It really depends on the specs (not hardware specs but firewalling and throughput specs).
If you don't do anything fancy and just have some rules and some interfaces, you can get by with a C3000 era SoC. If you intend to do IPSec, OpenVPN, IPS etc. you'll want more CPU, more RAM and more modern...