What's new

Firewalla Gold

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coxhaus

Part of the Furniture
Anybody running one of these as a router? What do you think of it? I was reading on Reddit and it seems like some people are replacing their firewalls with a Firewalla Gold. From what I gather they are really easy and fast to setup. They support VLANs and they have a lot of features.
 
Anybody running one of these as a router? What do you think of it? I was reading on Reddit and it seems like some people are replacing their firewalls with a Firewalla Gold. From what I gather they are really easy and fast to setup. They support VLANs and they have a lot of features.
I don't trust a startup company which is never heard. I don't even trust how they respond to security incident. There are horrible Warranty Policy and Privacy Policy. 99% of startup companies are disappeared quietly in years.
 
Hi,
I am using a Firewalls Gold (FWG) as my home router in a multi-wan setup with 4 VLAN's, and a couple of TPLink EAP's.

Firewalla has excellent support over email, and has a very good support on reddit at r/firewalla.

They are not a new company and have been around since 2017.

I can help answer specific questions if you have about FWG.

I am not related to Firewalla in any way, just a happy customer.
 
Welcome to the forums @suku_patel_22.

Five years in internet time is like 0.4 nanoseconds of a traditional business. Email and Reddit are not what I think of as support for hardware and software products either.

Glad you're happy with Firewalla. I hope that continues for a very long time.
 
I use a Firewalla Gold to load-balance (why? because I can :)) between Spectrum and T-Mobile Home Internet. The FWG feeds a Netgear Orbi RBR50 in AP mode with two RBS50 satellites, all eBay refurbs and all running Voxel's awesome firmware.

I considered building my own pfSense box and in the end decided that I really just want something that works OOB.
 
Same here, I tried all the normal solutions ie. pfsense, Untangle, opnsense, etc. I now have a Firewalla Gold for my home setup and I really like it. Yes, it was expensive but it makes everything so easy and it just works, especially the dual wan / failover. I am a satisfied customer.
 
I don't trust a startup company which is never heard. I don't even trust how they respond to security incident. There are horrible Warranty Policy and Privacy Policy. 99% of startup companies are disappeared quietly in years.
so, what specifically in their warranty and privacy policy is "horrible" in your eyes?
 
Hi, this is my first post in these forums. I posted the following in Firewalla forums, but three weeks later my post is still "pending approval". Perhaps somebody here can address my questions...

Hi, I'm considering purchase of a Gold. I would be upgrading from an Edgerouter Lite. I am, in essence, looking for 1GB wire speed throughput with excellent IDS/IPS. I'm comfortable with ssh command line, but I would prefer that use of ssh would be the exception. I don't want to have to ssh in to ensure that current security patches have been applied.

The Gold seems a bit expensive, but given no subscription costs I think the cost is probably reasonable provided that Firewalla has established and actively maintains high level of networking security expertise.

I spent some time online attempting to identify a security expert or organization that might have exposed the product to real world threats in an attempt to validate that the unit really does what it says and does it well.

I have seen companies with poor to average marketing that produce excellent products, and I have seen the reverse where the web site, apps, and features look impressive but the product is not so great.

So I created an account on this forum and I'm hoping that some of you folks might be able to help me feel comfortable pursuing my upgrade to the Gold.

Thanks in advance!
 
@JJNorCal

I picked up on this device a couple of months ago while scrolling around on my phone. It's intriguing from the standpoint of being able to drop it into place and do some basic configuration to be off to the races.


1647620385829.png


The gold has the least amount of limitations when scrolling through the specs / features. When it comes down to IDS/IPS it seems like an additional layer of protection if you have users that aren't generally cautious about sites they're on. If you have a good security policy though they're unneeded. The best security outside of blocking external access is knowing the potential threats.

To me though running my own DIY server/router/FW setup it's easy to just roll functions into the same box vs adding additional appliances to the mix. However for an out of box device this hits a lot of checkmarks for simplified deployment. On the other hand you could DIY your own setup using a PC / NIC / Linux and get wire speed from it as well. The higher HP of the CPU will provide in addition to the FW functions the speed / power necessary to run a VPN on top at wire speed like Nord w/ wire guard (nordlynx). Being able to hit those wire speed numbers comes down more to the CPU being able to handle the encryption side of things.

With my DIY box / gig ISP I can hit 1.3-1.5gbps w/ VPN enabled using WG. If testing with OVPN on the same servers it drops to 500-600gbps. In the end though it all depends on what you want to use the appliance for. It all boils down to configuration though as to what's going to be tracked / blocked.
 
i love my firewalla gold, for so many reasons; ease of setup, gig throughput always, simple and easy to configure options, and it just works, all the time, no downtime. Use it for my main routing work, in front of my alien mesh setup, and everything works flawlessly

definitely should be a consideration in these times of heightened security concerns
 
@Tech Junky, @wase in az, thanks for your feedback! Much appreciated!

A little bit more about my situation. My network:

comcast GB <wire> modem <wire> ER lite <wire> eero <wifi>

eero initiated speed tests regularly indicate 948 Mbps down, 43 Mbps up, so the edgerouter is routing at or near wire speed. I have a few wired devices, but no wired computers. Antivirus software is installed on all Windows laptops, which is a fundamental requirement since they frequently move to other networks (can't rely exclusively on router-based security).

I'm satisfied with current network performance. The reason that I have been considering firewalla is purely to enhance security. I'm not super confident that antivirus software is state of the art, but I guess I really don't know. Is there reason to believe that firewalla would enhance the security of my network?

Thanks again!
 
anti virus software doesnt monitor for the types of instrusions that Firewalla does
check out their website, and join their forum, and you will find out everything you need to know about the abilities of their product :)
 
@JJNorCal

AV = junk / waste of $ -- I haven't had it installed in over a decade and had to scan maybe once or twice in that time for something as a step in figuring something else out

Having / keeping a small foot print and not clicking on stuff you're not sure about is the best policy. A counter measure would be using some form of Linux and running Windows apps in a VM as needed.

I've also got CC 1GE and get upwards of 1.5gbps out of it but, also built my own DIY router to connect 2 x 1GE ports into a LAG using an MB8600 CM. Keeping that in mind would push to find a FW with 2.5GE or 5GE ports if you want to go the appliance route to make the most of the connection with overprovisioning.

Having dealt with IDS/IPS in the past they take some time to learn the network traffic and fine tuning them to get rid of the false alerts. I don't know exactly what FW's using but, in the Cisco world it's a bit more than just connecting a couple of Ethernet cables and powering it on. In monitor mode they'll work just fine but, you'll be sifting through logs all of the time to see what's going on vs having them trigger on demand after you tune them. When I think about IDS/IPS though I think locally managed mail servers and preventing attachments that aren't verified as safe.


I use NTOPNG to monitor / log IP info / apps / etc on my network on my DIY box. I don't tend to dig into things unless something starts acting funny though. There's a couple of options from the free version to the $300 version for a license that gets more GUI features / more enterprise appearance. For my use though I use it to spot check network throughput and dig up info on destinations that might be missing PIHOLE for DNS blocking.

CM <> DIY <> AP

Before AX /AXE WIFI though I had an AC card inside the DIY box for WIFI which made things even easier to keep an eye on.
 
@Tech Junky, thanks for the details!

I totally agree with your small footprint, no mysterious websites/clicks philosophy. I never click on links in emails, but my engineering job forces me to down many rabbit holes, integrating new technologies, and something on my laptop has saved me twice recently, blocking malicious websites. Some of these sites lure you in with keywords and look legitimate in the browser search results. Not sure if AV or something built into browser saved me. In similar fashion, but years back, I managed to get ransomware, though Windows safe mode was sufficient to recover.

Cool that you get 1.5 out of CC, that's more than the 1.2 that I had heard about.

Thanks for sharing more about your setup. I will take a closer look when I have more time.
 
@JJNorCal

1.2 is what they're selling now so, ~1.5 is about the max with the overprovisioning. A 2.5 port would be sufficient with a CM that has one as well or bundling gig ports works as well. Could always go pro though for 2GE symmetric but, that's 3x the cost.
 
I am trying to decide on a home firewall as well. I was looking at the firewalla, dream machine pro, and netgate pfsense.
The firewalla privacy policy is a bit vague and raises some flags imo.

I lean towards the netgate but they are a bit pricey. I have much more research to do yet though which is why I am looking on here.
 
I am trying to decide on a home firewall as well. I was looking at the firewalla, dream machine pro, and netgate pfsense.
The firewalla privacy policy is a bit vague and raises some flags imo.

I lean towards the netgate but they are a bit pricey. I have much more research to do yet though which is why I am looking on here.
and, netgate requires annual payments, dont they? firewalla is one and done
as others have said go on reddit and ask away, there are lots of helpful folks there, and firewalla is really responsive there
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top