Auvik Network Monitoring

Best Small Business Firewalls

Best Small Business Firewalls

Diego Asturias

Finding the proper firewall within this massive and competitive firewall market can be an overwhelming experience. But, don't worry, somewhere out there is the right firewall for your specific needs and budget.

In this post, we will help you find it. We will show you how to find the proper firewall, what to look for, and reveal the top seven hardware small business firewalls suitable for home and small offices.

Here is our list of the best hardware firewalls for your small or medium-sized business:

  1. SonicWall TZ400 Security Firewall A pricier NGFW with SD-WAN capabilities and built for SMBs and branch offices.
  2. FortiGate 30E (FortiWifi 30E) An entry-level application-centric Secure SD-WAN NGFW appliance designed for small offices.
  3. Cisco Meraki MX64/MX64W An entry-level desktop form factor NGFW and secure SD-WAN appliance designed to support up to 50 clients.
  4. WatchGuard Firebox T15 A small form factor security appliance with central UTM capabilities, VPN, and authentication.
  5. Netgate 1100 pfSense+ Security Gateway A compact factor security gateway powered by the pfSense Plus software.
  6. Sophos XG86(W) An entry-level NGFW designed for enterprise-class visibility, protection, and response.
  7. Ubiquiti UniFi Security Gateway A small form factor affordable firewall solution with integration to UniFi Controller.

Firewalls – More than what you think

A firewall is the first line of defense on any network. Whether software, virtual, as-a-Service, or hardware-based, this network security component is vital for protecting your network from threats.

What many people neglect about firewalls (refer to the diagram below) is that they do not only protect an internal network from external threats coming from public networks (inbound traffic), but they also protect the outbound traffic from leaving an internal network. For instance, a firewall stops Malware or any application from opening ports and establishing communication to the outside. But it also protects internal networks from unknown and unwanted external traffic.

The firewall monitors both inbound and outbound traffic. It either blocks (discards packets) or allows them to go through using a list of predefined rules. 

Inbound - Outbound Firewall

How to Choose the Right Firewall?

Why Should a Small Business Use a Firewall?

Unfortunately, most businesses implement cybersecurity measurements until it is too late. They suffer from an incident—a data breach, Malware infection, an intrusion, or even a DDoS attack, and thus learn from mistakes. According to the Accenture Cost of Cybercrime report, 43% of the cyber attacks are aimed at small businesses. And what's more surprising is that only 14% are prepared with suitable cybersecurity measures to defend themselves.

And precisely, these stats are what attract hackers to target small offices and remote locations. —they are easy targets, which usually have poor (or no security) measurements.

Which type of firewall should a Small Business go for?

If you are on your quest to purchase a commercial-grade firewall to secure your network, you may have crossed paths on a few alternatives, especially software or hardware-based.

Which one to choose?

Well, it all depends on what assets are you protecting? And from what are you protecting them from?

You can install a software-based firewall to protect your PC or mobile from outside threats. But a software-based firewall will be limited to its host. On the other hand, a hardware firewall protects all devices, including workstations, mobiles, printers, lock systems, IoT devices, or anything connected to the network. Plus, hardware firewalls have a much higher performance than software.

What to Look For in a Hardware Firewall Device?

When looking for a small office home office firewall, consider getting an “entry-level” hardware firewall suitable for 50 endpoints (as a small office network size ranges between 25-50 endpoints). In addition, look for small form factor appliances designed for small spaces. At the basic level, firewalls should always provide packet filtering or stateful inspection.

The following are some additional features, capabilities, or options to look for in modern firewalls:

  • Next-Generation Firewalls (NGFW) perform the standard tasks of a regular firewall but can filter packets at the application layer (7) or DPI. These firewalls have more control and visibility on applications. NGFWs solve certain deficiencies of Unified Threat Management (UTM) platforms.
  • Secure SD-WAN Some innovative firewalls provide secure Software-Defined WAN (SDWAN) to connect branch offices to headquarters and provide additional WAN failover and security at a lower cost.
  • Zero-touch provisioning This feature allows users to simplify and even automate the onboarding of a new firewall.
  • VPN A firewall with VPN capabilities allows creating site-to-site VPN tunnels across the Internet.
  • Cloud services Most modern firewalls work with additional cloud-based services delivered as as-a-Service, SASE, or SD-WAN services.

The Seven Best Hardware Firewalls for your Small Business

1. SonicWall TZ400 Security Firewall

SonicWall TZ400 Security Firewall

One of the best small business firewalls is the SonicWall TZ400 Security Firewall. This SonicWall TZ400 NGFW is considered premium and a bit pricier than other firewall options, but the robust security, ease of use, and unique features justify its price.

The SonicWall TZ400 Security Firewall is designed for small businesses or branch location deployments. It provides enterprise-level protection, and it's easy to install and manage. The firewall provides security at the application level—It not only filters packets but can also inspect applications, perform IPS, prevent threats, and establish VPN tunnels.

SonicWall TZ400 Features

  • A Network Security Manager A single-pane-of-glass to unify and simplify all firewall's management and reporting.
  • Zero-Touch Deployment (ZTD) To install and deploy the firewall without much configuration.
  • Capture Advanced Touch Protection (ATP) A cloud-based multi-engine sandbox with patent-pending Real-Time Deep Memory Inspection (RTDMI™) to transform threat detection.
  • Secure SD-WAN Integration It connects to a Software-Defined WAN (without an additional license) using ZTD.
  • Optional Expansion Expansion slots for PoE/PoE+ support and 802.11ac Wi-Fi

Price: The prices are not disclosed on SonicWall's site. However, you can get an idea from the Amazon store listings. The price of the SonicWall TZ400 Security Firewall is around $700, which includes a one-year warranty period.

2. FortiGate 30E (FortiWiFi 30E)

FortiGate 30E (FortiWiFi 30E)

FortiGate or FortiWifi 30E is an entry-level application-centric Secure SD-WAN NGFW appliance designed for small spaces. The device can be used as an NGFW for small office deployments. Set up FortiClient on the endpoints and connect them to the NGFW platform, which can also connect to the FortiGate Cloud for additional management, analytics, and sandboxing. Additionally, you can also use the FortiGate 30E Secure SD-WAN capabilities on the enterprise branch and connect to headquarters via MPLS, IPSec Tunnels (VPN), or 3G/4G.

The firewall provides Layer 7 protection via Deep Packet Inspection. It also protects against Malware, malicious websites, and exploits.

FortiWifi 30E Characteristics

  • Management Console An easy-to-use console that allows management, control, visibility, and network automation. It can be easily integrated with Fortinet’s Security Fabric single-pane-of-glass.
  • Services The product offerings (on a subscription basis) also include FortiGuard Security Service—AI-powered FortiGuard Labs that provide real-time intelligence on the threat landscape. Plus, you can also access the FortiCare™ Support Services.
  • Hardware Compact fanless compact form factor, designed for small environments. The firewall uses a Purpose-Built-Security processor and hardware-based (on-chip) system acceleration to detect threats.
  • Ports It comes with four GE RJ45, one WAN port, and one USB. It supports WiFi and can be expanded for 3G/4G for WAN.
  • Fortinet Security Fabric Access AI-driven security operations, dynamic cloud security, zero-trust network access, endpoint protection—all from the unified and integrated Fabric Management Center.
  • Throughput The device offers threat protection at 150 Mbps and SSL inspection at 160Mbps.

Price: The price listed in Fortinet’s official Amazon store is $399.00

3. Cisco Meraki MX64/MX64W

Cisco Meraki MX64/MX64W

Cisco’s Meraki MX64W is a desktop form factor secure SD-WAN appliance designed as a vital element for Secure Access Secure Edge (SASE). Their entry-level, Meraki MX64 and MX64W for SMBs, offer NGFW capabilities, application-layer filtering, auto-VPN, IPS, Cisco Advanced Malware Protection, Zero-touch automatic provisioning, and more.

Both Meraki MX64 and MX64W models support up to 50 clients, have a stateful firewall throughput of 250Mbps, and a VPN (site-to-site) throughput of 100Mbps. The main difference with both is that MX64W supports Wifi (thus the “W”). The Meraki MX64W comes with two GbE (WAN), USB (cellular failover), 4x GbE (for LAN/WAN), and Wifi.

Meraki MX64W Highltighs

  • Unified Threat Management The appliance provides UTM capabilities, including NGFW application/L7 traffic inspection, Malware protection, IDS, IPS, auto-VPN, and unified security center.
  • SD-Branch Cloud platform The SD-WAN-enabled Meraki MX64W can be provisioned as a Software-Defined (SD) Branch at branch offices and connect to headquarters (or cloud) via intelligent WAN routing. An SD-WAN branch can receive security services and more from headquarters.
  • ML-powered Advanced Analytics The Meraki MX64W uses smart thresholds to determine the application’s performance bottlenecks and allows you to see across your LAN or WAN. In addition, you can get root-cause analysis and intelligent recommendations.
  • Advanced Security Services The appliance integrates content filtering (Webroot BrightCloud), support for Google SafeSearch and YouTube for Schools, Advanced Malware Protection, and more.

To get access to advanced security features like Cisco Threat Grid, content filtering, advanced malware protection, and more, you’ll need to subscribe. Get a Cisco Meraki Cloud Networking free trial to experience secure SD-WAN.

Price: The price for Meraki MX64/MX64W listed in retail sites averages $1016.

4. WatchGuard Firebox T15

WatchGuard Firebox T15

The WatchGuard Firebox T15 firewall is a small form-factor network security appliance designed for the Small Office/Home Office (SOHO). The Firebox T15 provides central UTM capabilities, including network firewall, anti-Malware, threat protection, IDS/IPS, application proxying, URL filtering, data loss prevention, and a single visibility platform. In addition, the small business firewall also includes VPN (IPSec) to establish site-to-site tunneling and authentication mechanisms (Single-Sign-on, RADIUS, LDAP, and more).

WatchGuard Firebox T15 Features

  • Throughput Firewall up to 400 Mbps, VPN up to 150 Mbps, and UTM (fast/full scan) up to 90 Mbps throughput.
  • Hardware The device comes with 3x 1GbE ports (for LAN and WAN), one serial, and one USB 2.0.
  • Extend it for Wifi support It comes with an optional integrated wireless 802.11b/g/n dual-band 2.4 GHz and 5 GHz Wifi module.
  • Built-in Secure SD-WAN SD-WAN dynamic path selection to improve WAN resilience and security.
  • Exceptional logging and reporting The Firebox T15 comes with over 100 different dashboards and reports (including PCI and HIPPA compliance).
  • Simple deployment The product comes with Cloud-based RapidDeploy technology—a tool that helps you create and store firewall configuration in the cloud and have it deployed on your appliance anytime and anywhere.

To buy WatchGuard Firebox T15, you can find a reseller or get a quote.

Price: The price listed in WatchGuard’s official Amazon store is $340 (with three-year standard support).

5. Netgate 1100 pfSense+ Security Gateway

Netgate 1100 pfSense+ Security Gateway

The Netgate 1100 Security Gateway is a high-performance firewall appliance powered by the pfSense Plus software—one of the world’s most trusted open source-driven firewall, router, and VPN solutions for securing the network edge and cloud.

Netgate and pfSense provide some of the best network security solutions for any business size. When it comes to small businesses and SOHO, the Netgate® 1100 security gateway appliance is ideal. The appliance comes in a compact form factor design and low power consumption.

The brain behind the hardware is the pfSense Plus software, which provides the performance, flexibility, and reliability that businesses need. The pfSense Plus can be used as a UTM device, IDS/IPS, content filtering, failover WAN, and so much more.

The Netgate® 1100 security gateway features

  • Hardware specs The device comes with a dual-core ARM Cortex-A53 1.2 GHz processor, 1GB DDR4 RAM, and x3 one GbE ports for WAN, LAN, or OPT. The device is equipped with Microchip® CryptoAuthentication Device to ensure that it runs authentic, pfSense Plus software.
  • Performance  The device enables up to 880 Mbps routing (L3 forwarding), 656 Mbps of firewall, and 247 IPSec VPN throughput.

Price: $189.00. You can buy it at the Netgate web store or Netgate’s Amazon store.

6. Sophos XG86(W)

Sophos XG86(W)

Sophos XG is an NGFW product line appliance designed for enterprise-class visibility, protection, and response. The Sophos XG86 NGFW can find and expose risks, block any threat (including unknown), and automatically respond by limiting access, stoping Malware, and more.

The Sophos XG86 is an entry-level desktop firewall, perfect for small businesses or home offices with budget constraints. It is a fanless and small form factor device. The XG86 appliance is also available with integrated WiFi (XG86W). The XG86 (W) throughput specs for the classic firewall are 3100 Mbps, IPS are 480 Mbps, NFGW is 350 Mbps, IPSec VPN 225 Mbps, and XStream DPI-SSL decryption runs at 75 Mbps throughput.

The hardware features four GbE ports, two external 802.11a/b/g/n/ac WiFi antennas, one COM (RJ45), and two micro USB ports.

Sophos XG86 Highlights

  • AI-based Deep Learning to discover and stop unknown threats.
  • Compatible with Sophos XStream to enable rapid SSL Deep Packet Inspection.
  • Network Flow FastPath to accelerate tracking for trusted traffic.
  • Top-class Intrusion Prevention System.
  • Advanced Threat and Botnet Protection.
  • Web Protection with dual AV, JavaScript emulation, and SSL inspection.
  • Integration with Intercept X endpoint protection to stop exploit code.

Price: The price for Sophos XG 86 retails is around $399. The XG 86W with built-in WiFi will only cost about $60 more.

7. Ubiquiti UniFi Security Gateway

Ubiquiti UniFi Security Gateway

Last but not least, the Ubiquiti UniFi Security Gateway is another top small business firewall in 2022. If you're looking for a robust security solution that is as affordable and effective, then Ubiquiti UniFi Security Gateway is your best bet.

The UniFi Security Gateway extends the UniFi Enterprise System to bring reliable routing and security to your networks at an effective cost. The appliance comes in two models, the USG-PRO-4 and USG. The Ubiquiti UniFi Security Gateway (USG) is a perfect firewall solution for simpler deployments at tighter budgets. The USG allows Layer 3 forwarding performance supporting 1,000,000 PPS (packets per second), which is enough to protect a small business office.

Key Features

  • Hardware USG comes as a wall-mountable fanless form factor along with a hardware-accelerated performance dual-core (500Mhz) processor.
  • VPN support The USG appliance allows Site-to-Site VPN tunnels across the Internet using two USG endpoints.
  • I/O Ports The USG device comes with three 1Gbps ports and one serial console port.
  • VLAN configuration support The USG firewall allows you to segment your network using Virtual LANs (VLANs.)
  • Integration with UniFi Controller Manage multiple networks from a central GUI, get insights, manage firewall settings, configuration options, and more. It also supports next-generation UniFi devices.
  • QoS for video and VoIP Assign QoS properties for voice and video traffic and allow clear calls and lag-free video streaming.

Price: $139

Summary

In this post, we went through the seven best hardware small business firewalls, or if you also want to call them, UTMs or NGFWs.

Considering the above list of the best small business firewalls, if the budget is not a constraint for you and you want to get the best of NGFW and Secure SD-WAN for your small business, then go for the Cisco Meraki MX64W, SonicWall TZ400, or the FortiGate 30E firewalls. But on the other hand, if you are tight on budget but you still want robust security, choose the Ubiquiti UniFi Security Gateway or the Netgate 110—both are fantastic options. For mid-budget but enterprise-class security, check out the WatchGuard Firebox T15 and Sophos XG86W, two fantastic small form factor firewalls.

Auvik Network Monitoring