Looking for Consumer Grade Router with Subnetting/Firewall

[TigerBoy]

I usually deal with SMB to Enterprise grade routers/switches/firewalls and wanted something for my home that is consumer price friendly.

 

I am looking for a wireless router that can do the following

- Access control (either these two ways):

--> Inter-Port level communication blocking

--> Port subnetting (then firewall-ing)

- All wireless clients will be guest except one which can communicate to a trust network

- Something that is new and consumer grade (hopefully not more than 250$)

 

Here is my intended communication paths:

ISP Modem (Internet) <- Wireless Router LAN1 <- Trust Switch (Laptops, Desktop, NAS, etc.)
ISP Modem (Internet) <- Wireless Router LAN2 <- Untrust Switch (Console, Off-Brand Smart TV)
ISP Modem (Internet) <- Wireless Router LAN3 <- Untrust Device (1)
ISP Modem (Internet) <- Wireless Router LAN4 <- Untrust Device (2)

ISP Modem (Internet) <- Wireless Router Wireless1 <- Trusted Smartphone
ISP Modem (Internet) <- Wireless Router WirelessGuest <- All other Smartphones

Trusted Switch <-> Wireless Router <-> Trusted Smartphone

 

Is there such a product in the "affordable" space?

 

Expected concurrent throughput is 100Mbps max.

 

Worst case scenario my priority is mainly securing the Wired connections and the wireless thing can be an after thought.

 

Thanks!

[Electronics Wizardy]

Do you need consumer grade? Basically all consumer grade stuff is made for one l2 network.

 

Id go with something like a mikrotik or edge router here. Gives you all of those features, and cheap(sub 100 usd). Then get a access point like a unifi nano hd and you have good wifi + all of those features for about 250 usd.

 

 

[TigerBoy]

5 minutes ago, Electronics Wizardy said:

Do you need consumer grade? Basically all consumer grade stuff is made for one l2 network.

 

Id go with something like a mikrotik or edge router here. Gives you all of those features, and cheap(sub 100 usd). Then get a access point like a unifi nano hd and you have good wifi + all of those features for about 250 usd.

 

 

Thanks for the reply. I am just really going cheap on this particular network. I can deal with the wireless thing later. 

 

Is there a specific device that you can start me out in the Mikrotik realm? Never worked with this brand before.

[Electronics Wizardy]

Just now, TigerBoy said:

Thanks for the reply. I am just really going cheap on this particular network. I can deal with the wireless thing later. 

 

Is there a specific device that you can start me out in the Mikrotik realm? Never worked with this brand before.

What bandwith do you need? Do you need IPS or a high performance vpn?

 

If your not dealing with much bandwith(under about 500mbit id say), and no ids or high performance vpns, this should be plenty

 

https://mikrotik.com/product/RB750Gr3

 

Or get a edge router

 

https://www.ui.com/edgemax/edgerouter-x/

[TigerBoy]

7 minutes ago, Electronics Wizardy said:

What bandwith do you need? Do you need IPS or a high performance vpn?

 

If your not dealing with much bandwith(under about 500mbit id say), and no ids or high performance vpns, this should be plenty

 

https://mikrotik.com/product/RB750Gr3

 

Or get a edge router

 

https://www.ui.com/edgemax/edgerouter-x/

how careless of me to not include the usage... 

 

I would never Imagine a load on the device to hit 100Mbps concurrently since majority of the heavy traffic is in between that trust switch.

 

No VPNs, No IPS just regular traffic passing through. Just need those inter-port ACLs to lock access down.

 

Trying to look through my options both on the Mikrotik and EdgeRouter side. Would you have any recommendations? 

[Electronics Wizardy]

1 minute ago, TigerBoy said:

how careless of me to not include the usage... 

 

I would never Imagine a load on the device to hit 100Mbps concurrently since majority of the heavy traffic is in between that trust switch.

 

Trying to look through my options both on the Mikrotik and EdgeRouter side. Would you have any recommendations? 

They should work fine here. Id probalby go mikrotik if its me, but both will work fine.

 

Also you can just get one switch if you want and setup vlans, might be better than multiple unmanaged switches.

[TigerBoy]

1 minute ago, Electronics Wizardy said:

They should work fine here. Id probalby go mikrotik if its me, but both will work fine.

 

Also you can just get one switch if you want and setup vlans, might be better than multiple unmanaged switches.

Will look around Mikrotik's catalog to see what can do the job

 

For the VLANning.... Will definitely do that in the new house where the cables are laid out strategically. In the place where I am going to install this, the room layouts would better benefit having a switch than multiple longer cable runs.

 

Thanks for all your help Electric Wizard Rabbit that shoots lasers. Stay safe.

[TigerBoy]

Just Posting this for everyone's reference:

 

- Will still use my ISP's wireless router/modem combo (instead of getting a new one)

- Decided on getting an Ubiquiti EdgeRouter X

--> Will configure rules as detailed in my first post

--> I will configure DHCP static MAPs for my trusted network devices (instead of static IP-ing them to easier manage them) which also includes the smartphone

--> Will create NATs/port forwards for specific items in my trusted network that requires access from the wireless network (behind the ISP)

--> Will create a rule that will lock down access for my phone to the trusted network port forwards

 

Costs (less than 100$):

Edge Router X - 85$ (more expensive here)

Cabling - 14$

 

Again thanks to Electronics Wizardry for all the help!

[WiFi MisFit]

7 hours ago, TigerBoy said:

I usually deal with SMB to Enterprise grade routers/switches/firewalls and wanted something for my home that is consumer price friendly.

 

I am looking for a wireless router that can do the following

- Access control (either these two ways):

--> Inter-Port level communication blocking

--> Port subnetting (then firewall-ing)

- All wireless clients will be guest except one which can communicate to a trust network

- Something that is new and consumer grade (hopefully not more than 250$)

 

Here is my intended communication paths:

ISP Modem (Internet) <- Wireless Router LAN1 <- Trust Switch (Laptops, Desktop, NAS, etc.)
ISP Modem (Internet) <- Wireless Router LAN2 <- Untrust Switch (Console, Off-Brand Smart TV)
ISP Modem (Internet) <- Wireless Router LAN3 <- Untrust Device (1)
ISP Modem (Internet) <- Wireless Router LAN4 <- Untrust Device (2)

ISP Modem (Internet) <- Wireless Router Wireless1 <- Trusted Smartphone
ISP Modem (Internet) <- Wireless Router WirelessGuest <- All other Smartphones

Trusted Switch <-> Wireless Router <-> Trusted Smartphone

 

Is there such a product in the "affordable" space?

 

Expected concurrent throughput is 100Mbps max.

 

Worst case scenario my priority is mainly securing the Wired connections and the wireless thing can be an after thought.

 

Thanks!

With the range of specific needs you have identified I suggest pfSense. The software is open source, runs on your hardware or you can buy integrated kits.

https://www.pfsense.org/products/

 

Add a raspberry pi running Pi-hole and you have a good start.

https://pi-hole.net

 

Cheers!