I REALLY like the Unifi line by Ubiquity. For the vast majority of small business needs it has everything you need without the high price tag of Meraki/Cisco and other vendors. This is a very long time client who has a local accounting business. For the longest time he has been running a Sophos firewall in just firewall mode with no subscriptions. It’s been 5 years since he did a significant upgrade to his core network. I have noticed that internal connectivity has been getting slower than normal due to the now 15 year old Netgear switch that was being used. He also pressed a Netgear home WiFi point into service about 5 years ago and now that is also getting old and unstable. I just got done installing a new Unifi USG pro-4 firewall, an USG 24 port switch and a Unifi AC-Lite access point. The firewall has a decent IPS and geo-ip blocking built in and advanced VLAN capabilities for a fraction of the price of other smart switches. He now has the following networks:
Internal
WAN
Guest WiFi
POS
Tech WiFi
VOIP
All of this on 3 pieces of gear. In the left hand picture the firewall is on top of the switch. IN the right hand picture is the WiFi access point on top of the network cabinet. VLANS and firewall rules fully isolate each of the networks away from each other and all of them can get to the WAN(Internet). There’s doing it cheaply(which is how it was done before) and then there’s the cheaper, correct way to do things. I was not allowed to redo all of the network wiring but that is the next thing I am proposing we do.