Anybody running one of these as a router? What do you think of it? I was reading on Reddit and it seems like some people are replacing their firewalls with a Firewalla Gold. From what I gather they are really easy and fast to setup. They support VLANs and they have a lot of features.
Firewalla Gold
- Thread starter coxhaus
- Start date
I don't trust a startup company which is never heard. I don't even trust how they respond to security incident. There are horrible Warranty Policy and Privacy Policy. 99% of startup companies are disappeared quietly in years.
suku_patel_22
New Around Here
Hi,
I am using a Firewalls Gold (FWG) as my home router in a multi-wan setup with 4 VLAN's, and a couple of TPLink EAP's.
Firewalla has excellent support over email, and has a very good support on reddit at r/firewalla.
They are not a new company and have been around since 2017.
I can help answer specific questions if you have about FWG.
I am not related to Firewalla in any way, just a happy customer.
I am using a Firewalls Gold (FWG) as my home router in a multi-wan setup with 4 VLAN's, and a couple of TPLink EAP's.
Firewalla has excellent support over email, and has a very good support on reddit at r/firewalla.
They are not a new company and have been around since 2017.
I can help answer specific questions if you have about FWG.
I am not related to Firewalla in any way, just a happy customer.
L&LD
Part of the Furniture
Welcome to the forums @suku_patel_22.
Five years in internet time is like 0.4 nanoseconds of a traditional business. Email and Reddit are not what I think of as support for hardware and software products either.
Glad you're happy with Firewalla. I hope that continues for a very long time.
Five years in internet time is like 0.4 nanoseconds of a traditional business. Email and Reddit are not what I think of as support for hardware and software products either.
Glad you're happy with Firewalla. I hope that continues for a very long time.
I use a Firewalla Gold to load-balance (why? because I can 
) between Spectrum and T-Mobile Home Internet. The FWG feeds a Netgear Orbi RBR50 in AP mode with two RBS50 satellites, all eBay refurbs and all running Voxel's awesome firmware.
I considered building my own pfSense box and in the end decided that I really just want something that works OOB.
) between Spectrum and T-Mobile Home Internet. The FWG feeds a Netgear Orbi RBR50 in AP mode with two RBS50 satellites, all eBay refurbs and all running Voxel's awesome firmware.I considered building my own pfSense box and in the end decided that I really just want something that works OOB.
Smokey613
Very Senior Member
Same here, I tried all the normal solutions ie. pfsense, Untangle, opnsense, etc. I now have a Firewalla Gold for my home setup and I really like it. Yes, it was expensive but it makes everything so easy and it just works, especially the dual wan / failover. I am a satisfied customer.
wase in az
Occasional Visitor
so, what specifically in their warranty and privacy policy is "horrible" in your eyes?
Tech Junky
Part of the Furniture
@JJNorCal
I picked up on this device a couple of months ago while scrolling around on my phone. It's intriguing from the standpoint of being able to drop it into place and do some basic configuration to be off to the races.
The gold has the least amount of limitations when scrolling through the specs / features. When it comes down to IDS/IPS it seems like an additional layer of protection if you have users that aren't generally cautious about sites they're on. If you have a good security policy though they're unneeded. The best security outside of blocking external access is knowing the potential threats.
To me though running my own DIY server/router/FW setup it's easy to just roll functions into the same box vs adding additional appliances to the mix. However for an out of box device this hits a lot of checkmarks for simplified deployment. On the other hand you could DIY your own setup using a PC / NIC / Linux and get wire speed from it as well. The higher HP of the CPU will provide in addition to the FW functions the speed / power necessary to run a VPN on top at wire speed like Nord w/ wire guard (nordlynx). Being able to hit those wire speed numbers comes down more to the CPU being able to handle the encryption side of things.
With my DIY box / gig ISP I can hit 1.3-1.5gbps w/ VPN enabled using WG. If testing with OVPN on the same servers it drops to 500-600gbps. In the end though it all depends on what you want to use the appliance for. It all boils down to configuration though as to what's going to be tracked / blocked.
I picked up on this device a couple of months ago while scrolling around on my phone. It's intriguing from the standpoint of being able to drop it into place and do some basic configuration to be off to the races.
The gold has the least amount of limitations when scrolling through the specs / features. When it comes down to IDS/IPS it seems like an additional layer of protection if you have users that aren't generally cautious about sites they're on. If you have a good security policy though they're unneeded. The best security outside of blocking external access is knowing the potential threats.
To me though running my own DIY server/router/FW setup it's easy to just roll functions into the same box vs adding additional appliances to the mix. However for an out of box device this hits a lot of checkmarks for simplified deployment. On the other hand you could DIY your own setup using a PC / NIC / Linux and get wire speed from it as well. The higher HP of the CPU will provide in addition to the FW functions the speed / power necessary to run a VPN on top at wire speed like Nord w/ wire guard (nordlynx). Being able to hit those wire speed numbers comes down more to the CPU being able to handle the encryption side of things.
With my DIY box / gig ISP I can hit 1.3-1.5gbps w/ VPN enabled using WG. If testing with OVPN on the same servers it drops to 500-600gbps. In the end though it all depends on what you want to use the appliance for. It all boils down to configuration though as to what's going to be tracked / blocked.
wase in az
Occasional Visitor
i love my firewalla gold, for so many reasons; ease of setup, gig throughput always, simple and easy to configure options, and it just works, all the time, no downtime. Use it for my main routing work, in front of my alien mesh setup, and everything works flawlessly
definitely should be a consideration in these times of heightened security concerns
definitely should be a consideration in these times of heightened security concerns
@Tech Junky, @wase in az, thanks for your feedback! Much appreciated!
A little bit more about my situation. My network:
comcast GB <wire> modem <wire> ER lite <wire> eero <wifi>
eero initiated speed tests regularly indicate 948 Mbps down, 43 Mbps up, so the edgerouter is routing at or near wire speed. I have a few wired devices, but no wired computers. Antivirus software is installed on all Windows laptops, which is a fundamental requirement since they frequently move to other networks (can't rely exclusively on router-based security).
I'm satisfied with current network performance. The reason that I have been considering firewalla is purely to enhance security. I'm not super confident that antivirus software is state of the art, but I guess I really don't know. Is there reason to believe that firewalla would enhance the security of my network?
Thanks again!
A little bit more about my situation. My network:
comcast GB <wire> modem <wire> ER lite <wire> eero <wifi>
eero initiated speed tests regularly indicate 948 Mbps down, 43 Mbps up, so the edgerouter is routing at or near wire speed. I have a few wired devices, but no wired computers. Antivirus software is installed on all Windows laptops, which is a fundamental requirement since they frequently move to other networks (can't rely exclusively on router-based security).
I'm satisfied with current network performance. The reason that I have been considering firewalla is purely to enhance security. I'm not super confident that antivirus software is state of the art, but I guess I really don't know. Is there reason to believe that firewalla would enhance the security of my network?
Thanks again!
wase in az
Occasional Visitor
anti virus software doesnt monitor for the types of instrusions that Firewalla does
check out their website, and join their forum, and you will find out everything you need to know about the abilities of their product
check out their website, and join their forum, and you will find out everything you need to know about the abilities of their product
Tech Junky
Part of the Furniture
@JJNorCal
AV = junk / waste of $ -- I haven't had it installed in over a decade and had to scan maybe once or twice in that time for something as a step in figuring something else out
Having / keeping a small foot print and not clicking on stuff you're not sure about is the best policy. A counter measure would be using some form of Linux and running Windows apps in a VM as needed.
I've also got CC 1GE and get upwards of 1.5gbps out of it but, also built my own DIY router to connect 2 x 1GE ports into a LAG using an MB8600 CM. Keeping that in mind would push to find a FW with 2.5GE or 5GE ports if you want to go the appliance route to make the most of the connection with overprovisioning.
Having dealt with IDS/IPS in the past they take some time to learn the network traffic and fine tuning them to get rid of the false alerts. I don't know exactly what FW's using but, in the Cisco world it's a bit more than just connecting a couple of Ethernet cables and powering it on. In monitor mode they'll work just fine but, you'll be sifting through logs all of the time to see what's going on vs having them trigger on demand after you tune them. When I think about IDS/IPS though I think locally managed mail servers and preventing attachments that aren't verified as safe.
I use NTOPNG to monitor / log IP info / apps / etc on my network on my DIY box. I don't tend to dig into things unless something starts acting funny though. There's a couple of options from the free version to the $300 version for a license that gets more GUI features / more enterprise appearance. For my use though I use it to spot check network throughput and dig up info on destinations that might be missing PIHOLE for DNS blocking.
CM <> DIY <> AP
Before AX /AXE WIFI though I had an AC card inside the DIY box for WIFI which made things even easier to keep an eye on.
AV = junk / waste of $ -- I haven't had it installed in over a decade and had to scan maybe once or twice in that time for something as a step in figuring something else out
Having / keeping a small foot print and not clicking on stuff you're not sure about is the best policy. A counter measure would be using some form of Linux and running Windows apps in a VM as needed.
I've also got CC 1GE and get upwards of 1.5gbps out of it but, also built my own DIY router to connect 2 x 1GE ports into a LAG using an MB8600 CM. Keeping that in mind would push to find a FW with 2.5GE or 5GE ports if you want to go the appliance route to make the most of the connection with overprovisioning.
Having dealt with IDS/IPS in the past they take some time to learn the network traffic and fine tuning them to get rid of the false alerts. I don't know exactly what FW's using but, in the Cisco world it's a bit more than just connecting a couple of Ethernet cables and powering it on. In monitor mode they'll work just fine but, you'll be sifting through logs all of the time to see what's going on vs having them trigger on demand after you tune them. When I think about IDS/IPS though I think locally managed mail servers and preventing attachments that aren't verified as safe.
What is IDS and IPS? | Juniper Networks US
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are security measures deployed in your network to detect and stop potential incidents.
www.juniper.net
I use NTOPNG to monitor / log IP info / apps / etc on my network on my DIY box. I don't tend to dig into things unless something starts acting funny though. There's a couple of options from the free version to the $300 version for a license that gets more GUI features / more enterprise appearance. For my use though I use it to spot check network throughput and dig up info on destinations that might be missing PIHOLE for DNS blocking.
CM <> DIY <> AP
Before AX /AXE WIFI though I had an AC card inside the DIY box for WIFI which made things even easier to keep an eye on.
@Tech Junky, thanks for the details!
I totally agree with your small footprint, no mysterious websites/clicks philosophy. I never click on links in emails, but my engineering job forces me to down many rabbit holes, integrating new technologies, and something on my laptop has saved me twice recently, blocking malicious websites. Some of these sites lure you in with keywords and look legitimate in the browser search results. Not sure if AV or something built into browser saved me. In similar fashion, but years back, I managed to get ransomware, though Windows safe mode was sufficient to recover.
Cool that you get 1.5 out of CC, that's more than the 1.2 that I had heard about.
Thanks for sharing more about your setup. I will take a closer look when I have more time.
I totally agree with your small footprint, no mysterious websites/clicks philosophy. I never click on links in emails, but my engineering job forces me to down many rabbit holes, integrating new technologies, and something on my laptop has saved me twice recently, blocking malicious websites. Some of these sites lure you in with keywords and look legitimate in the browser search results. Not sure if AV or something built into browser saved me. In similar fashion, but years back, I managed to get ransomware, though Windows safe mode was sufficient to recover.
Cool that you get 1.5 out of CC, that's more than the 1.2 that I had heard about.
Thanks for sharing more about your setup. I will take a closer look when I have more time.
Tech Junky
Part of the Furniture
I am trying to decide on a home firewall as well. I was looking at the firewalla, dream machine pro, and netgate pfsense.
The firewalla privacy policy is a bit vague and raises some flags imo.
firewalla.com
I lean towards the netgate but they are a bit pricey. I have much more research to do yet though which is why I am looking on here.
The firewalla privacy policy is a bit vague and raises some flags imo.
Privacy Policy
Our Commitment to Your Privacy This privacy policy applies to the Firewalla mobile application (“App”), firewalla.com(the “Site”), and firewalla.net (the “MSP”) operated by Firewalla Inc. (the “Company”). Using the App, you can operate the physical Firewalla cybersecurity box to help protect...
firewalla.com
I lean towards the netgate but they are a bit pricey. I have much more research to do yet though which is why I am looking on here.
wase in az
Occasional Visitor
and, netgate requires annual payments, dont they? firewalla is one and doneI am trying to decide on a home firewall as well. I was looking at the firewalla, dream machine pro, and netgate pfsense.
The firewalla privacy policy is a bit vague and raises some flags imo.
Privacy Policy
Our Commitment to Your Privacy This privacy policy applies to the Firewalla mobile application (“App”), firewalla.com(the “Site”), and firewalla.net (the “MSP”) operated by Firewalla Inc. (the “Company”). Using the App, you can operate the physical Firewalla cybersecurity box to help protect...
I lean towards the netgate but they are a bit pricey. I have much more research to do yet though which is why I am looking on here.
as others have said go on reddit and ask away, there are lots of helpful folks there, and firewalla is really responsive there
Similar threads
Latest threads
-
-
-
News PuTTY v0.82 Released Today 2024-11-27- Started by John Fitzgerald
- Replies: 2
-
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
RMerlinAsuswrt-Merlin dev