security of asus vs cisco rv260 vs netgate sg1100 under $200

[moosport]

Wire guard coming to pfsense 2.5.

Announcing pfSense® Plus

pfSense® software is the world’s most trusted firewall. Now on its 46th release, the software has garnered the respect and adoration of users worldwide - installed over two million times,...

www.netgate.com

 

[neednetworking]

Wire guard coming to pfsense 2.5.

Announcing pfSense® Plus

pfSense® software is the world’s most trusted firewall. Now on its 46th release, the software has garnered the respect and adoration of users worldwide - installed over two million times,...

www.netgate.com

i will look into that. interesting

 

[daveforever]

If your ultimate concern is about the router being compromised by an external flaw then the choice here is an in-life Cisco firewall - 1,000,000% - even if it's a small business variant.

The amount of drive-by flaw compromise attempts our (commercial) Cisco IPS picks up searching the internet for consumer-brand firewalls is literally insane.

Note that you may need to have active Smartnet cover to download firmware updates. I'm not sure if this applies to the RV series or not as we don't tend to sell those.

What does concern me a little however is that your primary focus is 'security' but you've stated you don't care about web protection, malware protection etc.

90% of attacks begin with a phishing attack. 80% involve DNS at some point of the kill chain. This makes effective web content filtering perhaps the cheapest and easiest way to offer some broader protection.

Relying on endpoint security to deliver this is a bit like playing soccer with a goalkeeper but no defenders.

On that basis - and seeing as you've ruled out PfSense - I'm actually tempted to nudge you toward Draytek. You'll get a respectable SOHO-class router at this price point and their web content filtering is cheap to add.

You could of course go for the Cisco and add OpenDNS https://www.opendns.com/home-internet-security/

 

[neednetworking]

If your ultimate concern is about the router being compromised by an external flaw then the choice here is an in-life Cisco firewall - 1,000,000% - even if it's a small business variant.

The amount of drive-by flaw compromise attempts our (commercial) Cisco IPS picks up searching the internet for consumer-brand firewalls is literally insane.

Note that you may need to have active Smartnet cover to download firmware updates. I'm not sure if this applies to the RV series or not as we don't tend to sell those.

What does concern me a little however is that your primary focus is 'security' but you've stated you don't care about web protection, malware protection etc.

90% of attacks begin with a phishing attack. 80% involve DNS at some point of the kill chain. This makes effective web content filtering perhaps the cheapest and easiest way to offer some broader protection.

Relying on endpoint security to deliver this is a bit like playing soccer with a goalkeeper but no defenders.

On that basis - and seeing as you've ruled out PfSense - I'm actually tempted to nudge you toward Draytek. You'll get a respectable SOHO-class router at this price point and their web content filtering is cheap to add.

You could of course go for the Cisco and add OpenDNS https://www.opendns.com/home-internet-security/

I've ordered both the pfsense netgate sg1100 and the cisco. (not sure if the cisco I am looking at in a lower tier will be as robustly updated/flaw patched) I've used opendns, it's a nice addon. can use with DoH as well. Not sure if draytek works with openvpn clients?

 

[coxhaus]

You can buy a new Cisco RV340 router for $200. You just need to look around.

 

[neednetworking]

You can buy a new Cisco RV340 router for $200. You just need to look around.

that particular model doesn't have openvpn support, which was a key requirement for me

 

[Trip]

@neednetworking - Have you had the SG1100 long enough to give it a thorough evaluation? If so, how has that gone?

Also, Firewalla may be worth keeping an eye on; mobile-centric approach aside, they did officially release their full web interface as of a few months ago. In another thread, @Abbas found it to be quite refreshing. Maybe he would have some additional input to add for your here...

 

[neednetworking]

@neednetworking - Have you had the SG1100 long enough to give it a thorough evaluation? If so, how has that gone?

Also, Firewalla may be worth keeping an eye on; mobile-centric approach aside, they did officially release their full web interface as of a few months ago. In another thread, @Abbas found it to be quite refreshing. Maybe he would have some additional input to add for your here...

sg1100 is still in the box, I need to find some time to set it up.

 

[Clark Griswald]

@neednetworking
I too await your evaluation of the Netgate 1100.
EDIT: I mistakenly was thinking of the XG line and not the sg.

 

[Wallace_n_Gromit]

sg1100 is still in the box, I need to find some time to set it up.

When I bought my Netgate SG1100. it shipped with an early version of pfSense 2.4 I think. HW based crypto was disabled/not enablable.

The latest version is 21.02. It offers... "HW crypto function which uses intellectual property licensed from SafeXcel on the Marvell Armada 3720 SoC." So if you like OpenVPN it's performance should be much better. BTW it is disabled by default. You have to go through several menu items to get to point you can toggle it on.

(I actually like my Asus router running Merlin/3rd party scripts, Have the Sg1100 packed away in a drawer.)

Without opening up the device, I think you go to SYSTEM >> ADVANCED >> MISC ... scroll down the list

 

[kman117]

I am looking for a more secure firewall under $200. I've heard bad things about home router security. Internet speed from isp would be about 100-200mbps.
my current considerations are
an asus stock firmware
cisco rv260
netgate sg1100

main thing I am concerned about is security

Features I like but don't need:
openvpn
content filtering (by content category with ability to include/exclude devices)
Gui configurable
lower ping times (probably not an issue)

is the cisco rv260 comparable to like a cisco asa, sonicwall, fortinet, or sophos firewall in security? I am no as concerned about viruses/filternig. I am more concerned about the firewall being compromised from the outside like a hack against a known vulnerability, etc.

This is my answer Report Says Cisco, Other US Companies Pose Threat to Chinese Information Security (techinasia.com)