I am looking for a router/firewall software or appliance with these specs


I have been researching possible software or appliances to replace my existing router - Linksys RVS4000 v1 in my home lab.  But what I am finding so far is questionable on meeting my needs or is just downright too expensive.

My desired features are for it to include antivirus, anti-malware, anti-spyware, firewall, vlans, and proxy.  I do not want it to be a cloud security solution as it slows things down too much.  The RVS4000 had that feature with ProtectLink and it was quickly made useless to me and has also been discontinued by Cisco.

This setup can be a software to use on existing hardware, or a pre-built appliance.  If it is an appliance, I would like for it to have a gigabit lan/wan so as to be more future proof and also be rackmountable and quiet.  If possible, I would like it to be able to do WiFi access point, but that is the least important of the features as I can just get a WAP separately.

I have evaluated pfSense as far as software, but came up short with issues.  Their forum is too saturated to get solid help.  Their antivirus and proxy plugins do not work for me.  I have also looked at ClearOS, but have yet to try it, but not sure if it is worth trying or if there is something better.

I would like for this to be as inexpensive as possible.  Any help would be appreciated.
LVL 17
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Take a look at a Sonicwall TZ105. Inexpensive and does what you want.

For any commercial appliance, the antivirus will need a subscription - which will be a yearly cost.
Also, I am not sure what purpose the proxy will have for you...

I would consider Juniper SRX100 and FortiGate-30, which both can be found for a couple of hundred bucks.
If you already have server, with enough capacity to run virtual firewalls, then consider Juniper FireFly and FortiGate-VM, which is essentially the software version of the appliances I first mentioned.
btanExec ConsultantCommented:
Understand you have looked into pfSense and probably this comparison may interest you to assess other candidates( Zeroshell, IPFire, etc), esp when you see already some limit of the pfSense ..

But you may find Sophos UTM as potential

For ClearOS, pls kindly my posting in other EE forum and to further this CLearOS is flexible and scalable as it is apps driven as you can see in its marketplace (http://www.clearcenter.com/marketplace/) - the netwrosk, gteway and server is likely something you are looking at for the baseline capabilities
... have not hear CLearbox but looking at its history, it spins of from concept in  campus of Carnegie Mellon University and under Point Clark Networks (acquired by ClearCenter). It is a Linux box internally and sort of a open source network and gateway solution. ClearOS requires dedicated hardware to run on (unless you are installing on a hypervisor) though they also sell an all-in-one for you. Kind of let me think it is like squid or zeroshell genre.They still hold on to Community version together with their Professional (commercial) version - http://www.clearcenter.com/Software/clearos-comparison.html
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

bigeven2002Author Commented:
Thanks everyone for the replies.  I will study these this evening and report back shortly after.
Aaron TomoskyDirector of Solutions ConsultingCommented:
another vote for sonicwall, but it's the GAV license that will set you back the most. You can get a bare tz215 for around $500. After adding wifi and 1 year total secure (better pricing than the seperate gav license) it's $830
bigeven2002Author Commented:
Ok so I have had some time to review.

@carlmd and Aaron, I like the SonicWall product and it looks like the TZ205 or TZ215 would be a good fit.  The TZ105 doesn't have Gigabit.  The $830 prices for everything is a bit steep though.  For the Total Secure subscription, I wanted to make sure I was understanding, the security (GAV, IPS, yada yada) are on box and not cloud based correct?

@btan, thanks for the links to free firewalls.  I came across Zentyal which I am interested in trying out.  As for Sophos, the SG 105 looks attractive, but that product line is not available until December, but I have no problem waiting.

@pergr, I checked out Juniper and Fortinet.  I liked both.  One concern with the Fortinet30 was the Antivirus throughput of 40 mbps.  I will be eventually looking at upgrading my Internet to a 70 Mbps in the near future so that throughput looks like it would reduce performance.  I couldn't find throughput info for Juniper SRX in this regard.
You can get a TZ205 Total Secure (all subscriptions plus hardware replacement) for one year for about $665, and the wireless TZ205 with the same for about $740. Take a look at www.sonicguard.com.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Zentyal looks like an everything appliance (see its technical feature list)  as it is also primed as Windows replacement for SMB, but somehow having all that features (file server, dhcp, voip, outlook, etc)  running just for the FW can also be double-edged - meaning more holes possible to probe, patch and bypass utilised flawed module like openssl, bind etc. there are some review done vs pfsense which it recommend Zentyal for if you are all in an all around solution and wanted a Windows Small business server replacement. And now taking off also as as “an Open Source drop-in replacement for MS Exchange/Active Directory” but for dedicated FW, the other alternatives shared (so far) fared a better choice. This is indeed a AIO solution which can satisfied your needs (probably not the wireless ids/controller aspect).
Aaron TomoskyDirector of Solutions ConsultingCommented:
The tz215 is listed at 60mbps full dpi throughout which is kind of a lie. first off that's adding both directions together so really it's only 30mbps, and even then that's in "performance mode" which doesn't look for low priority threats. In default mode with full GAV I wouldn't give it over a 20mbit connection.

And yes the gav scanning happens on the device, that's why there is such a performance hit.
bigeven2002Author Commented:
Noted on the GAV throughput possible limitation to 20 mbps and good to know of the sonicguard site.  Also, good point on Zentyal having a slew of liable features that will go unused.  At this point, I think I have some very good options for when I proceed.  I'll wait for the Sophos SG line to become available before finalizing my decision.  For now, many thanks for the responses.  I will now close the question.  Points will be distributed as evenly as possible.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Hardware-Other

From novice to tech pro — start learning today.