100-150. Would be perfect for what you're asking. Dell R210 or R220 can be found on eBay all day long and does great with pfSense. There's one on there right now for $160 with 8GB ram, done.

Use a Linux firewall on an older refurbed desktop, add an extra network card (or use it's WiFi or add a WiFi dongle for networking to your LAN) and install a free Linux firewall.

 Best Free Linux Firewalls Of 2022 | TechRadar

Use something like this....$1 - $250 Desktop Computers | Newegg.com

Features to look for should be antivirus scanning (maybe expensive), stately packet inspection of connections, IP blocklists, spam/phishing filter (free filters) and maybe some form of advertisement filter to keep malware ads out.

Edited by 0lds0d, 13 May 2022 - 02:54 PM.

What Emmanuel said. And I also second (third?) the recommendation

for something *nix-based. Personally, from everything I've read, I'd

go with the free version of PFSense. It really is quite excellent and

there's a lot of room to grow.

The learning curve is significant, though. Not difficult, it's just not

as simple as your average home router. I only used it once years ago,

but very powerful and pretty intuitive interface for what it does.