Firewalla Gold Plus Suitability

[Tech9]

I sent this question to the Firewalla support email address.

Firewalla support won't give you an answer if you can run different software on their hardware... if that was the question. The appliance is manufactured by someone else and branded as Firewalla. I know is runs Ubuntu with their software as application. I'm pretty sure the hardware is reusable. Again - for only $150 I would get one, play with all the options and decide which one fits better my needs. Obviously you like to play with tech. Why not?

You don't have to disturb your current setup right away. Let it run, you play with the new stuff. Once you have what you want - make the new device your main router/firewall. You may not want to look back at home routers. You can have native VLAN support, proper network segmentation, never worry about NAT acceleration again, you may want proper APs with VLAN support at some point later and ditch Asus (or other) home routers altogether.

 

[Smokey613]

I will take it for 75% off if you don’t want.

 

[Tech9]

I will take it for 75% off if you don’t want.

I'm sorry, but I asked first.

 

[GHammer]

Firewalla support won't give you an answer if you can run different software on their hardware... if that was the question. The appliance is manufactured by someone else and branded as Firewalla. I know is runs Ubuntu with their software as application. I'm pretty sure the hardware is reusable. Again - for only $150 I would get one, play with all the options and decide which one fits better my needs. Obviously you like to play with tech. Why not?

You don't have to disturb your current setup right away. Let it run, you play with the new stuff. Once you have what you want - make the new device your main router/firewall. You may not want to look back at home routers. You can have native VLAN support, proper network segmentation, never worry about NAT acceleration again, you may want proper APs with VLAN support at some point later and ditch Asus (or other) home routers altogether.

No, the questions were can I port forward IPv6 and use other DDNS providers than Firewalla.
I agree with you on the hardware and I'm going to get it. As you said, heck of a box for the price even if I don't use the software. If it does pan out stock, cool. If not, I'll likely holler for pfsense help <g>.

 

[Smokey613]

I do not have IPv6 available on either of my connections so I am no help on that question. As for DDNS, I use my own domain name and simply use a CNAME entry and point it to the DDNS hostname used by the Firewalla.

 

[Tech9]

can I port forward IPv6

There is nothing to port forward there. IPv6 doesn't use NAT. The devices have global routable addresses. You need to tell your firewall what's allowed to specific address. Not sure if home user oriented Firewalla can do this, but commercial router OS can. I don't use IPv6 on my networks, but I can take a look what has to be done in pfSense. There is no "port forwarding" term though.

 

[GHammer]

As for DDNS, I use my own domain name and simply use a CNAME entry and point it to the DDNS hostname used by the Firewalla.

Thanks for that. I did see that as being a workaround if needed. But you can run an updater on any device on your LAN or you can add ddclient into the Firewalla. Either way, you keep the features that the Firewalla relies on their DDNS for but can update your domain as you normally would.

 

[Tech9]

Just don't count on @Smokey613 if you delay your testing with 2 weeks. This is the usual hardware change cycle for him, sometimes it happens faster. Follow him and watch for weekly signature updates. Special attention over the weekends.

 

[GHammer]

I don't use IPv6 on my networks, but I can take a look what has to be done in pfSense.

That would be swell. Thanks.
I think my previous issue with pf/opn Sense was that the device has a routable IPv6 address from prefix the ISP allocates. It also has a link local fe80 address and for most likely user error reasons, would not allow traffic to pass to either of them.
Yeah, port forward. My silly shorthand for what I want to do.
It's very clear from the Merlin loads what is actually happening. Enable IPv6 firewall and create the rules you need. But, it also creates the hairpin for you. I love GUIs Perhaps if I knew how, looking at the rules created by the GUI would be useful.

 

[GHammer]

Just don't count on @Smokey613 if you delay your testing with 2 weeks. This is the usual hardware change cycle for him, sometimes it happens faster. Follow him and watch for weekly signature updates. Special attention over the weekends.

Ha, well, there's your Firewalla box then!

 

[Tech9]

I have a boring setup consisting of Netgate x86 appliance, Netgear switch with PoE, 4x Ruckus APs with PoE and mini-PC x86 NAS. Downsized from home lab server rack with 100kg iron and don't remember how many fans and watts. I had a collection of about 30 popular home routers, but got rid of them as well (most donated). Testing Asus routers for fun I stop here to annoy people who think reboot and reset technology is the best you can get. Slowly converting serious people to more serious hardware and hoping they can have more enjoyable life after. The is life beyond reboot and reset.

Don't count on Asuswrt and IPv6. You may get some surprises more serious than GUI bugs.

 

[Smokey613]

Just don't count on @Smokey613 if you delay your testing with 2 weeks. This is the usual hardware change cycle for him, sometimes it happens faster. Follow him and watch for weekly signature updates. Special attention over the weekends.

You are definitely correct about my hardware change cycles! I will say that I feel confident that the Firewalla Gold is a keeper. The only reason I moved away from the first one I had was my “unatural fear” of a cloud based control device.

Alas, in this day and age that is getting increasingly harder to avoid so I opted for the easy route and went back to a Firewalla.

Make no mistake, the little ER605 is still configured and waiting patiently on a shelf if the “cloud paranoia“ strikes again.

 

[GHammer]

Alas, in this day and age that is getting increasingly harder to avoid so I opted for the easy route and went back to a Firewalla.

Speaking of easy, how do you like using a phone for configuring things?
I've got a lot of devices to assign, but, it's a one time thing I guess.

 

[Smokey613]

Speaking of easy, how do you like using a phone for configuring things?
I've got a lot of devices to assign, but, it's a one time thing I guess.

It is really easy, hence the reason I went back to the Firewalla. I rarely use a PC for anything other than my Plex server.

 

[L&LD]

You have some sort of delusion of grandeur don't you?
Aren't you the 'Factory reset for everything' guy?

Sadly, you fixate on your interpretation of 'discount'. Again, in simple terms for you, my friend (a term you aren't likely familiar with) has a code. This code will allow me to buy a shiny, new, unit. My friend is not selling anything, not getting money, you get the picture now or is it over your head?

Wow, a whole 70 views and no definitive answer. I'm shocked. Which 'answer' shall I choose oh wise one? Because there isn't anyone who has answered the questions I posed.

If I do take the very generous offer from my friend (sorry, you wouldn't understand) I won't be where I am now.
First, it'll be a new router. Second, I'll have a few additional 2.5 gb ports available for enhancing my internal network. Third, I'll learn something about a new device (sorry again, you don't seem to be a learning type to me).

Have at it, post silly responses in my thread and I'll have some fun with you. Rather not, but some people never get the hint. You are today's prize winner.

No delusions on my part. But you sure seem like a great political candidate with your double-speak.

I'm not that guy. That is another's twist of my contributions here who know little of reading comprehension skills, similar to yours.

Now that you explain it, yes, I get how you'll get 75% off of that product. Now, that wasn't hard.

Almost a decade ago I came to these forums to engage more directly on the topics within. That knowledge has allowed me to work in this field for the past few years. So, you're very wrong. I am a learning type. Again, your bias and presumptions are showing.

Anyone can take any response and make light of it. Doesn't make that original response silly, but it sure makes the one who interprets it like that look less.

I'll highlight one last time that I answered one of your questions in your first post. You don't need to like or agree with the answer, but you shouldn't be so close-minded to others perspectives when posting on a public forum. After all, we're not mind readers, nor do we know which question you want answered to your liking either.

I hope you do pick up that equipment and learn a few new networking bits. And, I hope you come back and share your newfound knowledge too.

 

[Tech9]

I need one multi-NIC mini-PC like this for my Sophos Firewall exploration. I had it running few years back, but now there is a new XG based Home Edition. Unfortunately, it needs 2x NICs minimum. Can't be installed with VLAN LAN/WAN on single interface like pfSense.

It looks interesting and not too complicated for home use:

Cybersecurity as a Service Delivered | Sophos

We Deliver Superior Cybersecurity Outcomes for Real-World Organizations Worldwide with a Broad Portfolio of Advanced Security Products and Services.

www.sophos.com

An idea for @GHammer. Free software for home use. If it can be run on this $150 box - bingo!

 

[GHammer]

I need one multi-NIC mini-PC like this for my Sophos Firewall exploration. I had it running few years back, but now there is a new XG based Home Edition. Unfortunately, it needs 2x NICs minimum. Can't be installed with VLAN LAN/WAN on single interface like pfSense.

It looks interesting and not too complicated for home use:



An idea for @GHammer. Free software for home use. If it can be run on this $150 box - bingo!

I have to admit, it looks interesting. Except for this in the short manual online:

Sophos Firewall Home - Recommended Reads - Sophos Firewall - Sophos Community

Table of Contents OVERVIEW Limitations Central Management Hardware Requirements Links & Guides Where to Download Creating a bootable

community.sophos.com

"I would guess the same. It should be i219 and i225/i226 that are not supported"

 

[Tech9]

This is a little disappointing. I may have to find something else to play with then.

 

[coxhaus]

I would have tested one, but they seem not to support layer 3 as I want to route from my cisco L3 switch to the Firewalla and they do not support it. I posted on their forum.

 

[GHammer]

Well, I decided against the FWG+ both because I don't want a cloud based config for many reasons and because it doesn't offer the things I want/need. I did take the discount, but passed it along to a friend.
What did I do? I decided to listen to @Tech9 and give pfSense another look.
So, it is running well, doing all I want/need on an older machine that was sitting gathering dust. Draws 45-50W.
I had an issue that made no sense, and though I have no support not using their hardware, I opened a ticket with the TAC folk. I had a response within 5 minutes. On a Sunday! TAC asked me to allow them access to the device and they found what would prove to be a kind of widespread issue. Explained all this to me, gave me the fix that they had already applied. The next day, there was an official fix posted on their bug tracker.

Now I'm free of the AIO router boxes that I have relied on at home for many, many years. If I want to go with another brand AP, no problem. Want to upgrade switches, no problem. Opens a new horizon network-wise for me.