Best way to firewall?

I am trying to decide on what kind of firewall I want for my home network. I have a Synology RT2600ac router and it has a very limited firewall. I want something that is a lot better, something with sandboxing and zero-day protection, but I’m having trouble deciding what to do. I started to look for an appliance that I could add between my router and modem but it seems like anything advertised as a firewall is also a router and I don’t want to be double routed. I was looking at a software solution instead but found nothing. The closes I found is an antivirus program called Comodo Internet Security that has some common firewall features like sandboxing, intrusion detection / prevention and white listing but there seems to be little information about it. Nobody seems to be using it and it will not protect my whole network. I’m also thinking about Untangle, NG Firewall on an appliance but I don’t know if this also doubles as a router too. Anyone have Untangle? What are other people using? Any suggestions/ advice? Thanks!

A firewall manages (aka routes) traffic between (at least) 2 different networks (tha lan side with your network devices) and the WAN side with your modem/router.

If you will, consider a firewall a spcific subset of routers.

There are firewall appliances with interfaces for DSL, modem, LTE, … but these are typically midrange entrprise models with price tags 》1000USD.
Typically you would look for appliances with expansion slots and get an extension modul with the suitablemoden/transceiver type.

For home and soho you typically have a consumer grade modem with basic routing and very simple firewall functionality.
If you want a decent firewall you usually end up with
ISP → Modem/router → firewall/router → internal networks

With this setup you have a double NATing (network adress translation)

  • public IP to Lan IP on modem
  • Lan IP on Modem to internal IPs on firewaĺl
    This us not a big issue and usually does not have an impact on performance.

If you have a relly cheap modem or shitty ISP the double NATing can be faster as you can configure fast DNS servers (cloudflare or google on thecfirewall and bypass the slow dns servers of your ISP.

If you are interested in open source firewalls then pfsense might be a good option as you can find a ton if youtube tuutorials.

If you are interested i business grade solution you might look into sophos. They provide a firewall OS that home users can use free of charge and that can be installed on intel systems (e.g. intel nuc with 2+ network ports)
This is same platform companies pay big money for and it has a lot of very nice features and nice gui.

Basic setup with the quick indstallation assistant will likely provide you with a working network. But beyond this the learing curve is steep.

But this is true for all firewall systems.

Thanks for answering. I want to avoid double NATing. Recognizing that adding a firewall appliance that inherently has routing capability will create this problem. But I am willing to forgo the appliance’s routing capability and set it up as only a transparent bridge even though the initial cost is $600-$800 but the protection capabilities are business-level quality. All of the firewall appliances I found so far are also routers. I’d like to know if there’s an appliance out there that is only or primarily a firewall. If not, then I would want an appliance that can easily be configured as a transparent bridge. I want to put my router behind the firewall, not before it. PFSence, as far as I know is not capable of zero-day and sandboxing. I was thinking of base models from Arista (Untangle) NG Firewall or Sonicwall. Any experience with this kind of set up?