security of asus vs cisco rv260 vs netgate sg1100 under $200

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

neednetworking

Occasional Visitor
I am looking for a more secure firewall under $200. I've heard bad things about home router security. Internet speed from isp would be about 100-200mbps.
my current considerations are
an asus stock firmware
cisco rv260
netgate sg1100

main thing I am concerned about is security

Features I like but don't need:
openvpn
content filtering (by content category with ability to include/exclude devices)
Gui configurable
lower ping times (probably not an issue)

is the cisco rv260 comparable to like a cisco asa, sonicwall, fortinet, or sophos firewall in security? I am no as concerned about viruses/filternig. I am more concerned about the firewall being compromised from the outside like a hack against a known vulnerability, etc.
 

L&LD

Part of the Furniture

cooloutac

Very Senior Member
as far as security goes. the netgate would be the best option. but you would get horrible openvpn speed.

and ac86u or ax88u would give you great openvpn speed, but you will have horrible security. Its very hard to get both at that price range which is something I've learned myself. My tinfoil hat blames big brother more then the corporations.

I wouldn't get the cisco. its probably worse on both fronts and overpriced. I have no personal experience with it but if we go by amazon reviews its more horribly unstable even more so then the asus router. Get it without the wifi version if you do decide on it.
 
Last edited:

Trip

Very Senior Member
You're at a price point where offsetting cost with your own time/skill is your best option if you want higher levels of security (IDS/IPS/AV packages) and segmentation (VLANs), and/or ability to run items like OpenVPN, SQM, IDS, or DPI in-software at hundreds of Mb/s or beyond.

I would grab a Qotom embedded firewall off Amazon with AES-NI support (example: i3-4005U with 4GB RAM and 32GB SSD for $236 -- just do yourself the favor and invest the extra $36, you're worth it), then install pfsense or OPNsense on it, plus whatever packages you want, and away you go. Way more software flexibility and horsepower than either a Cisco RV or consumer-class Asus, for similar monetary outlay, just a little more elbow grease involved.
 

slam5

Occasional Visitor
rv260 is probably your best bet for reliability and security. And that's by a long margin compared to the other two routers. to show you how reliable they are, Cisco actually gives you a limited lifetime warranty on it. And the firmware support is like 7 yrs or more. I am almost sure you can run wrt firmware but why? I've one of its predecessor. now rv260 is a wired router, no wifi functionality in it. I have its success or rv042g. it is on 7x24 365 days a year. the wan port is gigbit so you have a lot of headroom. the case is metal, that tells you how reliable it if.


I am looking for a more secure firewall under $200. I've heard bad things about home router security. Internet speed from isp would be about 100-200mbps.
my current considerations are
an asus stock firmware
cisco rv260
netgate sg1100

main thing I am concerned about is security

Features I like but don't need:
openvpn
content filtering (by content category with ability to include/exclude devices)
Gui configurable
lower ping times (probably not an issue)

is the cisco rv260 comparable to like a cisco asa, sonicwall, fortinet, or sophos firewall in security? I am no as concerned about viruses/filternig. I am more concerned about the firewall being compromised from the outside like a hack against a known vulnerability, etc.
 

Trip

Very Senior Member
rv260 is probably your best bet for reliability and security.
Hardware reliability, perhaps. On the software side, however, pfsense is ROCK-solid and every bit as reliable as Cisco's in-house Linux distro, if not more so. As for security, Cisco may indeed have the edge in frequency of patching the firewall OS itself, but for overall security functionality (applied to the traffic), pfSense runs circles around the RV series, especially with package extensibility (pfBlocker NG, Snort, Surricata, etc.) and goes a lot further on the UTM/NGFW front, if that matters to you.

@neednetworking - If all you need is a simple box to do NAT and not a whole lot more, a Cisco RV may suffice. Feature set will be canned/limited, but everything is taken care-of for you. Do be mindful of WAN speed, though. The RV260 will limit you to about 700-800Mb/s total throughput in either direction, so if you really need gigabit, an RV340 would be a better choice. If you do want to run more items on the box, including higher levels of IDS/DPI and/or OpenVPN with high throughput, then I'd run a community firewall distro on x86 hardware (per my post above).
 

thecheapseats

Regular Contributor
Your first words were "a more secure firewall "... assuimg THAT is the priority to enable ips, ids, segmenting, etc. - Qotom with a pfsense or opensense distribution imo is hands down the way... just bit the bullet myself with qotom and a newer learning curve from long ago cisco and other ancient firewall skills... a great bang for the buck - with emphasis on the 'bang'.... almost true big-boy pants except for the price... caveat-> I went i5 instead of i3 for future headroom...
 
Last edited:

cooloutac

Very Senior Member
rv260 is probably your best bet for reliability and security. And that's by a long margin compared to the other two routers. to show you how reliable they are, Cisco actually gives you a limited lifetime warranty on it. And the firmware support is like 7 yrs or more. I am almost sure you can run wrt firmware but why? I've one of its predecessor. now rv260 is a wired router, no wifi functionality in it. I have its success or rv042g. it is on 7x24 365 days a year. the wan port is gigbit so you have a lot of headroom. the case is metal, that tells you how reliable it if.
have you read the reviews on that rv260? its pretty horrible on all the box stores. Especially the wireless version, which they do indeed sell and actually exists its the rv260w. I notice microcenter doesn't even sell it anymore, just the 160 and the 340, 345. makes ya wonder.

I agree with above posters if you could spend a little and don't mind a little leg work with the software setup, get a qotom box and put pfsense or sophos on it, that will do everything you want to do. Get the i3 or i5 with aes-ni for openvpn speeds. Way more secure and versatile. for even better hardware stability, get a barebones one and put your own ram and hdd in it. This is what I plan on doing myself.
 

sfx2000

Part of the Furniture
an asus stock firmware
cisco rv260
netgate sg1100
I would add this to the list...

Brume from GL-inet

1GB RAM, 8GM eMMC, MV3720 powered, USB3 and SD Card support...


Factory Firmware is good, based on OpenWRT with their special sauce, that being said, one can install OpenWRT - it's good for 100 Mbit/Sec openVPN performance, Wireguard is around 300 Mbit sec

Same chipset as the Netgate SG1100, but better cooling... SG1100 is based on the Marvell MV3720 reference design (globalscale EspressoBin) with a TPM module installed to authenticate pfSense.
 

coxhaus

Part of the Furniture
If you want the best firewall for low cost at home then Untangle is much better than any cheap firewall including pfsense for home use. Untangle only costs $50 for home use. It is a high-end firewall maybe not the best in the multi-thousands of dollar firewall but it is up there. For a business it cost a lot more money to run. As I remember Untangle takes more ram than pfsense to run. I like to run Untangle as a UTM device behind a Cisco router but it is not required.

There are some high-end firewall addons for Untangle that would be too expensive to run at home but the basic firewall is there which is way better than any of this other stuff.
 
Last edited:

cooloutac

Very Senior Member
If you want the best firewall for low cost at home then Untangle is much better than any cheap firewall including pfsense for home use. Untangle only costs $50 for home use. It is a high-end firewall maybe not the best in the multi-thousands of dollar firewall but it is up there. For a business it cost a lot more money to run. As I remember Untangle takes more ram than pfsense to run. I like to run Untangle as a UTM device behind a Cisco router but it is not required.

There are some high-end firewall addons for Untangle that would be too expensive to run at home but the basic firewall is there which is way better than any of this other stuff.
I was thinking about it at one point but 50 dollars doesn't get you wireguard support, threat prevention and virus blocker which costs $150. The only edge over pfsense really seems to be the reporting, web filtering and ease of use.
 

coxhaus

Part of the Furniture
If you try to run SNORT on pfsense I think it requires too much user intervention for home use. Way more support for pfsnese than Untangle overall. You do get threat prevention and virus blocker it is not the high dollar virus blocker since you are only paying $50.

I had Untangle shutdown a laptop on my network because it had a spam program running spewing crap out. It is better than pfsense. Untangle filters both directions.
 

cooloutac

Very Senior Member
If you try to run SNORT on pfsense I think it requires too much user intervention for home use. Way more support for pfsnese than Untangle overall. You do get threat prevention and virus blocker it is not the high dollar virus blocker since you are only paying $50.

I had Untangle shutdown a laptop on my network because it had a spam program running spewing crap out. It is better than pfsense. Untangle filters both directions.
I think most pf sense home users jsut run suricata.
 

Deepcuts

Regular Contributor
I think most pf sense home users jsut run suricata.
Yeah, also most of the same users will enable all rules under suricata and wonder why they have issues. Will also block inbund icmp because "security".
All this while having no opened ports. Of course, with an i5 for maybe 100-200 Mbps max ISP speed :)

Sorry to say, but pfsense, ipfire and such have no place on home installs for the average Joe that just wants to game online, watch some movies and like on cat pictures.
 

cooloutac

Very Senior Member
Yeah, also most of the same users will enable all rules under suricata and wonder why they have issues. Will also block inbund icmp because "security".
All this while having no opened ports. Of course, with an i5 for maybe 100-200 Mbps max ISP speed :)

Sorry to say, but pfsense, ipfire and such have no place on home installs for the average Joe that just wants to game online, watch some movies and like on cat pictures.
but then why run an advanced firewall? Let alone pay for one! lol just use an asus router. Doesn't even the asus router block echo request by default? You would agree with that no? 100-200Mbps isn't enough to game, watch movies and watch cat pics? I only subscribe to a 200MBs connection with my ISP. Most people just use the default rulesets and won't even notice any slowdown with other things also running getting over 700MBs on even a netgate sg3100. I'm thinking of going the sophos route which blocks literally everything by default including all outgoing. lol.

I looked at untangle website again, I'm not seeing where you get the threat prevention as an above user posted for the $50 home subscription. You don't even get wireguard, among lots of other things. I don't like the idea of them breaking things up to so many different costs and fees. Even trying to compare the different home plans on the website seems difficult on purpose. Doesn't feel right to me and seems a little unscrupulous. Just my 2 cents.
 
Last edited:

Trip

Very Senior Member
Sorry to say, but pfsense, ipfire and such have no place on home installs for the average Joe that just wants to game online, watch some movies and like on cat pictures.
I might be inclined to agree, but here we have an OP who, while they may not work OpSec or be a CCIE, is at least curious enough to have a Netgate on their radar... To mention in this use-case that it has no place in any home, ever, is perhaps too much discouragement. I would give the OP benefit of the doubt, and let him/her decide.

@neednetworking - For something much more approachable, check out Firewalla Gold. Yes, I realize $418 is way more than your original budget, but in exchange for the premium, you're paying someone else to take away mostly all of the complexity, while still giving you some pfSense-levels of control and PC-hardware level of throughput (that likely can't be randomly crippled by an "average Joe", if you are one, fiddling with too many settings).
 
Last edited:

neednetworking

Occasional Visitor
Well, I am very thankful for all the input. Schedule is freeing up that I will have time to tackle this project again. Sorry for going silent after receiving so many helpful responses.

I should have clarified a bit more in the original post that out-of-box functionality, 30 minute configuration, and no need to ascend a learning curve are also criteria. I want something that I can rely on for quick installs for friends, family, small businesses. I intend to use this device for more than just myself and time-to-setup is a factor.

the i386 solutions, although a great option, not a fit for what I am looking for in this situation.

the firewalla products i would like better if they weren't so smart phone centered.

The brume device sound interesting, but I would need a few more highly recommend votes.

The Rmerlin on an asus looks to have a learning curve/longer setup time (I saw a bunch of terms I don't recognize)

There seemed to be a bit of a disagreement on better security between the cisco and the netgate. But would everyone agree both are better than stock asus firmware, of which I get the impression is vulnerable like other home routers?
 

coxhaus

Part of the Furniture
pfsense and Cisco both keep on top of their software updates for the latest security issues arising out in the wild. The problem is pfsense breaks stuff a lot more with their updates. I have run both and I only remember 1 time when Cisco caused me an issue. While I ran pfsense for a little over a year they had many issues after almost every update to where I felt like I had to test pfsense after every update.

Of course, I ran pfsense with a Cisco L3 switch.

Last time I looked you could buy a Cisco RV340 router just under $200.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top