[pfSense-discussion] Clients... ugh

[DarkFoon]

I've got a client who has asked me (among other things) to make him a router/firewall. Currently he has a "hardware" firewall/router but I told him that it doesn't support the features he wants. I attempted to pursuade him to use pfSense, but he would rather have a "hardware" (meaning linksys, netgear, etc.) firewall/router because he thinks they're more secure.   The main features he wants are:   -> "isolated ports". He wants each port on the LAN to be seperate from the others, but all with the same features for each (so each has its own firewall settings, each has its own DHCP, and so on). Basically, he thinks that with this, if  "hacker" breaks into the network of one port, he doesn't have access to computers on the other ports on the firewall/router. (I am not so certain that this is possible; please, prove me wrong)   -> VPN. He wants franchisees to be able to login over a secure (encrypted) link and access a special place         where they can put sensitive information.   -> DMZ (but that's pretty much standard)   I figure pfSense would be able to do all these, but, like I said, he wants me to look for "hardware" firewall/routers.   First, can anybody explain the difference (if any) between a computer running pfSense, and a "hardware" router/firewall? (I didn't think there was one, except for the ROM chip containing the firewall/router OS)   and Secondly, does anybody know of any "hardware" firewall/routers (man, I'm tired of typing that) that have the above features?   I'm not trying to snub pfSense; I'd love to use it, but I can't convince him (well, possibly, but he wants me to first look for a "hardware" solution) I am asking here first because I have been watching the mailing list for several months now, and I trust the opinions and information of (most) of the people here. ;)   Thanks for your help/time. Anthony Rossi