@@2guysfishing198 Ease of use, great performance, and it has helped us on numerous occasions to diagnose ISP issues and have transparency of what's connecting in our networks.
@@2guysfishing198Firewalla's active developers releasing updates, tips and tricks newsletter. Easy management accessible from anywhere without security risks. VLan performance is great. Reporting and easy category blocking. Pretty much set and forget. It does need option to automatically send reports to email or log server. Developers say they're going to work on that. I like it so much for my personal use, that I'm recommending it to every one of my clients. Of course I'll set it up and install it for them.
Working as a MSP im more accustomed to using Sonicwall and Fortinet security appliances but i've recently began researching a solution like Firewalla for small buisness customers who don't have the means nor need for a posture that requires more hands on and works in a semi-automated state. Thank you for your insight! I think it would probably be for customers who need more than the built in features of ISP gateways but don't need a highly robust solution. I find personally that employee education and EDR solutions tend to be a more effective use of IT spending. Thank you again for taking the time to give input on Firewalla
The problem with this model is almost always they end up with a paid subscription at some point. I mean, people aren't going to keep buying them forever - eventually the user base tops out.
I think the solution is to make a device for small to mid-sized businesses with enhanced features and charge a subscription for those devices... and then maybe adding a few advanced features to consumer level devices and making those features subscription.
A free web browser based option is available. If you need to control more than a single Firewalla for remote sites, there are two subscription based plans, beyond the FREEBIE, cheaper than Pfsense. Can't fairly fault the device on what companies might or might not do in the future. Pfsense has changed to a tiered yearly subscription in Oct 2023 so no more freebies or updates without subscription on the previously free software only version of home+lab.
I'm using a firewalla gold at home as an upgrade from the ISP provided router for a few years now, at the time it was a good compromise between ease of use and the features I wanted. They definitely have been keeping up with adding features and updates which is nice. And while the phone based dashboard can be handy I do wish the web-based UI was more useful (and locally accessed). With the options out there today I likely go with something else when I upgrade but for now it's been working great for my small home needs
Probably one of those small fanless N305 PCs (Serve the Home reviewed one recently) with pf sense or opn sense. I really have no issue with the firewalla and it's still going strong but if I was spending 500-600USD/GBP (yay for import tax) on a router there's tons of options now And since the nightmare I had with netgear's insight I wanna stay away from anything that needs to "phone home" or require a service to work
@@MarcBehar I've been using pfsense for over 15 years and it serves me well. I have a couple of kids now though and I'm looking at firewalla as a solution to keep better tabs on what the kiddos are doing online while allowing me to keep my vlans and network segmentation for my home office. I understand the cloud based control issues but I honestly trust a company whose sole source of revenue is from this product more than a multinational corporation. In the end these devices don't last forever so I'm really just betting they're around for another 6 years or so.
What features are you looking to get out of a pfsense that firewalla does not have? I do not think I have outgrown my Firewalla Gold yet, but I am very curious!
Tbh not too sure yet, more just out of curiosity, but mainly so I have a local management portal I might have to install it on a small machine or VM just to try it out a bit first
Thanks for sharing your “thoughts” on this. I switched from Unifi to Untangle and ended up with Firewalla. Have been very happy but not sure how it compares with options you typically use. I was a youtube commenter that requested this so thank so much for listening.
Are you using your Firewalla as the gateway with Unfi AP’s or any other UniFi products? If so, I would love to be able to ask you a few questions! Essentially, are there any Unifi features I cannot use by using my Firewalla Gold as my router compared to using a UniFi gateway? I don’t think so because it seems like everything with UniFi runs off of their controller software which I can either spin up using a Docker container directly on my FWG, a different computer on the network, or just buy a CloudKey. Is it correct that I will be able to use all UniFi features even if FWG is my router?
@@SpaceCadet4Jesus it does but I don’t believe the layer 3 inspection is to the level that untangle offers. I had terrible issues with vpn host performance with untangle on a dedicated box which is why I switched away.
@@ystebadvonschlegel3295 👍 thank you for a quick and informative reply. I will look deeper into a Firewalla (replacing a dead Unifi Gateway 3P). Unifi products are getting too hard to get and more finicky to setup.
I have a firewalla purple with a VPN out to surfshark and adgaurd home running on it. This thing has yet to slow down and out performs any other firewall/router I've had. I have fiber and even with the VPN, security features, ad blocking, all that turned on I still hit full gig over my access points.
After doing a summary review on another platform people are very quick to compare this to the wrong sort of product, targeted at the Consumer and very small business, made amazingly simple with an easy to use app
right, and when the backend dies, the product is dead. a firewall that relies on a phone app and some remote server is not a firewall, but a way to exfil customer data for sale.
I was intrigued when I read that it could protect a network just by being plugged into a network next to all other devices rather than gatekeeping at the front. After reading the whitepaper my suspicions were confirmed. The device essentially arp-poisons the whole network, replacing the arp entries of all devices so that they would think it is the default gateway. While it does work, it kinda feels very dirty. I would not plug that into a corporate network, unless I wanted to upset the IT/Network department.
I believe it has two modes; the primary / recommended mode is directly after the modem, ahead of any clients (e.g., a typical wired router setup). I might be wrong tho, never bought it after reading about the hardware bugs with the Purple's upload speed.
@@ikjadoon I think at the time they had the models with only port, so that was the only way it could do what it claimed to do, with the added disadvantage of halfing the port speed (which back then wasn't that big of a deal since the average internet speed was nowhere near a gigabit)
You mean it's taking a page from the Fing Box. Arp poisoning, something I used to do to manipulate local traffic. Oh, the younger days are coming back!
I got the purple so I could fail over the WAN to my phone hotspot since ATT is less reliable in my area than I would like. Insanely simple to use and no fuss.
I have the purple and using two Asus routers for APs on segregated networks. Works great if you have lots of IOT devices, a home NAS, and have a very small business, but want to keep everything segregated.
Firewalla is great for home users to be honest, set one up for the parents and myself and it just works and has every you could need; device rules, vlans, wireguard, adblocking, firewall etc. App works really well and I pay the small fee for their MSP product too. Seems to be rare to see them in tech youtube videos as they don’t seem to sponsor too many videos or send out products for ‘review’.
The only experience I have had with firewalla was about a year and a half ago (so firewalla was pretty new in their defense) and it was rough to work with. The web interface was filled with 'you will be able to do this soon, you can do this on the app'. To me its in a difficult place between a pro firewall that can really do everything you need, and an easy to use router. I think some of the largest trouble I had with it was it rewording traffic into terms like 'flows'. Though this may be more approachable for people just getting into networking.
The premise is that it will connect to the Firewalla using bluetooth on one’s phone. I’ve had this work, and I’ve had it fail. Your point is a good point.@@JasonsLabVideos
@@JasonsLabVideostrue - I have come across that. In that case you’d need to be in Bluetooth range so you can connect with your phone or use the serial port to connect to a compute.
We considered the Firewalla for its simple model & SQM features, but in the end, it just felt risky without a local interface & so much in the cloud (not unlike Alta APs). I get the cloud is cool (we have it on our UniFi & Omada systems) but cloud-maintained networking seems far less reliable than say cloud-based email. There are just too many variables.
you know, i've rather come to hate the word "cloud". it obfuscates and fluffs the real meaning of it being a foreign server/s, who really knows where to boot.
Says cloud is cool, has cloud associated Unifi and cloud required Omada, yet downplays the Firewalla because of seemingly far less reliable service on a product he's never used. Why then pick cloud based equipment? Firewalla is meant for home, very small business and IT installs where it's not hugely complex. Also he doesn't know he can SSH right into the box. Actually, it's low on the variables.
@@SpaceCadet4Jesus Cloud managed infra as a service IAAS... everything is becoming cloud managed nowadays if allowed by security strategy. I do wonder however, how long before their business model dries up and leaves consumers high n dry without updates. Other than that its a great option. I have 8gb internet coming to my area soon. So downsizing boxes isnt an option to save on cost. Funny thing is i would buy it on a subscription model either.
Glad there are plenty of options to select from and use. The switch was simple. At the end of the day I needed something that the wife can use and easily manage if I am not available for X reason. That alone right there is what sold me. I dont need her to pull up a manual or have a degree in IT to do very simple items. If Firewalla moved to a subscription model, I would gladly pay it. If they went under, I would reconsider going back to PFSense or OPNSense. The hardware is not a loss because I was able to flash either PFSense or OPNSense. Quite frankly, I do enough of this at work that I dont want to do it a home.
I had Firewalla as a beta tester when I was sent a microSD card to put in a Raspberry Pi. Jerry Chen was wonderful to work with. The only reason I don’t use Firewalla now is because I have a Ubiquiti setup, so there was no need anymore.
I like the appliance concept, been using Smoothwall since its pre-1.0 era and it's heavily based on this concept. I agree with being uncomfortable with it needing a mobile app for management - that relies on about half a dozen previously or potentially compromised supply chains or proximity to some. It looks like someone saw a QR code and android apps and thought "cool" and blew the budget on development of that ignoring the web component. Supply-chain integrity reliance makes me uncomfortable in this space, a FOSS solution with reputations on the line (for misconfiguration, errors, etc.) may currently be a safer consideration. All that said - there's a lot of value in having a plug'n'go solution that sharply improves security, always for that. We can't cut our noses off to spite our faces in this space.
I have a whole Omada setup at home with multiple EAP's, Switches etc, so this does not really fit into my needs either, but if I was looking for something more simple for friends or family, I would still stay clear of devices that can only be configured via app's. I really dislike the whole idea of getting some hardware that will be completely useless if a company goes under or just drops support. Once these apps are no longer maintained, they will loose compatibility with newer mobile OS versions and you can through these devices into the garbage. Sure TP-Link can stop maintaining the Omada software, but all the devices still have individual Web interfaces from where they can be controlled.
That sounds crazy. I would never buy any network equipment that relies on some cloud server. That's just scary. I could see myself pay for a subscription for web filtering maybe but not the firewall itself.
Has anyone ever told you you look exactly like Eugene Belford ("The Plague") from the 1995 movie Hackers? You don't by any chance arrive at the office each morning riding a skateboard?
So, I'm guessing you need to be online to configure it? How does one set it up before you're online? I mean for my uses App control is a no no, but even doing it as an install for a customer... How does one set it up for them if you're setting up/installing the network and the internet is not connected or unavailable? Genuine question. I guess another similar related thought is what if it blocks something that it actually depends upon for login/configuration and you can't unset that? I'm guessing 'hard reset' would be the only option? I'm all for things adding consumer friendly interfaces, but in my opinion shouldn't come at the cost of the 'regular' interfaces for configuration. The Fritzbox range come to mind, consumer focused, relatively easy to use with auto updates, but fairly configurable if you know what you're doing. It would be nice for a simpler interface option in opnsense (or pfsense) available to make that more of an option for consumer grade installs. I kinda like how glinet do their openwrt routers, their custom interface super simple but you can still access the full luci (or even just install the full openwrt build if you don't want their custom stuff). Just some thoughts :)
@@jbhorner Cheers! I guess that's one way to do it with the 'app' requirement. Although guessing you need internet somehow for downloading the app, so kind of assuming that you have app and mobile data... Still guess that eliminates an 'outage' type scenario. Thank you muchly for the reply :)
The parental controls are incredibly powerful, easy to use, colorful on Firewalla. I run pfSense at home, but other than fancy policy-based routing or DNS things or [gasp] messing with Squid or Squidguard, there's no out-of-the-box parental controls in pfSense. Certainly no visibility or ease of use to put a kid in timeout from one's phone. I almost went with a Firewalla Gold Plus -- they look promising, but the cloud-based management is a dealbreaker. So is the beta web UI (I hate phone apps for most things). And a few reviews on Reddit made me nervous about long-term hardware reliability. I wish Firewalla adopted a model where you can roll your own hardware but maybe pay a one-time perpetual license fee for the software ISO/license key so we can use our own hardware.
I believe you can do that. When I look in the firewalla app, or even in the web UI, it shows me the license key for the software. I remember exploring Firewalla’s community/documentation pages at one point and somebody was talking to their support team about just that. Unfortunately, I believe the only way to purchase a license is to purchase the hardware too. They make it very easy to get their software, but you’d probably have to shell out the cash for the hardware in order to get the license. Their support is phenomenal; maybe try giving them a call and see if they’ll sell you a product key if you really want to go that route!
If only pfsense could take notes on ease of use, maybe an “amateur mode” or something that is easy to use like firewalla. I setup my vpn with ease, etc.
I disagree. Pfsense is still light years ahead here and best part works great in home and business at any scale. All while still be easy to use and configure with a full feature set. I deploy pfsense and protectli hardware and they are bullet proof.
@@carlostavaresjr958 I’m glad it works for you. I tried pfsense a couple different times and wasn’t able to get it up and running correctly. I always had trouble adding my old router as an ap and getting it all to work
@@carlostavaresjr958 Currently looking to replace my UDM-SE with something like opnsense ... protectli looks interesting for a hardware choice, thanks for the tip!
Hey, thanks for the video. Do you have a recommendation besides Firewalla? I am currently using a Unifi Dreams Machine Pro in a colocation and am thinking of swapping it for a Firewalla Gold Pro as I need a firewall to install some custom Linux packages in, would you have any ideas for better alternatives in the 10 GBit range? PFsense is out of the question because of FreeBSD.
I have the Asus gt axe16000 and the lan speeds are atrocious. WiFi is phenomenal though. Thinking about getting a firewalla gold plus and then using my Asus as an access point. I hate not getting full lan speeds. Feel like I wasted 700 bucks on Asus again. Hopefully this will improve my lan speeds finally. Router only gets 700 on LAN while a speed test on it goes up 1400
Try to buy Unifi products nowadays. So much out of stock for months. I bought 4 Unifi AP Pro which took 10 months to finally arrive. Now I need a couple Unifi Gateway 3P and nobody has them, doubt they are even selling them anymore. Gotta get off the Ubiquiti train at next stop.
All the connections are encrypted. You can manage it to the web or through your cell phone app, no matter where you are. 11 months ago I took a leap of faith and bought a firewall of Gold Plus and I'm absolutely in love with it and all its features. The developers are constantly busy providing tips, tricks, notes or updates.
Firewalla does not do SSL inspection and there are commercial firewalls that do offer that but it does require installing a certificate on each end point.
@@LAWRENCESYSTEMS Wow, how can you avoid SSL inspection if someone is using this feature to spy on people? Imagine someone create a WiFi hotspot somewhere in airport, and people connect to it using VPN, thinking that they are safe because traffic is encrypted right? But with SSL Inspection all this traffic gets decrypted, and all your sensitive information can be stolen! Or I’m not right? Who can tell me if I’m wrong or not?
@@vwestTubePerforming SSL inspection to hack into people's systems isn't something just anyone can easily do. It requires a good deal of technical knowledge, the right tools, and physical access to the network. People don't connect to Wi-Fi hotspot through a VPN, as you stated . You connect to Wi-Fi hotspot and then you use a VPN to encrypt your data between yourself and another host. Even if they use SSL inspection they won't be able to get inside your encrypted VPN CONNECTION.
Two ways: 1. Connect a cable and log in using IP address. 2. Connect your cell to a wireless device on same network as Firewalla, open Firewalla app, enter IP address. Easy easy.
I'll stick with my OPNsense box. The phone app part and calling to some remote backend is a no no for me. Thanks for covering this product though, learned that it exists thanks to your video.
2:18 my thoughts: Too expensive. I built an entire computer based pfsense firewall for only a little more than the most expensive firewalla. One gpu and a copy of windows and my firewall will game
Have it run 24/7 and tell us about your energy bill. Apart from the hardware costs, it is heavily tested and the components have been selected for this use case. The NICs alone make a huge difference. In the FW space, there are a lot Intel NIC fanboys for a reason. And not every Intel NIC has the same good reputation. After that, the hardware combination needs to be tested and you have to optimize things for mass production. So there is a quiet high baseline of costs that a home build computer does not have. But the reduced hardware costs will be compensated completely by unexpected issues, increased size and power consumption. A good retail network card is already more expensive than the firewalla top of the line product.
Hey Lawrence really love your content but struggle with talking head mostly videos or static documentation. Perhaps showing the interface, menus, ports etc would be a good during your thoughts. Wanted to see how the product looks and feels which is not necessarily a demo.
He did refer to a couple review videos for that. He simply is only giving his personal opinion since so many people asked. He doesn't have any experience with the latest hardware/software as he said. Light on the details I know.
Free forever and no subscription... Yeah until they are near bankruptcy and need to and get a ton of fallout. Or until somone buys them like McAfee or Symantec/Norton/Broadcom and then overnight they say pay of your hardware is dead. Think of all the smarthome companies that tried that same approach and all went under overnight with no warning.
Smarthome companies were nascent a few years back so it stands to reason. Fortunately, all the smarthome companies I invested in are still going strong.
@@SpaceCadet4Jesus this is where I invested in at first smart things when I was learning how to build a smart home. And I got tired of the constant outages and issues and trouble as it was shortly after Samsung acquired smart things and then release the V3 hub. And so there was a lot of transitions between old app and new app, old hardware new hardware, firmware upgrades, standardizations in their ecosystem, etc. And so about 4 years ago, I decided to deploy home assistant. Where where I have migrated over all my Z-Wave and take me devices, and all the devices that I used on smart things actually worked native on home assistant so I was able to stop using my hub for smart home items, except for my Samsung TVs, refrigerators both of them, washer and dryer, air dresser, etc. But I've even moved over to new items like inovelli switches, in building my own custom sensors and controls with ESP 32 and ESP 8266 SOCs. And now my home has over 160 devices integrated with nearly 1200 various sensor and data readings. So the amount of data my dashboard shows for my smart home tech is insane. Plus with home assistant being able to integrate all my everyday devices into it as well, like cell phone s, and even my car and my wife's truck I can control remote start lock unlock GPS temperature readings speed accelerator pedal position coolant temp engine time running hours odometer oil life just every reading you could think of in your vehicle and controls you can do, I can do native in my home assistant dashboard as well and then even integrated into items like calendar. So if I have a dentist appointment coming up I put the address and the location and I put either ST for my wife's explorer or C7 for my car and the description and 15 minutes before Google says it's time to leave to make your appointment on time that vehicle will automatically remote start and either cool down or heat up. And then automating the baby's crib and nap times where if the baby goes down for a nap I have a mat that detects the baby running on ESP home within ESP32 and then as very sensors for light temperature motion radar MMWave and if the baby is down for a nap during the day the doorbell automatically turns off and the screen on the doorbell says baby's asleep and then if anybody rings it it just notifies my wife's phone or my phone. And when we get the baby up everything goes back to normal doorbell turns back on and will ring the chime and set the house again. And this is all hosted out of my own house not relying on any third party cloud hoping they don't charge
90% or more of my smart home devices require an app for setup. Who doesn't have a smart phone? Yesterday, I just helped a friend, in his late 50's, move from a flip phone to his first smart phone, so I think he might have been the last non-texting non-scrolling adult alive in the US. His scrolling finger definitely doesn't understand what it's supposed to do. Lol.
Terrible as an actual firewall. You can't use any 3rd party blocklists since it limits the number of IP addresses to 200. And you need to buy their subscription to increase to 2000 even though other product its basically unlimited. And their customer service is absolutely terrible.
What.about.NOPE. This is a nightmare. I would never ever depend on a device like this for such a delicate role, that forces me to use some bullshit mobile app; that forces me to hope the company will be operating for as many years in the future as I plan to use the device just to use it (WTF*cking hell is this sh1t!); which doesn’t have a straight way to directly access to it, and operate it. What a load of nonsense! Data sovereignty, compute sovereignty, encryption sovereignty,and comms sovereignty as much as possible. Thanks for the review, Tom.
let me tell you: $300 plus..., some of them 600... - that is a good business and it might disappear before it goes to paid subscription... why would they stay long if they can collect millions and move to another "project"
"This is not a bad business model" Narrator: It was a bad business model. Doesn't really seem sustainable. Anyway, I'm getting so sick of these startups offering crap products with "free" (lol) services that rely on some third-party server somewhere "in the cloud". Firewalla, Tailscale, zerotier, etc.... You're always better off self-hosting and self-owning your infrastructure. Don't give up privacy and security for a bit of convenience.
For some of us, the ease of use has value that makes the pricing not quite as ludicrous :) it’s expensive in my eyes but when I see how much it’s blocking everyday for me, I love it. My wife hates ad block which tickles me every time she says something about it 😂😂😂 I tried pfsense but as someone who is techie (but not a networking expert) it was just too much to configure
@@essdee800i want to say I'm the same way, a techie but not a networking expert. Does the manufacturer send out a list of known bad actors included in the block list?
Been using Firewalla for awhile, professionally and personally. Love it. Would recommend.
Yeah no.
Can you tell us what you love about it?
@@2guysfishing198 Ease of use, great performance, and it has helped us on numerous occasions to diagnose ISP issues and have transparency of what's connecting in our networks.
@@2guysfishing198Firewalla's active developers releasing updates, tips and tricks newsletter. Easy management accessible from anywhere without security risks. VLan performance is great. Reporting and easy category blocking. Pretty much set and forget. It does need option to automatically send reports to email or log server. Developers say they're going to work on that. I like it so much for my personal use, that I'm recommending it to every one of my clients. Of course I'll set it up and install it for them.
I love my Firewalla Gold! I have had it for a few years now. Also, their support, community, abd documentation is incredible!
my dad is using it on me and im adult
Thank you for making a thoughts video on this topic, really love your videos and engagement with comments!
Working as a MSP im more accustomed to using Sonicwall and Fortinet security appliances but i've recently began researching a solution like Firewalla for small buisness customers who don't have the means nor need for a posture that requires more hands on and works in a semi-automated state. Thank you for your insight! I think it would probably be for customers who need more than the built in features of ISP gateways but don't need a highly robust solution. I find personally that employee education and EDR solutions tend to be a more effective use of IT spending. Thank you again for taking the time to give input on Firewalla
The problem with this model is almost always they end up with a paid subscription at some point. I mean, people aren't going to keep buying them forever - eventually the user base tops out.
I think the solution is to make a device for small to mid-sized businesses with enhanced features and charge a subscription for those devices... and then maybe adding a few advanced features to consumer level devices and making those features subscription.
A free web browser based option is available.
If you need to control more than a single Firewalla for remote sites, there are two subscription based plans, beyond the FREEBIE, cheaper than Pfsense.
Can't fairly fault the device on what companies might or might not do in the future.
Pfsense has changed to a tiered yearly subscription in Oct 2023 so no more freebies or updates without subscription on the previously free software only version of home+lab.
I'm using a firewalla gold at home as an upgrade from the ISP provided router for a few years now, at the time it was a good compromise between ease of use and the features I wanted. They definitely have been keeping up with adding features and updates which is nice. And while the phone based dashboard can be handy I do wish the web-based UI was more useful (and locally accessed).
With the options out there today I likely go with something else when I upgrade but for now it's been working great for my small home needs
I'm curious, what option would you choose these days?
Probably one of those small fanless N305 PCs (Serve the Home reviewed one recently) with pf sense or opn sense.
I really have no issue with the firewalla and it's still going strong but if I was spending 500-600USD/GBP (yay for import tax) on a router there's tons of options now
And since the nightmare I had with netgear's insight I wanna stay away from anything that needs to "phone home" or require a service to work
@@MarcBehar I've been using pfsense for over 15 years and it serves me well. I have a couple of kids now though and I'm looking at firewalla as a solution to keep better tabs on what the kiddos are doing online while allowing me to keep my vlans and network segmentation for my home office. I understand the cloud based control issues but I honestly trust a company whose sole source of revenue is from this product more than a multinational corporation. In the end these devices don't last forever so I'm really just betting they're around for another 6 years or so.
What features are you looking to get out of a pfsense that firewalla does not have?
I do not think I have outgrown my Firewalla Gold yet, but I am very curious!
Tbh not too sure yet, more just out of curiosity, but mainly so I have a local management portal
I might have to install it on a small machine or VM just to try it out a bit first
Thanks for sharing your “thoughts” on this. I switched from Unifi to Untangle and ended up with Firewalla. Have been very happy but not sure how it compares with options you typically use. I was a youtube commenter that requested this so thank so much for listening.
Are you using your Firewalla as the gateway with Unfi AP’s or any other UniFi products?
If so, I would love to be able to ask you a few questions!
Essentially, are there any Unifi features I cannot use by using my Firewalla Gold as my router compared to using a UniFi gateway?
I don’t think so because it seems like everything with UniFi runs off of their controller software which I can either spin up using a Docker container directly on my FWG, a different computer on the network, or just buy a CloudKey.
Is it correct that I will be able to use all UniFi features even if FWG is my router?
@@gmennc2648 yes I am. You can’t use any of the unifi routing features obviously such as packet inspection and security but the WAPs work fine.
@@ystebadvonschlegel3295 Doesn't the firewalla provide it's own packet inspection, monitoring and reporting?
@@SpaceCadet4Jesus it does but I don’t believe the layer 3 inspection is to the level that untangle offers. I had terrible issues with vpn host performance with untangle on a dedicated box which is why I switched away.
@@ystebadvonschlegel3295 👍 thank you for a quick and informative reply. I will look deeper into a Firewalla (replacing a dead Unifi Gateway 3P). Unifi products are getting too hard to get and more finicky to setup.
I was looking at getting one, but needing the cloud to manage the device is a deal breaker for me.
Indeed!
I have a Unifi setup that is managed via cloud interface, so I don't really care. Pretty sure there is a console port on Firewalla anyways.
I have a firewalla purple with a VPN out to surfshark and adgaurd home running on it. This thing has yet to slow down and out performs any other firewall/router I've had. I have fiber and even with the VPN, security features, ad blocking, all that turned on I still hit full gig over my access points.
Kyle, what brand APs are you using?
After doing a summary review on another platform people are very quick to compare this to the wrong sort of product, targeted at the Consumer and very small business, made amazingly simple with an easy to use app
right, and when the backend dies, the product is dead. a firewall that relies on a phone app and some remote server is not a firewall, but a way to exfil customer data for sale.
I was intrigued when I read that it could protect a network just by being plugged into a network next to all other devices rather than gatekeeping at the front. After reading the whitepaper my suspicions were confirmed. The device essentially arp-poisons the whole network, replacing the arp entries of all devices so that they would think it is the default gateway.
While it does work, it kinda feels very dirty. I would not plug that into a corporate network, unless I wanted to upset the IT/Network department.
I believe it has two modes; the primary / recommended mode is directly after the modem, ahead of any clients (e.g., a typical wired router setup). I might be wrong tho, never bought it after reading about the hardware bugs with the Purple's upload speed.
That was the original device and the current entry level device. Most of their devices are traditional routers.
@@stevevuoso8411 Thanks for the info, it was indeed some years ago last time I looked at those.
@@ikjadoon I think at the time they had the models with only port, so that was the only way it could do what it claimed to do, with the added disadvantage of halfing the port speed (which back then wasn't that big of a deal since the average internet speed was nowhere near a gigabit)
You mean it's taking a page from the Fing Box. Arp poisoning, something I used to do to manipulate local traffic. Oh, the younger days are coming back!
I got the purple so I could fail over the WAN to my phone hotspot since ATT is less reliable in my area than I would like. Insanely simple to use and no fuss.
I have the purple and using two Asus routers for APs on segregated networks. Works great if you have lots of IOT devices, a home NAS, and have a very small business, but want to keep everything segregated.
Firewalla is great for home users to be honest, set one up for the parents and myself and it just works and has every you could need; device rules, vlans, wireguard, adblocking, firewall etc. App works really well and I pay the small fee for their MSP product too. Seems to be rare to see them in tech youtube videos as they don’t seem to sponsor too many videos or send out products for ‘review’.
Nice thoughts on this product. Modest, but educated opinions. Thank you.
The only experience I have had with firewalla was about a year and a half ago (so firewalla was pretty new in their defense) and it was rough to work with. The web interface was filled with 'you will be able to do this soon, you can do this on the app'.
To me its in a difficult place between a pro firewall that can really do everything you need, and an easy to use router. I think some of the largest trouble I had with it was it rewording traffic into terms like 'flows'. Though this may be more approachable for people just getting into networking.
Fully agree, my biggest issue would be WHAT if you have no internet you can't log into the device ? :(
The premise is that it will connect to the Firewalla using bluetooth on one’s phone. I’ve had this work, and I’ve had it fail. Your point is a good point.@@JasonsLabVideos
@@JasonsLabVideostrue - I have come across that. In that case you’d need to be in Bluetooth range so you can connect with your phone or use the serial port to connect to a compute.
@@JasonsLabVideosyou can SSH into the box with no internet. It's a feature now. Add apps, docker containers and more has been added.
MEH! @@SpaceCadet4Jesus
I dunno.... something about requiring the cloud to manage a local firewall device really bothers me.
I like mine. After trying pfsense which was a little too much for me as an amateur.
We considered the Firewalla for its simple model & SQM features, but in the end, it just felt risky without a local interface & so much in the cloud (not unlike Alta APs). I get the cloud is cool (we have it on our UniFi & Omada systems) but cloud-maintained networking seems far less reliable than say cloud-based email. There are just too many variables.
you know, i've rather come to hate the word "cloud".
it obfuscates and fluffs the real meaning of it being a foreign server/s, who really knows where to boot.
Nice attempt at shilling Alta
Says cloud is cool, has cloud associated Unifi and cloud required Omada, yet downplays the Firewalla because of seemingly far less reliable service on a product he's never used. Why then pick cloud based equipment?
Firewalla is meant for home, very small business and IT installs where it's not hugely complex.
Also he doesn't know he can SSH right into the box.
Actually, it's low on the variables.
@@SpaceCadet4Jesus Cloud managed infra as a service IAAS... everything is becoming cloud managed nowadays if allowed by security strategy. I do wonder however, how long before their business model dries up and leaves consumers high n dry without updates. Other than that its a great option. I have 8gb internet coming to my area soon. So downsizing boxes isnt an option to save on cost. Funny thing is i would buy it on a subscription model either.
Glad there are plenty of options to select from and use. The switch was simple. At the end of the day I needed something that the wife can use and easily manage if I am not available for X reason. That alone right there is what sold me. I dont need her to pull up a manual or have a degree in IT to do very simple items. If Firewalla moved to a subscription model, I would gladly pay it. If they went under, I would reconsider going back to PFSense or OPNSense. The hardware is not a loss because I was able to flash either PFSense or OPNSense. Quite frankly, I do enough of this at work that I dont want to do it a home.
Fancy new Hairstyle, looking good, Tom!
Thanks
I have a Firewalla Gold Plus for home use. I like it, I replaced a pfsense fw with it.
What would be some “cheap” commercial grade firewalls that are acceptable for home use?
Netgate 2100 is a solid choice.
How easy is it to configure when compared to firewalla?@@LAWRENCESYSTEMS
Thanks for sharing your thoughts!
I had Firewalla as a beta tester when I was sent a microSD card to put in a Raspberry Pi. Jerry Chen was wonderful to work with. The only reason I don’t use Firewalla now is because I have a Ubiquiti setup, so there was no need anymore.
I like the appliance concept, been using Smoothwall since its pre-1.0 era and it's heavily based on this concept. I agree with being uncomfortable with it needing a mobile app for management - that relies on about half a dozen previously or potentially compromised supply chains or proximity to some. It looks like someone saw a QR code and android apps and thought "cool" and blew the budget on development of that ignoring the web component. Supply-chain integrity reliance makes me uncomfortable in this space, a FOSS solution with reputations on the line (for misconfiguration, errors, etc.) may currently be a safer consideration.
All that said - there's a lot of value in having a plug'n'go solution that sharply improves security, always for that. We can't cut our noses off to spite our faces in this space.
What are your thoughts on sonicwalla?
Is hot garbage a thought or a feeling
? 😜
I have a whole Omada setup at home with multiple EAP's, Switches etc, so this does not really fit into my needs either, but if I was looking for something more simple for friends or family, I would still stay clear of devices that can only be configured via app's. I really dislike the whole idea of getting some hardware that will be completely useless if a company goes under or just drops support. Once these apps are no longer maintained, they will loose compatibility with newer mobile OS versions and you can through these devices into the garbage. Sure TP-Link can stop maintaining the Omada software, but all the devices still have individual Web interfaces from where they can be controlled.
That sounds crazy. I would never buy any network equipment that relies on some cloud server. That's just scary. I could see myself pay for a subscription for web filtering maybe but not the firewall itself.
Yet this is what almost all companies are forced to do
Yup, almost every corporate firewall has some form of cloud based services. Even if they fully own the hardware onsite.
Has anyone ever told you you look exactly like Eugene Belford ("The Plague") from the 1995 movie Hackers? You don't by any chance arrive at the office each morning riding a skateboard?
Nope, but I do like Fisher Stevens as an actor.
"Mr Tom Lawrence?"
"my name isn't Tom Lawrence, my name is The Plague"
"uh..Mr The Plague?"
Whilst I freely admit I am not the target audience for this, having it run by a phone app is a hard no for me.
The Firewalla AP7 cannot connect to another router (ISP router) using wifi so I can connect all my devices to the Frewalla AP.
So, I'm guessing you need to be online to configure it? How does one set it up before you're online? I mean for my uses App control is a no no, but even doing it as an install for a customer... How does one set it up for them if you're setting up/installing the network and the internet is not connected or unavailable? Genuine question. I guess another similar related thought is what if it blocks something that it actually depends upon for login/configuration and you can't unset that? I'm guessing 'hard reset' would be the only option?
I'm all for things adding consumer friendly interfaces, but in my opinion shouldn't come at the cost of the 'regular' interfaces for configuration. The Fritzbox range come to mind, consumer focused, relatively easy to use with auto updates, but fairly configurable if you know what you're doing.
It would be nice for a simpler interface option in opnsense (or pfsense) available to make that more of an option for consumer grade installs. I kinda like how glinet do their openwrt routers, their custom interface super simple but you can still access the full luci (or even just install the full openwrt build if you don't want their custom stuff).
Just some thoughts :)
On first setup or Internet down scenarios, it uses Bluetooth for connectivity with the app on the phone.
@@jbhorner Cheers! I guess that's one way to do it with the 'app' requirement. Although guessing you need internet somehow for downloading the app, so kind of assuming that you have app and mobile data... Still guess that eliminates an 'outage' type scenario. Thank you muchly for the reply :)
Can I just make an extra Raspberry Pi into a similar-working firewall?
The parental controls are incredibly powerful, easy to use, colorful on Firewalla. I run pfSense at home, but other than fancy policy-based routing or DNS things or [gasp] messing with Squid or Squidguard, there's no out-of-the-box parental controls in pfSense. Certainly no visibility or ease of use to put a kid in timeout from one's phone.
I almost went with a Firewalla Gold Plus -- they look promising, but the cloud-based management is a dealbreaker. So is the beta web UI (I hate phone apps for most things). And a few reviews on Reddit made me nervous about long-term hardware reliability. I wish Firewalla adopted a model where you can roll your own hardware but maybe pay a one-time perpetual license fee for the software ISO/license key so we can use our own hardware.
I believe you can do that. When I look in the firewalla app, or even in the web UI, it shows me the license key for the software.
I remember exploring Firewalla’s community/documentation pages at one point and somebody was talking to their support team about just that. Unfortunately, I believe the only way to purchase a license is to purchase the hardware too.
They make it very easy to get their software, but you’d probably have to shell out the cash for the hardware in order to get the license.
Their support is phenomenal; maybe try giving them a call and see if they’ll sell you a product key if you really want to go that route!
If only pfsense could take notes on ease of use, maybe an “amateur mode” or something that is easy to use like firewalla. I setup my vpn with ease, etc.
I disagree. Pfsense is still light years ahead here and best part works great in home and business at any scale. All while still be easy to use and configure with a full feature set. I deploy pfsense and protectli hardware and they are bullet proof.
@@carlostavaresjr958 I’m glad it works for you. I tried pfsense a couple different times and wasn’t able to get it up and running correctly. I always had trouble adding my old router as an ap and getting it all to work
@@carlostavaresjr958 Currently looking to replace my UDM-SE with something like opnsense ... protectli looks interesting for a hardware choice, thanks for the tip!
Time to take another look.
How did you fix your broken hand that fast????
My collar bone & ribs broke, it has healed enough for me to take off the sling for recording.
@@LAWRENCESYSTEMS maybe it is the hot sauce that increases healing factor ;)
Hey, thanks for the video. Do you have a recommendation besides Firewalla? I am currently using a Unifi Dreams Machine Pro in a colocation and am thinking of swapping it for a Firewalla Gold Pro as I need a firewall to install some custom Linux packages in, would you have any ideas for better alternatives in the 10 GBit range? PFsense is out of the question because of FreeBSD.
An average consumer will just get a wifi router not this thing.
I have the Asus gt axe16000 and the lan speeds are atrocious. WiFi is phenomenal though. Thinking about getting a firewalla gold plus and then using my Asus as an access point. I hate not getting full lan speeds. Feel like I wasted 700 bucks on Asus again. Hopefully this will improve my lan speeds finally. Router only gets 700 on LAN while a speed test on it goes up 1400
Great video. Time for a review of the Gold Plus or maybe the upcoming Gold SE. 😉
Don’t most wireless routers have the same features built-in?
No.
Good video Tom !
Pricing themselves as much as a Dream machine from Ubiquiti, kills it straight away, just too expensive.
Thanks for your thoughts Tom.
You're really paying for the incredibly robust CI/CD they put into it. In comparison, Ubiquiti is extremely slow to offer fixes or improvements.
@@Phitur1 You are miss-informed, sorry.
@@ralmslb No, that's from my own direct experience with both products.
Try to buy Unifi products nowadays. So much out of stock for months. I bought 4 Unifi AP Pro which took 10 months to finally arrive. Now I need a couple Unifi Gateway 3P and nobody has them, doubt they are even selling them anymore. Gotta get off the Ubiquiti train at next stop.
It seems like having something goto the cloud and back woulsnt be as secure as pfsense though? Am i wtong i dont know kuch about networks
All the connections are encrypted. You can manage it to the web or through your cell phone app, no matter where you are. 11 months ago I took a leap of faith and bought a firewall of Gold Plus and I'm absolutely in love with it and all its features. The developers are constantly busy providing tips, tricks, notes or updates.
I honestly thought it was James May from Grand Tour TV Show now talking techy stuff.
Great video though. 😊
is there something similar to firewalla to do ssl inspection !!??
Firewalla does not do SSL inspection and there are commercial firewalls that do offer that but it does require installing a certificate on each end point.
wish there is a homelab version / non commercial ones @@LAWRENCESYSTEMS
@@LAWRENCESYSTEMS
Wow, how can you avoid SSL inspection if someone is using this feature to spy on people?
Imagine someone create a WiFi hotspot somewhere in airport, and people connect to it using VPN, thinking that they are safe because traffic is encrypted right? But with SSL Inspection all this traffic gets decrypted, and all your sensitive information can be stolen! Or I’m not right? Who can tell me if I’m wrong or not?
@@vwestTubePerforming SSL inspection to hack into people's systems isn't something just anyone can easily do. It requires a good deal of technical knowledge, the right tools, and physical access to the network.
People don't connect to Wi-Fi hotspot through a VPN, as you stated . You connect to Wi-Fi hotspot and then you use a VPN to encrypt your data between yourself and another host.
Even if they use SSL inspection they won't be able to get inside your encrypted VPN CONNECTION.
So what do you do if there is an internet access issue that you need to fix or troubleshoot? If it doesn't have internet access how do you access it?
Two ways:
1. Connect a cable and log in using IP address.
2. Connect your cell to a wireless device on same network as Firewalla, open Firewalla app, enter IP address.
Easy easy.
Firewalla is everything I've been looking for, but that price is just soo steep.
After this review PFsense is still FTW! Anything cloud managed is a deal breaker for me as when companies go out of business do does the device.
Stacey kind of lost me when she said it had DPS :(
I wanted to watch the whole thing but as soon as you mentioned phone app and reliance on cloud features I was out.
I'll stick with my OPNsense box. The phone app part and calling to some remote backend is a no no for me. Thanks for covering this product though, learned that it exists thanks to your video.
now,how about MikroTik? 😊
Already did a review on this channel for them
At one point I wanted to get a Firewalla but decided to instead use a mini pc with two NICs and installed OPNsense no regrets.
What mini pc did you go with?
2:18 my thoughts: Too expensive. I built an entire computer based pfsense firewall for only a little more than the most expensive firewalla. One gpu and a copy of windows and my firewall will game
Have it run 24/7 and tell us about your energy bill. Apart from the hardware costs, it is heavily tested and the components have been selected for this use case. The NICs alone make a huge difference. In the FW space, there are a lot Intel NIC fanboys for a reason. And not every Intel NIC has the same good reputation. After that, the hardware combination needs to be tested and you have to optimize things for mass production. So there is a quiet high baseline of costs that a home build computer does not have. But the reduced hardware costs will be compensated completely by unexpected issues, increased size and power consumption. A good retail network card is already more expensive than the firewalla top of the line product.
That hair is killing me, love all the content though.
Hey Lawrence really love your content but struggle with talking head mostly videos or static documentation. Perhaps showing the interface, menus, ports etc would be a good during your thoughts. Wanted to see how the product looks and feels which is not necessarily a demo.
He did refer to a couple review videos for that. He simply is only giving his personal opinion since so many people asked. He doesn't have any experience with the latest hardware/software as he said. Light on the details I know.
Will this stop the endless comments asking for a firewalla review? Probably not. 😂
I don't expect it to, but now I can type less and just reply with this video.
Free forever and no subscription... Yeah until they are near bankruptcy and need to and get a ton of fallout. Or until somone buys them like McAfee or Symantec/Norton/Broadcom and then overnight they say pay of your hardware is dead. Think of all the smarthome companies that tried that same approach and all went under overnight with no warning.
Smarthome companies were nascent a few years back so it stands to reason. Fortunately, all the smarthome companies I invested in are still going strong.
@@SpaceCadet4Jesus this is where I invested in at first smart things when I was learning how to build a smart home. And I got tired of the constant outages and issues and trouble as it was shortly after Samsung acquired smart things and then release the V3 hub. And so there was a lot of transitions between old app and new app, old hardware new hardware, firmware upgrades, standardizations in their ecosystem, etc. And so about 4 years ago, I decided to deploy home assistant. Where where I have migrated over all my Z-Wave and take me devices, and all the devices that I used on smart things actually worked native on home assistant so I was able to stop using my hub for smart home items, except for my Samsung TVs, refrigerators both of them, washer and dryer, air dresser, etc. But I've even moved over to new items like inovelli switches, in building my own custom sensors and controls with ESP 32 and ESP 8266 SOCs. And now my home has over 160 devices integrated with nearly 1200 various sensor and data readings. So the amount of data my dashboard shows for my smart home tech is insane. Plus with home assistant being able to integrate all my everyday devices into it as well, like cell phone s, and even my car and my wife's truck I can control remote start lock unlock GPS temperature readings speed accelerator pedal position coolant temp engine time running hours odometer oil life just every reading you could think of in your vehicle and controls you can do, I can do native in my home assistant dashboard as well and then even integrated into items like calendar. So if I have a dentist appointment coming up I put the address and the location and I put either ST for my wife's explorer or C7 for my car and the description and 15 minutes before Google says it's time to leave to make your appointment on time that vehicle will automatically remote start and either cool down or heat up. And then automating the baby's crib and nap times where if the baby goes down for a nap I have a mat that detects the baby running on ESP home within ESP32 and then as very sensors for light temperature motion radar MMWave and if the baby is down for a nap during the day the doorbell automatically turns off and the screen on the doorbell says baby's asleep and then if anybody rings it it just notifies my wife's phone or my phone. And when we get the baby up everything goes back to normal doorbell turns back on and will ring the chime and set the house again. And this is all hosted out of my own house not relying on any third party cloud hoping they don't charge
phone app.... 😞
Requiring an app is like re-inventing the wheel to only work with Apple or Google brand tires.
90% or more of my smart home devices require an app for setup. Who doesn't have a smart phone? Yesterday, I just helped a friend, in his late 50's, move from a flip phone to his first smart phone, so I think he might have been the last non-texting non-scrolling adult alive in the US. His scrolling finger definitely doesn't understand what it's supposed to do. Lol.
When I got to the "no web browser access" I just stopped the video. Enough for me. Thanks for doing the video. Next candidate please...
Terrible as an actual firewall. You can't use any 3rd party blocklists since it limits the number of IP addresses to 200. And you need to buy their subscription to increase to 2000 even though other product its basically unlimited.
And their customer service is absolutely terrible.
Do I need this? I'm a simple man, I stream, email, make purchases, and stream my security camera.
You might be a simple man but you're not doing Simple Things.
What.about.NOPE. This is a nightmare. I would never ever depend on a device like this for such a delicate role, that forces me to use some bullshit mobile app; that forces me to hope the company will be operating for as many years in the future as I plan to use the device just to use it (WTF*cking hell is this sh1t!); which doesn’t have a straight way to directly access to it, and operate it. What a load of nonsense! Data sovereignty, compute sovereignty, encryption sovereignty,and comms sovereignty as much as possible. Thanks for the review, Tom.
let me tell you: $300 plus..., some of them 600... - that is a good business and it might disappear before it goes to paid subscription... why would they stay long if they can collect millions and move to another "project"
that's nice, I'll buy it if I can put pfsense on it
Lol first time seeing you with a different hairstyle.
Jesus, is that you? :)
I don't think his broken collar bone allows him to fit on the cross though.
Cloud? Possible paid subscription? Nope!
"This is not a bad business model"
Narrator: It was a bad business model. Doesn't really seem sustainable.
Anyway, I'm getting so sick of these startups offering crap products with "free" (lol) services that rely on some third-party server somewhere "in the cloud".
Firewalla, Tailscale, zerotier, etc.... You're always better off self-hosting and self-owning your infrastructure. Don't give up privacy and security for a bit of convenience.
"Hey Tom Lawrence here, Jesus of IT" :D
Having no subscriptions is very nice.
Tom, you're looking like a refined version of WWF wrestler HHH. 😊
botnet firewall
you need to let your hair down more !!!
First ever Muslim Firewall: fire wallah wallah
Please get the haircut. You look better with short hair! Otherwise great informational video as usual.
Pretty sure his hair was around that length before. He just had it in a ponytail. I don’t think the content gets better or worse due to hairstyle.
What is this hairstyle? I mean dude come on
What does that have to do with the content?
so you just complained about the no monthly fees. great thoughts.. Anything else I should be concerned about?
Use it if it fits your needs.
Ludicrous pricing.
For some of us, the ease of use has value that makes the pricing not quite as ludicrous :) it’s expensive in my eyes but when I see how much it’s blocking everyday for me, I love it. My wife hates ad block which tickles me every time she says something about it 😂😂😂 I tried pfsense but as someone who is techie (but not a networking expert) it was just too much to configure
You're really paying for the CI/CD which is very robust and responsive. In contrast, Ubiquiti's CI/CD is like a snail.
Alright you have me persuaded.
Well thats one time pay for they’re included service they maintain for all features they offer, I think that comes with a price
@@essdee800i want to say I'm the same way, a techie but not a networking expert. Does the manufacturer send out a list of known bad actors included in the block list?