During my work with clients over the past 14 years (14 years!), I’ve installed and configured a lot of different consumer (home) and SOHO (small office/home office) routers. I’ve finally just recently found one that I now happily use and can wholeheartedly recommend.
Before we get to that, let me briefly explain what a router is and what it does for those who don’t know or aren’t sure. (If you know what routers do, just skip to the next paragraph.) Routers are devices that connect you to and protect you from the Internet. A router sits “between” your home network, known as a Local Area Network (LAN), and the Internet (which is a Wide Area Network, or “WAN”). Your router provides IP addresses for your local devices, and manages their connections so that each device gets the correct returning traffic. Many routers include WiFi capabilities. Finally, most consumer and SOHO routers include a small (usually 4-port) “switch”, which allows you to connect a limited number of wired devices, one of which is almost always a larger switch. Most cable modems and DSL modems have router capabilities built in, but I always recommend a separate router because: they provide more functionality; and, if you change providers or need to replace your modem for some other reason, you can use the same router that already has all of your customizations such as DHCP reservations or special firewall rules.
And the winner is: the Netgate SG-1100. (Note that this is not an affiliate link, and I get no considerations – money or otherwise – from Netgate; I am just a delighted customer.) I recently purchased one for our home, from which we run our businesses, and which has 3 separate LANs (each with its own address space). I also purchased a year of tech support, as the SG-1100 has only 3 Ethernet connectors – WAN, LAN, and OPT – and I thought I might need some assistance configuring our 3 networks on two connectors (LAN and OPT; the WAN is used to connect to the cable modem). I did, they were great, and more on that in a minute.
For the past year or so, I’ve been using as our router/firewall an old PC running a freely available, community-supported, open-source router/firewall/VPN solution called pfSense, which is also available to download from Netgate. As far as I can tell, it is almost identical to the software that runs on their hardware, with a few exceptions for managing their hardware or providing additional, esoteric functions. I initially started using pfSense when I was looking for a solution with actual IPv6 support that didn’t cost more than $1000. This worked well, and I’ve been pleased with it.
The reasons I wanted to purchase a purpose-built pfSense device (i.e., the SG-1100) to replace the aging PC running the open-source version are three. First, the PC is aging, and will undoubtedly fail at the worst possible time. Second, I wanted something smaller and that would consume less power than the old PC. Third, I wanted something with hardware that supports Intel’s Advanced Encryption Standard Instructions (AES-NI) (the old PC didn’t, the SG-1100 does).
As I mentioned before, the one thing I was unsure about was how to get three networks to run on two connectors. The answer, of course, is tagged VLANs (note that using tagged VLANs with this router also requires a switch that supports tagged VLANs). The support that I purchased with the new device is “email only with less than 8-hour response.” So, I created a help ticket on their support system asking how to convert my old configuration (many DHCP reservations, a couple of custom firewall rules, and some port mapping) from the PC to the SG-1100 (that’s the short version; the long version is a story to tell over a cup of coffee or a beer). I got a response is way less than 8 hours – more like less than an hour – and they actually offered to convert a backup from my old system that I could restore to my new SG-1100. I sent them the backup, they sent the converted file, and it worked like a charm. And all of this happened within the first 8 hours after I submitted the help ticket.
pfSense is probably overkill for most home networks, and the SG-1100 does not include any WiFi capability (I prefer separate WiFi access points anyway). However, at a price point well below most of the “high-end” home routers, a tiny footprint (4.5″ x 3.5″, and about 1.25″ tall), and less than 4w power consumption at idle, this is well worth looking at. If you’re an enthusiast, manage a small business network, need good VPN support (IPsec, PPTP, and OpenVPN), or want excellent IPv6 support, the Netgate SG-1100 is the cat’s meow.