Firewall Router with gigabit internet

[mrdod]

Thanks to the threat of competition from Google, AT&T ran fiber to our area and we recently went from 6Mb DSL (more like 4.8 Mb down/.150 up) to AT&T gigabit service. We have an OLD Netgear firewall router and we are only getting 10 Mb speed. When we bypassed the router we got anywhere from 380 to 890 Mbps so we need to get a new firewall router. I was going to get a NETGEAR ProSAFE FVS336G (300NAS) which shows a WAN to LAN throughput of 776 Mb but then I read a comment that the max internet speed for that was 350 Mb. While that would be a huge improvement over what we've had, it doesn't seem right to buy a firewall router that only provides 1/3 of the capacity of our service when its brand new.

Are there other alternatives that would provide the hardware firewall and more speed without spending an arm and a leg? We have four computers, NAS and a couple of printers. We do not need wireless.

Thanks!

 

[L&LD]

The RT-AC88U is just what the doctor ordered. Of course, RMerlin firmware highly recommended.

 

[joegreat]

Are there other alternatives that would provide the hardware firewall and more speed without spending an arm and a leg? We have four computers, NAS and a couple of printers.

Well, first of all there is no "hardware firewall" as all of them are " kind of computers" with CPU and software!
Given this fact, the firewall rules are always CPU bound and GBit traffic will need very fast CPU (most likely Intel Core type), which cannot be found in home routers.

See the achievable speed discussion here - with the faster clocked CPU in the AC88U, you can even get more, but most likely not full GBit speed...

With kind regards
Joe

 

[System Error Message]

there are routers that can do gigabit with firewalls but they are not "home" routers or easy to set up routers. However unlike a consumer router these routers do not have compatibility issues relating to things like upnp because unlike a consumer router where you just tick what you want in these routers you have to define the rules. Although RMerlin's firmware adds that touch to ASUS routers, they still do not have the capability to do gigabit while using firewall especially if you use PPPOE. The speeds you see for these consumer routers is when they are connected by wire to an ISP and are given an IP address like in a normal ethernet network but most ISPs use PPPOE.

The routers that are configurable and do gigabit are not only more expensive but also use a CPU designed for it. You could get an x86 platform and use it as a router or get one of these routers instead. Some examples are actual cisco routers, mikrotik CCR series, Juniper routers, x86 based solutions like pfsense, a unix/linux server, and so on. Ubiquiti edgerouter series actually rely on hardware acceleration for throughput but unlike a consumer router it doesnt lose hardware acceleration when you add stuff to it but it does slow down significantly when you add rules and features. For example the edgerouter pro has 8 gigabit ethernet ports and claims to do 8Gb/s or line rate routing but what they mean is that if you used it as a simple layer 3 switch the hardware acceleration can do line rate because there is no processing to do unlike with NAT which is what is used for internet. If you took a consumer router like the ARM based asus one and performed CPU switching with it it will also do line rate. What really matters for homes is NAT speeds and if you need more features other than just NAT you would be looking at software routing so it means having a CPU that can actually handle the speed.

 

[mrdod]

What really matters for homes is NAT speeds and if you need more features other than just NAT you would be looking at software routing so it means having a CPU that can actually handle the speed.

Thanks for all the comments. Excuse my ignorance. My husband handles all this stuff but he's slammed at work right now so I'm trying to narrow down our options. I think you're saying the firewall is the limiting factor and a consumer grade product is not going to give the full line speed. So how does the "AiProtection for total security and privacy" of the RT-AC88U compare to the security of the NETGEAR ProSAFE FVS336G (300NAS) and is either one a significant improvement over just NAT? An engineer with Cisco happened to be in the office today and he said he and most of the guys at work just uses the router supplied by AT&T. He said it has NAT and that's all you really need. I've read articles that say NAT is enough and others that say it isn't. If they want to get in they will but I don't want to invite trouble.

 

[coxhaus]

NAT is the big thing in routers. But the AT&T modems/ routers are plain jane routers. If you want advanced features like guest networks, secured security cameras, better wireless, or etc. then you are not going to get it with the AT&T routers. All the after market router manufactures know this and add features so you will buy their products. So it is up to you to decide what you need. Getting GIG speed is a little behind the times right now for consumer routers.

 

[System Error Message]

ASUS AC87U, AC3200 and AC88U AI protection utilises an extra CPU that they have between WAN and CPU.

 

[mrdod]

ASUS AC87U, AC3200 and AC88U AI protection utilises an extra CPU that they have between WAN and CPU.

So is that any better/worse than the Netgear Prosafe? I can live with slower speeds. I've survived with 4.5 Mb until now! I just don't want to get something that is obsolete before I open the box. We don't have major speed requirements and no kids at home to worry about nanny controls.

 

[System Error Message]

compare their CPUs

 

[Cloud200]

So is that any better/worse than the Netgear Prosafe? I can live with slower speeds. I've survived with 4.5 Mb until now! I just don't want to get something that is obsolete before I open the box. We don't have major speed requirements and no kids at home to worry about nanny controls.

There are a few types of firewalls on the market.
The most expensive;
NGFW and UTM firewalls will run an antivirus/malware scan on traffic going in and out of the network. The best ones can block traffic based on heuristics, not just signatures. Budget models are slow and still require an annual subscription to keep active. Generally only businesses use these due to the expense.

Next you have DNS filtering/IP black listing. Either built in to the router or by changing your DNS lookups, you can filter most junk on the web.

Finally the most basic is a simple SPI NAT firewall. Pretty much any device will do this. It lets traffic out, keeps sessions open and blocks traffic in.

The netgear you listed is the last of the three. The asus is the middle.

 

[mrdod]

There are a few types of firewalls on the market.
The most expensive;
NGFW and UTM firewalls will run an antivirus/malware scan on traffic going in and out of the network. The best ones can block traffic based on heuristics, not just signatures. Budget models are slow and still require an annual subscription to keep active. Generally only businesses use these due to the expense.

Next you have DNS filtering/IP black listing. Either built in to the router or by changing your DNS lookups, you can filter most junk on the web.

Finally the most basic is a simple SPI NAT firewall. Pretty much any device will do this. It lets traffic out, keeps sessions open and blocks traffic in.

The netgear you listed is the last of the three. The asus is the middle.

Thanks! That's what I wanted to know.

 

[System Error Message]

RMerlin's firmware adds additional firewall options.

 

[mrdod]

RMerlin's firmware adds additional firewall options.

Thanks. I saw the recommendation for that in the first response but haven't had a chance to look into it yet. I just found this thread with info on it so I'll send my husband there. http://www.snbforums.com/threads/asuswrt-merlin-custom-firmware-for-asus-routers.7846/