All in on Firewalla
Published Mar 22, 2023 01:19 am
I have been using Firewalla since the very first Kickstarter model, and last weekend, I have decided to go all in. For the longest time, my Firewalla RED (original Kickstarter model) was running in "Simple" mode - monitoring my home network and weeding out unwanted traffic. This configuration was migrated to the newer, more powerful Firewalla Purple. Last weekend, I re-flashed the Firewalla Purple model's firmware and configured it to act as my router. Whilst the built-in on-boarding, via the mobile app, was straightforward, I had to dig deeper to configure it according to my taste.
First off was to change the DNS provider that the router is getting from the ISP. From here, I tinkered with several ways to manage the DNS settings of all devices behind the router. Firewalla Purple has Ad Blockers, Family Protect, and Safe Search settings that essentially protects every device. This should be sufficient for most, but not for a stickler like me who likes more control.
DNS Resolution Process of Firewalla c/o [Firewalla.com](http://firewalla.com/) Whilst all the ways DNS queries that can be processed by Firewalla are available to me, but I opted to keep it simple. Ad Block enabled, DNS Boost enabled, a couple of rules (including adding the [OISD.nl](http://oisd.nl/) database) and then straight to DNS over HTTPS (DoH) to [NextDNS.io](http://nextdns.io/), where I have full visibility and control of filtering and blocking. I could use Unbound for more privacy, but opted not to (at least not yet). New devices are automatically quarantined and not provided access to the network. Firewalla Purple also acts as the DHCP server providing IP addresses to the devices. Whilst you can assign or reserve an IP for specific MAC addresses, there is no way to assign DNS servers for each client, like normal DHCP servers do. Firewalla Purple handles DHCP for IPv4 and IPv6, which is great, specially when your ISP provides IPv6 connectivity. Unfortunately, though, DoH prefers using IPv4 connections, instead of IPv6. Whilst Firewalla Purple can open up specific ports and/or put a device under the DMZ, I opted to keep it turned off, and instead enabled its VPN server. So, whenever I need to connect to my home network, I just tunnel through the VPN. Firewalla devices run Linux, so the mobile application provides a setting that allows you to turn on the SSH server, for those times when you need to be a CLI-ninja! In my case, I use it for my iOS/macOS Shortcuts.
My network at a glance
With Firewalla Purple on router mode, I have better monitoring and control of my network. At a glance, I can find out when my ISP is having issues (high latency is displayed in yellow, service disruption in red), along with the total data that as transferred for the month and the number of alarms recorded (large data transfers, security issues, open ports, etc.). Firewalla also provides a browser-based interface, but it is not as feature-rich as the mobile application.
All Firewalla models provide intrusion detection and intrusion prevention services, with databases kept up to date without added subscription cost. This is what sets it apart from the rest of the small, home-office routers in the same price range.
The Firewalla Purple is sufficient for my needs at the moment, but the more powerful Gold model provides more Ethernet ports and more network controls. Do I have plans to upgrade? Not in the near future, perhaps when I have enough donations from you, dear readers.
DNS Resolution Process of Firewalla c/o [Firewalla.com](http://firewalla.com/) Whilst all the ways DNS queries that can be processed by Firewalla are available to me, but I opted to keep it simple. Ad Block enabled, DNS Boost enabled, a couple of rules (including adding the [OISD.nl](http://oisd.nl/) database) and then straight to DNS over HTTPS (DoH) to [NextDNS.io](http://nextdns.io/), where I have full visibility and control of filtering and blocking. I could use Unbound for more privacy, but opted not to (at least not yet). New devices are automatically quarantined and not provided access to the network. Firewalla Purple also acts as the DHCP server providing IP addresses to the devices. Whilst you can assign or reserve an IP for specific MAC addresses, there is no way to assign DNS servers for each client, like normal DHCP servers do. Firewalla Purple handles DHCP for IPv4 and IPv6, which is great, specially when your ISP provides IPv6 connectivity. Unfortunately, though, DoH prefers using IPv4 connections, instead of IPv6. Whilst Firewalla Purple can open up specific ports and/or put a device under the DMZ, I opted to keep it turned off, and instead enabled its VPN server. So, whenever I need to connect to my home network, I just tunnel through the VPN. Firewalla devices run Linux, so the mobile application provides a setting that allows you to turn on the SSH server, for those times when you need to be a CLI-ninja! In my case, I use it for my iOS/macOS Shortcuts.
My network at a glance
With Firewalla Purple on router mode, I have better monitoring and control of my network. At a glance, I can find out when my ISP is having issues (high latency is displayed in yellow, service disruption in red), along with the total data that as transferred for the month and the number of alarms recorded (large data transfers, security issues, open ports, etc.). Firewalla also provides a browser-based interface, but it is not as feature-rich as the mobile application.
All Firewalla models provide intrusion detection and intrusion prevention services, with databases kept up to date without added subscription cost. This is what sets it apart from the rest of the small, home-office routers in the same price range.
The Firewalla Purple is sufficient for my needs at the moment, but the more powerful Gold model provides more Ethernet ports and more network controls. Do I have plans to upgrade? Not in the near future, perhaps when I have enough donations from you, dear readers.