What's the difference between a corporate firewall appliance and a home/SOHO firewall/router device (a Linksys router with SPI, for example)?

These corporate firewalls seem to be quite expensive but I haven't been able to find out anything about how they are more secure than a home device. Can anyone help out?

Corporate Firewalls come in many flavors...many different options. But some of the differences you'll see are:

*Much higher horsepower under the hood. Routers have a CPU, and memory. Under 50 dollar home routers will often be under 100MHz and maybe 512k or a meg or two of RAM. More midrange routers towards the hundred dollar mark will often be over 100MHz, with perhaps 4 or 8 megs of RAM. As we get towards several hundred bucks and on up..you'll get towards 200MHz and on upwards. I've currently reporting from behind a higher end Linksys/Cisco RV082 router, which I've been deploying a lot of lately. I love them. It has an Intel 533MHz CPU, 24 megs of DRAM, and 16 megs of flash. This router FLIES under heavy load, like night and day with a conventional home market router. Much of that horsepower is harnessed for better VPN throughput, so remote VPN connections will perform better. All that encryption takes horsepower. I've seen the difference in performance from entry level routers doing VPN, replaced by Sonicwall routers, and WOW was the VPN much faster. Also the amount of concurrent VPN connections that they support.

*High Availability...rock solid, stable OS, no reboots needed.

*Some have the ability to enforce policies such as making sure a workstation is kept up to date with antivirus protection..if it isn't, it isn't allowed on the network until it's up to date.

*Some have the option of connecting to the router through a remote VPN client software. That's a nice feature, connect to your LAN securely from anywhere on the road..say..with your laptop.

More options in the web admin, fancier port forwarding features, many have built in managed switches, support router to router VPN tunnels, content filtering.

Thanks for the comments; much appreciated.

Would it be correct to assume then that for a small office (under 10 people) using Internet access only for retrieving e-mail and browsing with no need for VPN there's no real need for a corporate strength router/firewall?

An under 10 node? Yeah, even an el-cheapo sub 50 dollar one would do the job. It all boils down to a question of "How well does it do the job?" Your selection is based more on routers that will provide basic NAT firewall protection (which they all do, it's a function of NAT)...most newer models also have an SPI (which is one more step in improving the firewall), and a model that will be stable and compatible with your ISP. Most are compatible with most ISPs, stable often tends to be a matter of which you choose, and environmental conditions.

Does the office run anything else? Server in place?

Yes, there's a server, but it only does three things: domain controller to allow people (in the office, not from outside) to log on to the local network, print server for one printer and file server (again no outside access required - just to share files across the local network).

No ftp server, web server or e-mail server. So currently there's no need to allow access to the server from outside. We might, however, consider an e-mail server one day.

A router should do you just fine under those circumstances. :thumb: