Why you should consider running a real firewall to protect your hot wallets

Note:  This is intended for people with a intermediate level of knowledge of building computer systems and networking.  

Your WiFi router security isn’t going to cut it.  Most wireless routers perform basic protection of your internal network, and don’t perform advanced functions such as intrusion prevention and anti-malware.  You also might want to create very specific rules about what is allowed to talk to what. If you have hot crypto wallets running 24×7, you are potentially a target and should think about beefing up your network security.

Build yourself an enterprise grade UTM (Unified Threat Management) firewall with FREE software and inexpensive hardware.  My entire build was about $250 which I have been running for several months.

The software: Sophos UTM (PFSense could also be an option, but I prefer the ease of use and enterprise features of Sophos)

The free home use license:

  • Fully-equipped software version of the Sophos UTM appliance
    • It is the same exact software enterprises use.  I have professionally installed these firewalls at small and medium sized businesses.
  • Complete network (IPS), web, mail and web application security with VPN functionality
    • I use the VPN functionality to access my home network from across the globe.
  • Protects up to 50 IP addresses
    • The only difference from the enterprise version is it supports up to 50 IP addresses, which is more than enough for the average home user.
  • The interface is easier to use and more intuitive than other vendors I have seen.
  • Will act as a wireless controller to Sophos branded access points
  • Can centrally manage endpoint antivirus software

Again, this is free software.  You just need to register, download the bootable image file, create a bootable CD or thumbdrive, and then install on your appliance from that.

For more info: https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

To download:


Quick start instructions here:


When you register, you will be provided with a license file that you will upload to your appliance after the software has been installed

You will need to install your new firewall software on some hardware.  You could use an old PC, but it’s unlikely your PC has two network interface cards, and PCs tend to have moving parts like fans and hard drives.

My recommendation is to purchase a small appliance with dual network interfaces.  For my latest home deployment, I used the following hardware.


Protectli Firewall Micro Appliance With 2x Gigabit Intel LAN Ports, Barebone

Purchase at: https://amzn.to/2Q06A8Q

-Price: About $179

-This little appliance is fanless, and combine that with an SSD drive, has no moving parts.

-It has a dual core Celeron, more than enough for running a firewall.

-It has dual network interface cards (NICs), one to face your inside network, and one to face your ISPs modem.

-It’s compact and won’t look out of place next to your modem and wireless AP.

-It’s barebones, so you can choose the memory and SSD drive


Crucial 4GB Single DDR3/DDR3L 1600 MT/S (PC3-12800) Unbuffered SODIMM 204-Pin Memory – CT51264BF160B

Purchase at: https://amzn.to/2NIE22n

-Price: About $35

-4GB is enough to run the Sophos firewall

-Choose a reputable manufacturer

SSD Drive:

Transcend 32GB SATA III 6Gb/s MSA370 mSATA Solid State Drive (TS32GMSA370)

Purchase at: https://amzn.to/2wEomGE

-Price: About $38

-32 GB is enough to run the Sophos firewall.  If you want to do a lot of logging or packet capture then you might want more.

Existing WiFi Router

Change to bridge mode to avoid double-NAT.  Double NAT can cause issues with some applications.  You can also purchase Sophos branded access points which can be controlled from the firewall itself.  

Consider a UPS

Consider purchasing a UPS to run your new firewall off of.  A UPS provides a multiple benefits.

-Protects your device from temporary power outages and power fluctuations, which can damage components and decrease their lifespan.

-Maintains internet connectivity during local power outages (amount of time subject to the size of the UPS)

I chose the following because it’s relatively small and provides about 45 minutes of uptime.

APC UPS 600VA Battery Backup & Surge Protector with USB Charging Port, APC UPS BackUPS (BE600M1)

Purchase at: https://amzn.to/2PZqhh6

If you are interested in deploying a real firewall at your home or small business, and don’t know where to get started, I can provide consulting services to get you on the right track.

Leave a Reply

Your email address will not be published. Required fields are marked *