I briefly checked into Sophos, but found that to be overkill for our needs. We settled on pfSense which is available as an ISO, a virtual appliance and on hardware (it's open source). It supports ipSec and OpenVPN tunnels for external access. It does have firewall capabilities mostly based on port rules and stateful inspection:
https://www.pfsense.org/about-pfsense/features.html
Dedicated hardware is needed if you have a lot of traffic like in a switch where the theoretical throughput is 1 Gbit times half the number of ports or for a heavily used VPN gateway. But for a router/firewall the bottle neck is likely the internet connection rather than the computer. A regular PC is more powerful than most hardware that is built into physical routers.