Firewalla Gold Pro: 10G Cyber Security Firewall & Router Protecting Your Family and Business

[xiaofan]

That only happens if you do not use Firewalla as the main router but rather use it as an add-on to the existing network.

I tend to think majority of the Firewalla Gold and Gold Pro users will use it in router mode.

Maybe @hairymonster can comment as well. I tend to think he is quite good at home networking.

After all, he is the one who figured out the solution for the following issue.
https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/

 

[xiaofan]

Tom Lawrence's thoughts about Firewalla (not a review) -- Firewalla is a consumer device.


He points the user to the following two reviews.
1) Firewalla Gold Review
https://staceyoniot.com/firewalla-gold-vs-blue-review-device-network-protection-router/

2) Firewalla Purple Review

 

[hairymonster]

Maybe @hairymonster can comment as well. I tend to think he is quite good at home networking.

After all, he is the one who figured out the solution for the following issue.
https://forums.hardwarezone.com.sg/...tel-tv-onr-ac86u-ax23-singtel-tv-box.6681949/

I'm using the firewalla gold. There's 2 mode, router mode and bridge mode .
You can read more about it here.

https://help.firewalla.com/hc/en-us...51-Firewalla-Router-Mode-Configuration-Guides

If you want to configure all the lan ports of the firewalla to a common network 192.168.0.1/24, acting like a switch, that cannot be done to my knowledge.

I use the firewalla for purely routing purposes. Virtual machines and docker containers run on other hardware.

Edit: Devices in segmented network can communicate with one another. Just got to define the rules in firewalla. You can control the direction of comms. One way or bi-directional.

 

[xiaofan]

I'm using the firewalla gold. There's 2 mode, router mode and bridge mode .
You can read more about it here.

https://help.firewalla.com/hc/en-us...51-Firewalla-Router-Mode-Configuration-Guides

If you want to configure all the lan ports of the firewalla to a common network 192.168.0.1/24, acting like a switch, that cannot be done to my knowledge.

I use the firewalla for purely routing purposes. Virtual machines and docker containers run on other hardware.

I think Firewalla Gold is similar to those mini PCs with Quad 1G or 2.5G ports, even if you can bridge the LAN ports when using pfSense or OpenWRT, it is actually not recommended as the bridge will be software based. So rather you will use it like the following.

WAN port
LAN 1 port -- first network -- VLAN switch (optional) -- wireless APs
LAN 2 port -- second network -- VLAN switch (optional) -- wireless APs
LAN 3 port -- management port

 

[hwzlite]

+ More about "How Does Firewalla Intercept Traffic? Which Firewalla Mode Should I Use?"

++ Firewalla Gold Pro FAQ :

Will the Gold Pro support Simple Mode and/or DHCP mode?

No.

At least not officially. Simple mode via ARP spoofing is challenging to make right with high-speed networks. Due to its compatibility with Android 14, we list it as legacy mode, which we will eventually drop support. Single port DHCP mode may also be slower; we will list it as legacy or not support it on the Gold Pro.

Leave no stone unturned liao?

 

[xiaofan]

+ More about "How Does Firewalla Intercept Traffic? Which Firewalla Mode Should I Use?"

++ Firewalla Gold Pro FAQ :

Leave no stone unturned liao?

The good thing is that it can at least do SQM using CAKE at 8.75Gbps download and 9.41Gbps upload.
https://help.firewalla.com/hc/en-us/articles/27792411968787-Firewalla-Gold-Pro-Pre-Sale-Updates

Direction	QoS	Result
Download	Off	9.41Gbps
Upload	Off	9.41Gbps
Download	FQ_Codel	9.36Gbps
Upload	FQ_Codel	9.41Gbps
Download	CAKE	8.75Gbps
Upload	CAKE	9.41Gbps

 

[hwzlite]

The good thing is that it can at least do SQM using CAKE at 8.75Gbps download and 9.41Gbps upload.
https://help.firewalla.com/hc/en-us/articles/27792411968787-Firewalla-Gold-Pro-Pre-Sale-Updates

Direction	QoS	Result
Download	Off	9.41Gbps
Upload	Off	9.41Gbps
Download	FQ_Codel	9.36Gbps
Upload	FQ_Codel	9.41Gbps
Download	CAKE	8.75Gbps
Upload	CAKE	9.41Gbps

Too bad didn't include CPU utilization results....

 

[Mach3.2]

@Mach3.2 will for sure have more expertise than him.

bro I'm just a clueless person cosplaying as a sysadmin...

 

[Mach3.2]

Too bad didn't include CPU utilization results....

"No performance benchmarks" seem like a common theme with a lot of vendors..

 

[Apparatus]

If we just compare the pricing, I tend to think Firewalla Gold Pro is quite over-priced, UDM SE seems to be a better buy (even though it can not do 10Gbps IPS/IDS but rather only 3.5Gbps). Of course it is cheaper we DIY with pfSense using low power mini PC.

Commercial offering of 10G capable router/firewall at the similar price range or lower: Firewalla Gold Pro at around US$798 [ about S$1077)

Netgeate pfSense Plus powered : Netgate 6100 from US$799
https://www.netgate.com/appliances#compare-products

Ubiquiti UDM-SE: US$499 or S$733.02
https://sg.store.ui.com/sg/en/collections/unifi-dream-machine/products/udm-se

TP-Link ER8411 router: about S$535
https://www.tp-link.com/sg/business-networking/omada-sdn-router/er8411/
https://dynacoretech.com/tp-link-er8411-omada-vpn-router-with-10g-ports-4897098683309

Asus ROG GT-BE98: S$1099 (with quad-band WiFi, probably not a fair comparison)
https://sg.store.asus.com/rog-rapture-gt-be98.html

TP-LINK ER8411

Has VLAN. No IPS/IDS. 8x1G LAN ports no use to me..........too many

 

[JBLwill]

hello all! happened to see that there is a Firewalla Gold Pro thread here, thought of getting 1 as the firewall for my unifi udm..
Glad that I found this thread and saw some interesting ideas... I'm planning to jump into Ubiquiti family, still thinking if I would get UDM Pro or SE or PRO Max version. I have a server running in 10g and PC in 10g. why unifi is because I'm going to use their protect, Doorbell Pro Poe and Poe Cam. is their IPS/IDS 3.5g/5g enough and firewall is it comparable to firewalla, pfsense, opnsense? I saw minisforum ms-01 with 10g SFP+ dual is interesting to run with either one of the sense and cheaper, sfp is bonus too.

i dont like unifi AP 7 pro though, more like a lite. I prefer omada eap 783 and also standby 2 cables for it as well incase I use omada for AP.

what do you guys suggest?

 

[xiaofan]

hello all! happened to see that there is a Firewalla Gold Pro thread here, thought of getting 1 as the firewall for my unifi udm..
Glad that I found this thread and saw some interesting ideas... I'm planning to jump into Ubiquiti family, still thinking if I would get UDM Pro or SE or PRO Max version. I have a server running in 10g and PC in 10g. why unifi is because I'm going to use their protect, Doorbell Pro Poe and Poe Cam. is their IPS/IDS 3.5g/5g enough and firewall is it comparable to firewalla, pfsense, opnsense? I saw minisforum ms-01 with 10g SFP+ dual is interesting to run with either one of the sense and cheaper, sfp is bonus too.
i dont like unifi AP 7 pro though, more like a lite. I prefer omada eap 783 and also standby 2 cables for it as well incase I use omada for AP.
what do you guys suggest?

I think you can go to the Ubiquiti thread and ask for the expert opinion there.

But I will suggest you to forget about Firewalla Gold to go with either pure Ubiquiti setup, or a mixed pfSense+Ubiquiti setup. Both are popular among power users.

Personally I will suggest you to go with pure Ubiquiti setup first and forget about IPS/IDS for the network. It is not that useful for typical home use. But I know little about Ubiquiti stuff so I will suggest you to ask in that thread.

Then if you want to play with more advanced firewall like pfSense/OPNsense, get the gear and start to play. They will be way better than the Firewalla stuff.

 

[firesong]

hello all! happened to see that there is a Firewalla Gold Pro thread here, thought of getting 1 as the firewall for my unifi udm..
Glad that I found this thread and saw some interesting ideas... I'm planning to jump into Ubiquiti family, still thinking if I would get UDM Pro or SE or PRO Max version. I have a server running in 10g and PC in 10g. why unifi is because I'm going to use their protect, Doorbell Pro Poe and Poe Cam. is their IPS/IDS 3.5g/5g enough and firewall is it comparable to firewalla, pfsense, opnsense? I saw minisforum ms-01 with 10g SFP+ dual is interesting to run with either one of the sense and cheaper, sfp is bonus too.

i dont like unifi AP 7 pro though, more like a lite. I prefer omada eap 783 and also standby 2 cables for it as well incase I use omada for AP.

what do you guys suggest?

imo, PoE++ is nuts in terms of power consumption. But that's just imo cos I also prefer to consider the rising cost of energy bills.

Like @xiaofan, my best is to go with one of the *sense or a Mikrotik firewalls/edge routers. But I lean towards the *sense more if you don't want a fairly steep learning curve.

Catching up on this thread, Firewalla to me seems to be more of a proprietary customised product in the mould of *sense. Personally, I wouldn't pay for that - one never knows when it will disappear after they lose funding/interest/support/etc, leaving users with an overpriced paperweight that needs to be redeployed to a *sense product.

IDS, if you want higher throughput for IPS/IDS, you've got to throw more raw power at it. So get a more capable machine and you should be able to get the throughputs you desire. I personally find IPS/IDS useful since it's helped to keep my folks out of some trouble before. And no, Asus AIprotection is rubbish imo. A cheap PiHole can do the job.

 

[TanKianW]

hello all! happened to see that there is a Firewalla Gold Pro thread here, thought of getting 1 as the firewall for my unifi udm..
Glad that I found this thread and saw some interesting ideas... I'm planning to jump into Ubiquiti family, still thinking if I would get UDM Pro or SE or PRO Max version. I have a server running in 10g and PC in 10g. why unifi is because I'm going to use their protect, Doorbell Pro Poe and Poe Cam. is their IPS/IDS 3.5g/5g enough and firewall is it comparable to firewalla, pfsense, opnsense? I saw minisforum ms-01 with 10g SFP+ dual is interesting to run with either one of the sense and cheaper, sfp is bonus too.

i dont like unifi AP 7 pro though, more like a lite. I prefer omada eap 783 and also standby 2 cables for it as well incase I use omada for AP.

what do you guys suggest?

You seemed to lean more towards UniFi's ecosystem.

I will suggest going with full Unifi or pfsense/OPNsense+Unifi (switches+APs) if you have a more advanced firewall use case.​

 

[Henry Ng]

Most home users will not need it.

 

[JBLwill]

oh.. I want to have protection against hackers, catching of malicious codes hidden along the data etc...
so my pc stores every data in my server, my server does streaming of music, movie, data with raid.
currently im using asus ac5300 router.. planning to upgrade as I wanted to use unifi doorbell and cam.. but i don't like the solution they have for unifi AP7 now... have to wait for them to release better AP.

yea, I thought perhaps.. get the unifi system setup...
then perhaps get minisforum ms-01 i5 and install one of the pf/opnsense.
which is more user-friendly? im new to them..

 

[Mach3.2]

There is a learning curve to the *sense distros, but not that steep coming from prosumer routers if you're already familiar with some of the concepts (NAT/DHCP). It's very similar to a prosumer router, but with way more knobs. There are also lots of content on it so anything you don't know is just a google search away.

My point being if you know how to google and can learn new things, it wouldn't be a problem.

For unifi routing, I haven't really looked at it in the past year, but it wasn't that great 2 years ago because of missing features.
The *sense distros are more feature complete. but for all I know the features exposed by Unifi could be all you need.

I want to have protection against hackers, catching of malicious codes hidden along the data etc...

Look into endpoint detection and response software. Microsoft Defender is actually pretty decent if you do your part in not installing dodgy software/clicking weird stuff on the internet.
Can use DefenderUI to turn on the EDR features that isn't exposed in the normal UI.

 

[JBLwill]

Look into endpoint detection and response software. Microsoft Defender is actually pretty decent if you do your part in not installing dodgy software/clicking weird stuff on the internet.
Can use DefenderUI to turn on the EDR features that isn't exposed in the normal UI.

hehe. yeap, am usually careful and using defender.
but I do not use original softwares though ... tskkk... which sometimes I also have fear
of hidden codes that enables backdoor hacking etc..

 

[gpgtmeowmeow]

so my pc stores every data in my server, my server does streaming of music, movie, data with raid.
currently im using asus ac5300 router.. planning to upgrade as I wanted to use unifi doorbell and cam.. but i don't like the solution they have for unifi AP7 now... have to wait for them to release better AP.

If using unifi equipment, then you might be interested to look at self hosting unifi controller or running it from your laptop/PC instead of using cloud key.

Also forget about unifi doorbell and cam, look at home assistant compatible devices doorbell/cams that can be accessed without internet at a lower cost and much more secure that way.

 

[JBLwill]

If using unifi equipment, then you might be interested to look at self hosting unifi controller or running it from your laptop/PC instead of using cloud key.

Also forget about unifi doorbell and cam, look at home assistant compatible devices doorbell/cams that can be accessed without internet at a lower cost and much more secure that way.

next alternative to work with HA is Reolink, that's my alternative solution. I am currently using Fibaro z-wave, I do have Homey Pro (new version) as well, also I could run HA inside my unraid as docker. it seems like the community has done the plug-in/package for Reolink already.
if I dont have to go unifi ecosystem.. I would use omada and eap 783 (be22000) AP ... then reolink cam and doorbell poe with nvr..

what do you guys think? also am sorry if somehow the topic switched irrelevant for people who want to read about Firewalla only.