Every home network needs a firewall. The process of choosing a good firewall is a difficult one because firewalls are a complex part of a network setup. There are many questions that need to be asked before choosing which firewall is right for you.
Not all firewalls are created equally and they all excel at different applications. It is impossible for any single firewall product to provide all of the protection that you need, so it is important to evaluate exactly what you need to protect before picking your firewall.
Choose What You Need To Protect the Most
The first decision to make is which features of a firewall are the most important to you. If you are looking for cyber security protection for your family that is going to point you in a very different direction than if you are looking for whole-house privacy protection.
Also, think about which devices you need or want to protect with your firewall. A firewall that is good for protecting a couple of computers is very different from a firewall that is needed to protect an entire network. Here's a checklist of the kinds of things that firewalls are designed to protect against. Again, no single firewall will provide protection for all of these things.
Firewalls can provide:
- Cyber security for kids and family
- Web site blocking based on the website name
- Web site blocking based on website content
- Social networks, videos streaming, and illicit website blocking
- Time of day internet restrictions, frequently used for limiting kids
- Total hours of internet usage, also frequently used for kids
- Prevention of Smart TVs and other network devices from "phoning home" with your data
- Restricting neighbors from using your internet connection
- Logging and alerting of when someone accesses your network
- Protection from people hacking into your internet connected cameras
The term "firewall" is a very broad term and covers a lot of various technology, so it can be hard to narrow down exactly what you want your firewall to do.
For more information read What Does a Firewall Do to get an idea of the full range of features that firewalls can offer.
Hardware Firewalls vs. Software Firewalls
It is helpful to divide the scope of firewalls into two distinct parts. Hardware firewalls are physical network devices that you plug into your network, usually between your home network and your router but not always. They work by protecting all of your devices on your network at the same time and limiting the kind of data that can come in and out of your network. This makes them useful for blocking devices that you cannot install software on, such as gaming consoles, security cams, and Smart TVs.
Software firewalls are programs that are installed on your PC, tablet, or phone. Software firewalls offer greater flexibility in what is blocked on a device-by-device basis, and they are able to block website content better. Since a software firewall must be installed on your device they are not able to block other network devices from accessing the internet. This makes them mostly useless for blocking Smart TVs, gaming consoles, and things that you have less control over.
The choice of a hardware firewall vs. a software firewall is a huge one. There is much more information on our Hardware vs. Software Firewall guide.
How to Choose a Hardware Firewall
If you decide to go with a hardware firewall there are a few more choices to make. Hardware firewalls come in a variety of options that are very different from each other.
The easiest hardware firewall to set up is one that is located in your router. Many routers already have a hardware firewall built in. Most of these stock firewalls are not very useful because they are very feature-limited. As router manufacturers realize that more and more customers need a firewall in their router the router-based hardware firewalls are getting better. If your router is less than a few years old and it has a hardware firewall built in then this may be all that you need depending on what you are trying to accomplish.
More advanced users want a dedicated hardware firewall that is separate from their router. This device usually goes inside your network between your router and all other devices. It is very important to note that when you go this route you must disable the Wi-Fi section of your router and add a separate Wi-Fi access point inside the firewall or else any device that connects to your router will bypass the firewall that you've added. It's a good idea not only to disable the Wi-Fi section in your router but to also physically remove the antennas ensuring that no one can connect around the firewall.
Very recently a new kind of hardware firewall has started showing up that can protect your entire network without you having to disable Wi-Fi or even install the device between your router and your network. The most popular device is called Circle and it seems like a very good solution for people who want a hardware firewall without all of the setup hassles that normally come with it.
Hardware Firewall Limitations
The biggest reason to choose a hardware firewall is that it offers a single point of installation and maintenance. A single point of installation means that a hardware firewall can protect your entire network no matter what kind of devices you plug into it. Firewalls require maintenance and having all of that maintenance concentrated on a single device is very convenient.
Hardware firewalls have a major limitation in that they cannot inspect the actual contents of the traffic that flows through them. Most websites use HTTPS security which means that the content you pull over your network is encrypted all the way up to your device. Since the content is encrypted a hardware firewall has no way of knowing what that content contains. This makes it almost impossible for a hardware firewall to filter a page based on the words that are on it.
For parents whose primary goal is cyber security protection for their kids, a hardware firewall is most likely not going to offer the features that you are looking for. These features are usually found in a software firewall.
How to Choose a Software Firewall
When shopping for a software firewall it can be overwhelming because there are so many choices, each with an amazing advertising campaign of reviews. It is almost impossible to know if a software firewall is going to offer all of the features that you are interested in until you actually install it and run with it for a while.
Windows and Mac OSX both come with very basic but functional firewalls. The stock firewalls are capable of blocking both incoming and outgoing connection requests by a variety of means, but they are not very effective website filters and not at all effective for cyber security.
One of the most important things to look for in a software firewall is if it is compatible with all of your devices. You must install the software firewall on every device that you want to protect, so be sure to check on support for PC, Mac, iOS, Chrome Os, Kindle, and Android. If the software firewall that you want to use doesn't support every device that you own then you will either have to leave some devices unprotected or consider purchasing multiple products to install on different devices.
Purchasing multiple products is expensive and increases both the amount of time that you have to spend learning how to use the firewall and the amount of time that you have to spend maintaining it.
Software Firewall Limitations
You know that software firewalls are the only way to really filter website content based on keywords and that they are excellent at protecting your kids in an evolving online world. This makes them a great choice for individualized protection on each device that you own.
Since software firewalls are installed on the device they protect they are not able to protect your entire network. Devices like Smart TVs, security cameras, and gaming consoles do not allow you to install a firewall on them.
If your primary goal of adding a firewall to your network is to prevent devices from spying on you then a software firewall is not going to work. The only way to block devices like this from sending data on your network is with a hardware firewall, or occasionally the firewall section in your router.
Another negative of software firewalls is that they are also usually more expensive than hardware firewalls over the long run because you have to pay for a subscription on a per device basis. If you only have a few devices then this might not be a concern, but a family of 4 can easily push above the 10 device limit that many packages offer when you start adding them all up.
What Makes a Good Firewall
So what does make a good firewall for you and your home network? Do you need to protect many devices or just a few? Are you interested in cyber security controls for kids or just blocking would-be attackers? All these questions steer you in the direction of what kind of a firewall is best for your situation.
Everyone needs firewalls on their network and that is not going to change any time soon. If you are unsatisfied with the stock firewalls that both Windows and Mac OS X provide, and your router does not have anything to offer then an aftermarket firewall is a good idea. There are many to choose from.