Firewalla Gold: My review of the Home Firewall Device


TL;DR: The Firewalla Gold is the best in breed model of the Firewalla devices for internet security. It was purpose built to allow for traffic speeds in excess of today’s 1 Gb/sec standards for Fiber to the premises at present. It isn’t cheap at $418 USD, but for a device built for those inclined to have better insight into their traffic with controls, it is the best-in-class I’ve seen.

Disclaimer: I have no interest or ownership in Firewalla, other than being an owner of the devices themselves. As a consumer, this is my opinion of their product.

Home Firewalls have long been a tool that I have both desired and implemented. I’ve been using them since having a 14.4K modem connection to the Internet was considered fast. They haven’t all been shining examples of well-developed software. Many worked ‘fair enough’ but very few worked at a scale that made them workable for my tastes. There were always issues with the software firewalls, and they don’t prevent the ingress/egress of data so well.

Some software based firewalls dropped off the markets when it was discovered that they weren’t actually there to prevent access, so much as there to facilitate the spread of malware to the consumer market. I won’t name those, but needless to say I do recall that happening in the dark world of phony software provided to users.

The router based firewalls within most internet devices are mostly useless. The Stateful firewalls provide little in the way of configuration, and even less in terms of actual insight into your traffic. I’ve used a lot of tools in routers, but they all lack the comfortable access control that I wanted. At least until I ran into the Firewalla series of devices.

Oh. I’ve run some of the more familiar tools and I would never attach a device to any network without some sort of protection for that device. Some firewalls are extremely noisy, requiring lots of time to adopt and adapt to your patterns in order to facilitate the proper rules you require. Some presume you’re too busy to do anything and just grant access to everything. None really did what I wanted until I found the Gold.

I’ve always dreamed of the firewall that could do some simple things:

  • Allow me to know what is connected to my network
  • Allow me to decide if a device should be trusted and/or granted access
  • Block unwanted traffic (we get a lot of this traffic everyday!)
  • Stop any device that connects to my network from traversal
  • Stops ads without needing additional work
  • Allow me to approve/remove access to devices as needed
  • Allow me to group devices and apply rules
  • Send me a notification of a new device gaining network access
  • Send me alerts/alarms for my network
  • Work with my mobile device

Well, I found such a device in the Firewalla Gold. It checks all of those boxes and more. It has both a web interface and a mobile interface. Better still, it is not a fixed deployment, instead, the developers take a very agile approach and deploy continuously to the devices. If you are like me, you can choose to opt-in to the Beta test program and review the work-in-progress and have early access to new features. You don’t have to do any extra work other than opt-in because the updates are pushed to your device.

If you read the above and started wondering, how do they do that with a web interface on the device and not go slow? The secret is in the way that they deploy the updates. The Firewalla developers have built a system that delivers in the cloud so that they aren’t doing massive push out when a new feature is made available to the web UI. Instead, a user signs in from the mobile UI using a QR code and authorizes access to the purpose spun-up VM for that instance. Features exist on that VM when needed, and are spun-down when not in use. That is brilliant, as newer features can be delivered much faster to users. I can attest that the team are delivering many new features to their users. This feels like a product that delivers on the promise of what I have wanted for a very long time.

For those wondering what the Web UI looks like, here are a few screenshots:

Main Dashboard
Rules
Groups
Traffic Insights

What is even better than all of this is that the WebUI is not even the best UI for the system. The mobile application has every feature that the system allows:

  • Active Protect
  • Ad Block
  • DDNS
  • DNS over HTTPS
  • Data Usage
  • Device Port Scan
  • Family
  • Firewalla Web
  • Network
  • New Device Quarantine
  • Open Ports
  • Routes
  • Smart Queue
  • VPN Server
  • VPN Client

You can even see which entity is actively probing your network (and being blocked). I am constantly amazed at how brazen some of these actors are, even going so far as to proclaim that they aren’t actively trying to harm your network, they’re just innocent researchers and if you don’t wish to be probed, just send us your details and we won’t (and if you buy that, I can sell you some ocean view property in the center of Death Valley).

It is interesting to see the nation state actors probing (some are better than others in hiding it) networks, but that is to be expected when we have so much spam that they can use to hide the traffic. CAN-SPAM was clear in the title, they CAN spam you after all.

I pair the Firewall Gold with my WiFi and have a lot less worry these days. I’ve tested it by checking device access by allowing a device to have WiFi access to my network. It doesn’t do much for the intruder, there is connection in the form of an IP, but that device is quarantined and not going anywhere. No amount of effort works to move out of quarantine unless granted by the admin. After all, that’s what it is there for to control ingress,access and egress.

If you’ve got the funds, then I recommend the device for the technically savvy. The Firewall Gold can handle traffic up to 2.5 Gb/sec. It’s my future-proof device as speeds and bandwidth increase. This is software delivery with real agility and I am impressed.

It has my vote for Consumer cybersecurity product of the year, and I am a hard person to impress.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s