I currently have Google Wifi. My background is CS but I haven’t done a lot of networking in practice. My home will need two APs to cover, but I am reluctant to lay ethernet wires, and so mesh will be required. My objectives are:

  1. To segregate IoT devices (with VLANs)
  2. To have a more secure firewall
  3. To do better parental control

Option 1

Pros

  • Sophos XG Home is a real “next-gen” firewall, with its filtering data and anti-virus constantly updated. It is backed by a company whose business is firewalls.
  • Mostly standard network equipment; so good extensibility

Cons

  • Prone to accidents: While I am comfortable with the settings, I don’t have real experience using it. So what if I misconfigure something or fail to apply a firmware update?

  • Worried about the longevity of the Protectli box. My Google Wifi has been on 24x7 for five years with zero issues. I expect the Protecli box to be dead in 2-3 years.

  • The TP-Link Omada needs to run a dedicated management server for its mesh to function. That is one more box somewhere.

Option 2

Similar to option 1, but use Firewalla Gold or Purple instead of Sophos XG as firewall/router/DHCP/DNS server.

Pros

  • The firewalla box is managed by the company
  • Some of the firewalla functions are pretty neat and useful

Cons

  • Firewalla may be less capable than Sophos in terms of filtering, anti-virus, and IPS/IDS (??)
  • Firewalla is a bit more proprietary and so I would expect fewer future possibilities

Option 3

  • Just connect all the IoT devices to Google Wifi’s guest network

Pros

  • In both option 1 and 2, I am not sure security is better than Google Wifi, because Google has both the incentive and the resources to keep its systems secure.
  • Simplicity

Cons

  • Not flexible. I can’t create more zones. For example, it is actually useful to create a zone for home office and a zone for kids.

Do people have opinions or experiences with either option? What would you choose?