How To Choose a Firewall

Thumbnail image of Jason Bauer
Jason Bauer
October 03, 2017 (Last Updated: ) | Reading Time: 8 minutes
Firewalls limit access to devices
Firewalls limit access to devices

Every home network needs a firewall. The process of choosing a good firewall is a difficult one because firewalls are a complex part of a network setup. There are many questions that need to be asked before choosing which firewall is right for you.

Not all firewalls are created equally and they all excel at different applications. It is impossible for any single firewall product to provide all of the protection that you need, so it is important to evaluate exactly what you need to protect before picking your firewall.

Choose What You Need To Protect the Most

The first decision to make is which features of a firewall are the most important to you. If you are looking for cyber security protection for your family that is going to point you in a very different direction than if you are looking for whole-house privacy protection.

Also, think about which devices you need or want to protect with your firewall. A firewall that is good for protecting a couple of computers is very different from a firewall that is needed to protect an entire network. Here's a checklist of the kinds of things that firewalls are designed to protect against. Again, no single firewall will provide protection for all of these things.

Firewalls can provide:

The term "firewall" is a very broad term and covers a lot of various technology, so it can be hard to narrow down exactly what you want your firewall to do.

For more information read What Does a Firewall Do to get an idea of the full range of features that firewalls can offer.

Hardware Firewalls vs. Software Firewalls

It is helpful to divide the scope of firewalls into two distinct parts. Hardware firewalls are physical network devices that you plug into your network, usually between your home network and your router but not always. They work by protecting all of your devices on your network at the same time and limiting the kind of data that can come in and out of your network. This makes them useful for blocking devices that you cannot install software on, such as gaming consoles, security cams, and Smart TVs.

Software firewalls are programs that are installed on your PC, tablet, or phone. Software firewalls offer greater flexibility in what is blocked on a device-by-device basis, and they are able to block website content better. Since a software firewall must be installed on your device they are not able to block other network devices from accessing the internet. This makes them mostly useless for blocking Smart TVs, gaming consoles, and things that you have less control over.

The choice of a hardware firewall vs. a software firewall is a huge one. There is much more information on our Hardware vs. Software Firewall guide.

Image of how to choose a firewall
Image of how to choose a firewall

How to Choose a Hardware Firewall

If you decide to go with a hardware firewall there are a few more choices to make. Hardware firewalls come in a variety of options that are very different from each other.

The easiest hardware firewall to set up is one that is located in your router. Many routers already have a hardware firewall built in. Most of these stock firewalls are not very useful because they are very feature-limited. As router manufacturers realize that more and more customers need a firewall in their router the router-based hardware firewalls are getting better. If your router is less than a few years old and it has a hardware firewall built in then this may be all that you need depending on what you are trying to accomplish.

More advanced users want a dedicated hardware firewall that is separate from their router. This device usually goes inside your network between your router and all other devices. It is very important to note that when you go this route you must disable the Wi-Fi section of your router and add a separate Wi-Fi access point inside the firewall or else any device that connects to your router will bypass the firewall that you've added. It's a good idea not only to disable the Wi-Fi section in your router but to also physically remove the antennas ensuring that no one can connect around the firewall.

Very recently a new kind of hardware firewall has started showing up that can protect your entire network without you having to disable Wi-Fi or even install the device between your router and your network. The most popular device is called Circle and it seems like a very good solution for people who want a hardware firewall without all of the setup hassles that normally come with it.

Hardware Firewall Limitations

The biggest reason to choose a hardware firewall is that it offers a single point of installation and maintenance. A single point of installation means that a hardware firewall can protect your entire network no matter what kind of devices you plug into it. Firewalls require maintenance and having all of that maintenance concentrated on a single device is very convenient.

Hardware firewalls have a major limitation in that they cannot inspect the actual contents of the traffic that flows through them. Most websites use HTTPS security which means that the content you pull over your network is encrypted all the way up to your device. Since the content is encrypted a hardware firewall has no way of knowing what that content contains. This makes it almost impossible for a hardware firewall to filter a page based on the words that are on it.

For parents whose primary goal is cyber security protection for their kids, a hardware firewall is most likely not going to offer the features that you are looking for. These features are usually found in a software firewall.

Firewalls create privacy and security
Firewalls create privacy and security

How to Choose a Software Firewall

When shopping for a software firewall it can be overwhelming because there are so many choices, each with an amazing advertising campaign of reviews. It is almost impossible to know if a software firewall is going to offer all of the features that you are interested in until you actually install it and run with it for a while.

Windows and Mac OSX both come with very basic but functional firewalls. The stock firewalls are capable of blocking both incoming and outgoing connection requests by a variety of means, but they are not very effective website filters and not at all effective for cyber security.

One of the most important things to look for in a software firewall is if it is compatible with all of your devices. You must install the software firewall on every device that you want to protect, so be sure to check on support for PC, Mac, iOS, Chrome Os, Kindle, and Android. If the software firewall that you want to use doesn't support every device that you own then you will either have to leave some devices unprotected or consider purchasing multiple products to install on different devices.

Purchasing multiple products is expensive and increases both the amount of time that you have to spend learning how to use the firewall and the amount of time that you have to spend maintaining it.

Software Firewall Limitations

You know that software firewalls are the only way to really filter website content based on keywords and that they are excellent at protecting your kids in an evolving online world. This makes them a great choice for individualized protection on each device that you own.

Since software firewalls are installed on the device they protect they are not able to protect your entire network. Devices like Smart TVs, security cameras, and gaming consoles do not allow you to install a firewall on them.

If your primary goal of adding a firewall to your network is to prevent devices from spying on you then a software firewall is not going to work. The only way to block devices like this from sending data on your network is with a hardware firewall, or occasionally the firewall section in your router.

Another negative of software firewalls is that they are also usually more expensive than hardware firewalls over the long run because you have to pay for a subscription on a per device basis. If you only have a few devices then this might not be a concern, but a family of 4 can easily push above the 10 device limit that many packages offer when you start adding them all up.

What Makes a Good Firewall

So what does make a good firewall for you and your home network? Do you need to protect many devices or just a few? Are you interested in cyber security controls for kids or just blocking would-be attackers? All these questions steer you in the direction of what kind of a firewall is best for your situation.

Everyone needs firewalls on their network and that is not going to change any time soon. If you are unsatisfied with the stock firewalls that both Windows and Mac OS X provide, and your router does not have anything to offer then an aftermarket firewall is a good idea. There are many to choose from.

More From Portforward