Stumbled across a new-ish firewall device, unknown to me

Has anyone ever heard of or used an edge device from a company called FireWalla? They claim it’s founded by former Cisco employees.

[https://www.indiegogo.com/projects/firewalla-gold-multi-gigabit-cyber-security#/
FireWalla Gold - IndieGoGo

[https://firewalla.com/ FireWalla corp site.

They are launching a gold (crowd sourced) version with Wifi and more. They claim each port is ‘completely independant and running as a layer 3’, powered by a quad core AES-NI compliant 2 ghz Celeron.

When I asked them how it compared to an established security OS such as pFsense, I never received a reply. So I wondered if anyone else has heard of them or has further insights into the devices or the company’s rep.

It’s a mystery box firewall with very little technical details. Probably great for the consumer market that wants something that “Just Works” with some nice menus. Their site has very few technical details and plenty of marketing.

3 Likes

I guess i’m better off buying a 6 port protect-li for that price and putting OPNsense or Pfsense on it for that price. :slight_smile:

Another crowd funded ruse. OEM box out of China and some shinny marketing.

P.S. I really need to look into this whole crowd funding scam. They bamboozled over 1.5M from victims.

3 Likes

If not details don’t fall for the marketing BS.

On the bright side, it’s a commodity fanless Intel Celeron (hopefully not one with known life deterioration and die issues) based firewall running Ubuntu, so when victims eventually see through the ruse, they might be able to install pfSense CE to recoup some of their lost coins.

Gamble with any one of theses low cost alternatives out of China
https://www.alibaba.com/trade/search?fsb=y&IndexArea=product_en&CatId=&SearchText=firewall

Or just buy one that has been vetted and provides US domestic support. I have 2.

Oh i’ve already set my sights on the 6 port Protectli with i5 processor. I just saw that firewalla thing pop-up and thought “hm that looks cool, wonder if anyone with any real technical background has actually spent serious hands on time with one of these”.

Only the victims have any “experience” with it, who are highly unlikely to admit they were duped out of pure embarrassment, they had to agree to a NDA, or they are paid reviewers.

I bought one of these little guys 10 months ago to add to my network not expecting much but have actually loved the thing. So much so, that I was an early bird supporter for the gold and should get it in a couple weeks. No, it’s not quite as configurable as pfsense. And yes, it’s marketed more at the consumer side but honestly, it’s got a lot of knobs for techies if you know where to look. The gold is definitely more geared for techies. I don’t see anyone like my parents buying the Firewalla gold. Anyway, it’s a Linux box and you have full shell access so there’s that if you want to run tcpdump, mess with iptables, or install different packages. The code is open source on GitHub. Technically it’s a firewall, router (gold version), IDS/IPS and DNS server. IDS engine is Zeek (formally bro). It is inline. It will intercept and rewrite all plaintext DNS to your provider configured on the box (I like quad9). It extracts net flows really well. Will store those for 24 hours right now for lan, client, and group. Can’t export logs yet but working on it at my and a few other techies behest. Does bandwidth monitoring for lan, per client, and per group for 30 days, 24 hours, and 60 minutes. Monitors for abnormal uploading and sends notifications which is great to keep an eye on your IoT stuff. Shows you top uploaded and downloaded domains for the past 24 hours per client and the lan. You can do whitelist, blacklist, domain block, full block, port block, ip block, ip range block, geo-ip block per client, group, or globally. A lot of parenting tools but I don’t use those as my son is only a year and a half. Just shipped DoH a few months ago to Cloudflare, quad9, opendns for now, they claim more in the future. The devs are great and respond quickly. Since they are a startup they actually take suggestions and ship them via software updates. This has happened with me multiple times. My latest suggestion was to add a direct link to whois, ipinfo, cisco talos on all domains and ip’s in the net flows and that just shipped a week ago or so along with showing all open ports on clients and a few other things. You can create groups and apply policies to those groups like IoT for example. It’s got a vpn server (open vpn) but they are working on wireguard now, vpn client (which will go nicely with PBR in the gold.) The gold will have vlans, qos, WAN failover, policy based routing, docker containers etc. So I will probably install pihole in a container on my actual router (gold). I’ve talked to them quite a bit about the gold and they have a lot of things planned for it which I’m confident will ship if my past experience with them is any guide. I guess they could always go belly up but they’ve been around for a few years now and only seem to be growing (I see ads for them on Facebook all the time) but no where else probably because I block ads. You can ask me any questions about it as well because I’m sure I’m forgetting some things.

3 Likes

Thanks so much, I’ve been wondering about it. Keep us apprised of any progress or other info about it. :slight_smile:

1 Like

No problem. I’ll update after I’ve played around with the gold unit for a bit.

Hi,

I also find good and one-time pay hardware for my home network security and that is dmoat I pay 100$ for the hardware and from last one year, it is working fine and secure my home network. the big advantage of dmoat is every day they update their software to secure your devices.

1 Like

Greets. Any thoughts on the Gold?

1 Like

Nobody has posted any updates but it appears to have launched, pricing is close to that of a mid-level netgate product.

Yeah, the thing is absolutely fantastic! I forgot about updating on here I’ve been so busy. They just pushed an update out the other day with some nice features. Here is a link with more info on that. I’ve taken advantage of the docker container support and have a couple pihole’s running for different vlans. Also the SQM feature seems to help a lot with bufferbloat. Their support is top notch as well. The only thing it won’t do is look into the application layer but most people aren’t doing that at home anyway since it involves certificates and such. There is so much it does now I can’t just list it all on here now it’s better to look through their forums and see there through that link. But if you have any specific questions I can answer them here.

2 Likes

Although busy, thanks for the quick reply!

The problem I see with the blue and red, is they only have ONE network port. That makes no sense for a firewall/network perimeter device. I’d expect at least 2 ethernet ports.
@Networking-Nerd389 Thanks for following up, revising my buying plans a bit I think. :slight_smile:

I agree. The red and blue are definitely not for people like us. The gold on the other hand I would say is. Policy based routing and WireGuard coming in next release I believe too.

2 Likes

So VLAN group assignment is possible & LACP?