What's new

Firewalla

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

stargazer

Occasional Visitor
Anyone use Firewalla inline with Asus router as firewall and/or bridge?
 
I was just reading https://techcrunch.com/2022/02/01/firewalla-launches-its-purple-gigabit-home-firewall/ and it sounds interesting for someone that doesn't want to make their own FW or use iptables/nftables/ufw to lock things down.

Seems to be a learning FW w/ an app to deploy easier into a home network. I like the price points compared to some other solutions that drain the wallet. Using the tables method on a PC or PI though is considerably cheaper depending on the speed you're trying to secure.

For me @ 1gbps+ though it's cheaper to manage with tables and get line speed performance out of my ISP connection. I already built the custom PC as a router and other functions. For someone one not deep into building their own gear though this seems to fill the gap for plug it in and add rules relatively easy. It seems like there's some additional features you can enable if you want to dig deeper outside of the GUI.

Considering how heavily this particular forum is on Asus products this would ease the load placed on the limited resources and gain more productivity from those boxes.

1643833697338.png


I'd like to see them combine the WISP / WIFI into the Gold model for a top tier product for backup reasons using a tethered connection when the primary goes down. Or if you're traveling to have it connect to a guest network and provide protection.

I'm a bit surprised they aren't pushing beyond 500mbps on the WG though as it should be able to handle more than that. My custom PC/Router can hit speeds above 1gbps but, then again I can't power it off a USB-C PD cable either @ ~400W.

Looking further down the page at the features the Gold / Purple seem to have things covered pretty well leaping from home to SMB for more options.

Seems there's a package option to be added in Linux / PI


On linux though using iptables I can simplify the rules to a 15-20 entries to lockdown things.
 
I looked into it last weekend. Unfortunately for me, it will not work in Simple Mode due to the model ASUS Router I have. I do not want to use it in DHCP mode since it will cause double NAT. I have been wondering if this is hardware based, or if using Merlin might solve that issue.
Furthermore, I also have a Mesh setup, and I read on their website the users have reported issue with Asus Mesh. Like the OP I would like to hear from someone that has actually used it, not just read an article
 
I have a Purple here with 3x ASUS Routers in mesh behind it. Ask away with any questions.
what routers do you have? What mode is your purple set up in?
 
The purple is in router mode.

I have an AX68U connected to the Firewalla LAN port in AP mode, and 2x AX55's connected to the AX68U via ethernet as AIMesh nodes
 
I would not want double NAT. If you turn off the firewall and only run 1 firewall then no double NAT. Different networks are fine.
 
what do I run it on?
 
The purple is in router mode.

I have an AX68U connected to the Firewalla LAN port in AP mode, and 2x AX55's connected to the AX68U via ethernet as AIMesh nodes
Did you have to turn off firewall on Asus AP as well as AIProtection (Trend Micro)? How about VPN Director and openVPN clients?
 
what do I run it on?
or opnSense. A separate x86 device, preferably with 3x ethernet - 1 in, 1 out, 1 for console monitoring. On another note, there has been some discussion and instructions on running Suricata on new'ish quad core Asus routers if you're looking for all-inclusive device. IIRC throughput maxes around 300mb. Search for threads in this board.

pfSense or opnSense on separate hardware is a good solution if you are up for the technical requirements for firewall rule development, ongoing monitoring and update (not a long term set and forget) and want to set it up either as the network DHCP server as it wants with Asus router as an AP with mesh nodes as above, or an invisible filtering bridge where it invisibly monitors all incoming and outgoing traffic (packets) and retain your Asus router as DHCP server.
 
I have a Purple here with 3x ASUS Routers in mesh behind it. Ask away with any questions.
Hi Paul.

I've just installed the Purple in router mode, and my network is up and working in all respects. But, I cannot connect to my router's GUI now that it's in AP mode. This is probably amateur hour stuff, but I'm not a techie and have never had a router in AP mode before. I could always browse to the GUI when it was in router mode.

I tried the Asus Device Discovery tool, and the results below are what it's telling me, but I don't know how to use those results to connect to the AX-86U's GUI.Router Screenshot.jpg

Any help appreciated.
 
Hey Anton,
I see the Asus tool has your IP for the router as 192.168.83.78 - that IP range have you configured the firewalla to allocate to LAN1?

How have you configured the Asus router to get it's IP? On the LAN tab I selected 'Get LAN IP Automatically?' so that it get's it's IP via DHCP from the Firewalla - I then reserved the IP I wanted it to have.

Cheers,

Paul
 
Any help appreciated.

If you switched your AX86U from Router to AP Mode without touching anything else, the default configuration is Automatic IP. Reboot the router and run the Device Discovery tool once again. The router in AP Mode will take an IP from Firewalla's DHCP server. Use this IP to access the router's GUI.
 
Hey Anton,
I see the Asus tool has your IP for the router as 192.168.83.78 - that IP range have you configured the firewalla to allocate to LAN1?

How have you configured the Asus router to get it's IP? On the LAN tab I selected 'Get LAN IP Automatically?' so that it get's it's IP via DHCP from the Firewalla - I then reserved the IP I wanted it to have.

Cheers,

Paul
Thanks Paul!

My LAN1 IP settings are as attached.

I can't get to my ASUS router to configure things.

AntonIP Settings.jpg
 
If you switched your AX86U from Router to AP Mode without touching anything else, the default configuration is Automatic IP. Reboot the router and run the Device Discovery tool once again. The router in AP Mode will take an IP from Firewalla's DHCP server. Use this IP to access the router's GUI.
Yes, that's how I switched modes. I'll try as you suggest. Thanks!
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top