This powerful firewall delivers enterprise-level security at a home office price
ZDNET’s key takeaways
- The Firewalla Gold Professional is out there now for $889.
- It presents enterprise-level safety with excessive efficiency, superior options like deep packet inspection and multi-WAN help, and user-friendly configuration.
-
It is bigger and costlier than primary client firewalls, requires an exterior entry level for Wi-Fi monitoring, and will require superior configuration information for some options.
In 2022, I upgraded to the quickest residential broadband out there — 2 Gbps fiber. As we strategy the tip of 2024, web service suppliers (ISPs) are pushing the bounds, providing speeds as much as a staggering 10,000 Mbps (10 Gbps).
Fiber web stays the gold customary for velocity and reliability within the US, with prime suppliers providing ultra-fast plans:
- AT&T: As much as 5,000 Mbps
- Google Fiber: As much as 8,000 Mbps
- Xfinity: As much as 10,000 Mbps
Such excessive speeds are essential should you work with massive knowledge volumes, like video editors, 3D modelers, and organizations utilizing Generative AI that want quick knowledge switch on the fringe of their networks. Many of those customers additionally require quick, dependable VPN connections. Whereas a pc can provoke a VPN, it consumes vital processing energy, affecting efficiency. A devoted system for steady site-to-site VPN connections ensures encrypted knowledge is processed effectively, sustaining near-wired speeds.
Commonplace broadband gateway units from ISPs often embrace easy NAT routers with primary guidelines however lack superior packet processing, VPN administration, and risk detection. For customers with high-speed broadband, a devoted {hardware} firewall is crucial. Conventional high-speed firewalls from SMB and enterprise distributors are sometimes prohibitively costly, designed for giant websites, requiring intensive networking information, and dear ongoing updates and administration subscriptions.
Additionally: safe your own home and workplace community: One of the best DNS blockers and firewalls
Enter Firewalla, an organization based by former Cisco engineers. Firewalla goals to make unified risk administration accessible for small and residential places of work and distant professionals. Its merchandise supply high-speed firewall options which are each user-friendly and cost-effective.
Having extensively used and really useful Firewalla merchandise, I used to be desirous to assessment the corporate’s newest providing — the Firewalla Gold Professional. I had excessive expectations, however this new system nonetheless managed to impress. Here is an outline of the present Firewalla product line that will help you select the very best mannequin to your wants.
The Firewalla Gold Professional is the corporate’s largest and heaviest product, constructed with strong metallic for sturdiness and enterprise-grade high quality. Weighing 38.5 oz (1,090 g) and measuring 8.54 x 6.5 x 1.69 inches (21.7 x 16.5 x 4.3 cm), it meets the strong requirements of SMB-level community tools. Regardless of its dimension, the Gold Professional operates effectively and silently with a 110V AC energy brick, drawing as much as 33W.
Additionally: Web safety suites in contrast
Whereas it capabilities properly in typical residential and small workplace setups, it is best to attach the Firewalla Gold Professional to a pure sine wave UPS to guard towards energy fluctuations. The unit is fan-cooled however must be positioned in a well-ventilated space, because the aluminum case can attain as much as 140°F when absolutely loaded, particularly in hotter environments. An non-compulsory rackmount enclosure is out there to combine the Gold Professional into a typical datacenter-style rack.
The Firewalla Gold Professional consists of two 10 Gbps ports (one usually used for WAN however configurable) and two 2.5 Gbps ports. I like to recommend supplementing it with an extra 10 Gbps or 5 Gbps change for optimum efficiency.
In my setup:
-
One other 10Gbps port connects to a 16-port 10 Gbps change, linking servers, Wi-Fi 6E entry factors, a 5 Gbps high-speed desktop change in my workplace, and storage.
This configuration maximizes the Firewalla Gold Professional’s efficiency and ensures optimum connectivity throughout my community.
Set up
Due to the iOS and Android smartphone apps, establishing the Firewalla Gold Professional is simple. The setup and configuration process makes use of Bluetooth, which is supplied if Ethernet connectivity is disrupted or the system must be managed or reconfigured out of band.
When the app prompts you throughout preliminary setup, scan the QR code on the underside of the system to pair it with the app. For those who’re an present Firewalla person, you may “clone” your present configuration, preserving all settings, together with guidelines, system groupings, segmentation, and ISP configurations. In my case, deciding on “Change Gadget” made the method seamless.
New customers should select between “Router Mode” and “Clear Bridge Mode”:
-
Router Mode: Firewalla capabilities as the first router, managing all community visitors with full performance.
-
Clear Bridge Mode: Firewalla is positioned inside your present community with out altering the IP deal with scheme.
I like to recommend Router Mode as a result of Clear Bridge Mode disables key Layer 3 (IP layer) providers like VPN Shopper, Coverage-Based mostly Routing, Sensible Queue, Web site-to-Web site VPN, and Gadget Monitoring. For those who go for Router Mode, the setup might fluctuate barely relying in your ISP. Firewalla gives detailed documentation for numerous ISPs.
For instance, as an AT&T Fiber person, I wanted to configure my gateway for IP Passthrough, permitting Firewalla to handle the community. This concerned logging into the gateway, navigating to the Firewall menu, deciding on “IP Passthrough,” selecting “DHCPS-fixed,” and deciding on the Firewalla system from a dropdown record. As soon as configured, all visitors is routed by way of Firewalla, bypassing the gateway’s router capabilities.
Additionally: change the DNS settings in your Home windows PC – and why you’d need to
One limitation is that Firewalla can’t monitor the built-in Wi-Fi of a residential gateway. Even in IP Passthrough mode, units linked on to the gateway’s Wi-Fi bypass Firewalla’s safety. To keep away from this, dedicate a Wi-Fi entry level behind Firewalla for all wi-fi connections. For smaller households or places of work, a consumer-grade Wi-Fi router or mesh node in “bridge” mode (not NAT) additionally works properly — I beforehand used a three-node Eero Professional 6 mesh setup with Firewalla Gold, which labored flawlessly.
The secret is to keep away from a double-NAT situation. Firewalla ought to deal with major NAT, create your IP scope and segments, and act as your DHCP server.
Firewalla Gold’s Professional’s efficiency
As soon as configured in Router Mode or Clear Bridge Mode, the Firewalla Gold Professional intercepts all visitors on the deep packet inspection stage. Due to its highly effective Intel Twelfth-generation processor and 8GB of RAM, this course of happens with none efficiency loss.
Additionally: Firewalla launches Purple: Its must-have community safety system
In our exams on a 2 Gbps AT&T Fiber service, the quickest out there to us, we efficiently pushed the broadband connection to its 2 Gbps restrict. Inner exams achieved Ethernet hyperlink speeds of 10 Gbps, with knowledge transferring at that fee.
Considerably, we pushed WireGuard connections past 1 Gbps to a metropolitan-connected Linux host in a take a look at cloud area, restricted solely by the goal system’s broadband capability.
The smartphone app gives an in depth view of historic WAN and WiFi efficiency and dwell throughput for each system on the community. The system additionally runs periodic exams to confirm whether or not your supplier delivers the marketed speeds.
Community safety overview
I’ve discovered that Firewalla’s safety intelligence system, each on the system and within the cloud, is extremely strong. The corporate tracks over 129 million safety objects, together with IP/area histories and different essential knowledge, and allows the system to successfully safeguard your community, always adapting to new threats as they emerge.
In terms of safety, Firewalla’s strategy is complete. All knowledge packets are meticulously filtered by way of a number of layers, together with Block Lists, Advert Block Lists, and Static and Dynamic Block Lists, alongside IDS/IPS (Intrusion Detection/Prevention) and the Habits Module. This multi-layered technique provides you a steady sense of safety, understanding that recognized and rising threats are being addressed.
One characteristic I notably admire is the pre-configured Goal Lists that include every Firewalla system, like OISD and Log4j attackers, which routinely block malicious web sites and IPs. Moreover, the power to create customized goal lists means I can tailor the safety to suit my particular wants, making the expertise much more personalised.
Additionally: Firewalla hands-on: Simple to arrange with loads of options to assist shield your own home community
Firewalla additionally makes it straightforward to handle units on the community. It routinely detects all units and teams them by operate (e.g., “Computer systems,” “IoT”), which simplifies making use of guidelines throughout a number of units. That is particularly useful for units with MAC randomization, like iPhones utilizing non-public Wi-Fi addresses. Disabling this characteristic has improved visibility and made it simpler to use guidelines.
The IDS/IPS system is one other essential layer of protection in my community. It detects and blocks unauthorized entry makes an attempt, like SSH intrusions or recognized exploits comparable to Heartbleed, which ought to give any community safety skilled at an SMB peace of thoughts.
Lastly, the Habits Module stands out as a vigilant guardian. It displays community visitors for uncommon patterns, comparable to a usually low-traffic system immediately sending massive quantities of information. When this occurs, the module sends an alert, permitting you to deal with potential threats earlier than they escalate.
It is this type of proactive monitoring that has actually bolstered my belief in Firewalla.
Configuration and administration
One of many issues I admire about Firewalla merchandise is how user-friendly they’re, particularly for a small workplace and residential workplace setup like mine. The preliminary configuration by way of the Firewalla smartphone app is simple, and for many duties, it is all I would like. For extra detailed administration, the my.firewalla.com web site gives a useful dashboard for viewing flows, configuring guidelines, and monitoring community exercise.
In April 2023, Firewalla launched the Managed Safety Portal (MSP) subscription service, which presents even better performance. Whereas the MSP service has numerous plans, the Free plan with 24-hour move storage for a house workplace might be ample. It covers primary community administration properly and presents sufficient visibility into community exercise for my wants. Extra superior residence customers and small companies who require extra prolonged visibility into their move knowledge would possibly need to go together with the 30-day move plan, which is simply $39 per 12 months.
Additionally: Upgrading my community to 2.5Gbps with the quickest small enterprise and residential firewall: Firewalla Gold Plus
For organizations with a number of Firewalla units and branches, Firewalla’s MSP additionally presents completely different seat choices relying on how a lot element it’s essential to monitor your units. The No Flows Seat works tremendous for primary monitoring, however there are alternatives for extra in-depth evaluation should you want it. MSP additionally gives VPN Mesh capabilities to hyperlink your department networks over the web utilizing encrypted tunnels with WireGuard.
Despite the fact that MSP provides many new options, I nonetheless discover that sure configurations, like VPN settings and dwell community monitoring, are greatest dealt with by way of the smartphone app. It is a good steadiness between ease of use and superior options.
ZDNET’s shopping for recommendation
The Firewalla Gold Professional is an distinctive alternative should you want highly effective, high-performance community safety with out the complexity and price usually related to enterprise-grade firewalls. With its strong construct high quality, superior options like deep packet inspection, and seamless configuration by way of an intuitive app, the Gold Professional delivers enterprise-level safety and efficiency in a bundle accessible to small places of work, residence places of work, and energy customers.
Whether or not you are pushing the bounds of your fiber connection, managing intensive VPNs, or securing a fancy residence community, the Firewalla Gold Professional excels in each class. The current introduction of the MSP service provides much more flexibility and management, making it simpler than ever to handle your community.
For anybody trying to future-proof their community with a flexible and user-friendly firewall resolution, the Firewalla Gold Professional is a prime contender, providing unparalleled worth and efficiency.