Looking for a Firewalla product but not sure which one to choose? Find the best fit for your needs and protect your network with Firewalla.
- There is no subscription fee for all products
- A mobile phone is required to use all products
- Packet Processing Speed is how fast the unit can run full IDS/IPS/3x Regions blocked and 1000 entry target rule list. Make sure your WAN speed is lower than or equal to this speed.
Quick Comparison Between Products
Ports (**) |
Packet Processing Speed (*) |
Wi-Fi |
Best For |
|
|---|---|---|---|---|
Gold Pro |
2x 10 Gbit + 2x 2.5 Gbit | 10 Gbps | No | Large networks, highest device count, fastest speeds |
Gold Plus |
4x 2.5 Gbit | Up to 5 Gbps (with LAG) | No | Medium networks, small businesses with dual WAN |
Gold SE |
2x 2.5 Gbit + 2x 1 Gbit | Up to 2 Gbps | No | Medium networks |
Purple |
2x 1 Gbit | Up to 1 Gbps | Yes (short range) | Small networks, travelers, remote work |
Purple SE |
2x 1 Gbit | Up to 500 Mbps | No | Most affordable option for small setups |
(*) Your WAN speed should be less than this.
(**) All RJ45 ports can run multiple speeds.
Exclusive Gold Features:
- Port-based and unlimited VLAN-based segmentation
- Multi-WAN support
- Advanced Active Protect
Ports(**) |
Wi-Fi Radio |
Mountable |
PoE |
|
|---|---|---|---|---|
AP7 Desktop |
1x 10G + 1x 2.5G RJ45 | Triband 2.4GHz 2x2, 5GHz 2x2, 6GHz 4x4 | No | No |
AP7 Ceiling |
1x 10G (PoE+) + 1x 2.5G RJ45 | Triband 2.4GHz 2x2, 5GHz 2x2, 6GHz 2x2 | On the ceiling or wall | PoE+ support (IEEE802.3at) |
Exclusive AP7 Features:
- Requires a Firewalla Gold or Purple box in Router or Bridge Mode
- Tri-band Wi-Fi 7
- VLAN Segmentation + VqLAN Microsegmentation
- WPA/WPA2/WPA3 Security + PPSK (Personal Key with WPA2)
- Mesh capable with Ethernet or Wi-Fi backhaul for flexible expansion
- (**) All RJ45 ports can run multiple speeds
Learn more
Full Hardware and Performance Comparison
Purple SE |
Purple |
Gold SE |
Gold Plus |
Gold Pro |
|
|---|---|---|---|---|---|
| Packet Processing Speed | 500 Mb | 1 Gb | >2 Gb | >5 Gb | 10 Gb |
| Memory | 2 GB | 2 GB | 4 GB | 4 GB | 8 GB |
| Number of Ports | 2 x 1 Gbit | 2 x 1 Gbit | 2 x 2.5 Gbit 2 x 1 Gbit |
4 x 2.5 Gbit | 2 x 10 Gbit 2 x 2.5 Gbit |
| Active Protect Entries * | 20,000 | 20,000 | 40,000 | 40,000 | 80,000 |
| CPU | 64bit Quad Core ARM 1.2GHz | 64bit Six-Core ARM 1.6GHz - 2GHz | 64bit Quad-Core ARM ~2GHz | 64bit Quad-Core Intel 2GHz (AES NI) | 64bit Quad-Core Intel 3.2GHz (AES NI) |
| OpenVPN Speed (server&client) |
60 Mbps | 120 Mbps | 100 Mbps | 120 Mbps | 500 Mbps |
| WireGuard Speed (server&client) |
220 Mbps | 500 Mbps | 350 Mbps | 500 Mbps | 2 Gbps |
| WireGuard Server Client (max) | 25 | 25 | 25 | 25 | 50 |
| VPN Client | 5 Active | 5 Active | 5 Active | 5 Active | 10 Active |
| Storage | 16 GB | 16 GB | 32 GB | 32 GB | 32 GB |
| WiFi WISP (WAN) | - | Yes | - | - | - |
| WiFi LAN | - | Yes | - | - | - |
| Console Port | - | - | - | 1 | 1 |
| Power (Watt) | ~7W | ~7W to 9W | ~6W to 10W | ~10W to 15W | ~17W to 33W |
| Size | 9 x 6 x 3 cm | 9 x 6 x 3 cm | 13 x 10 x 2.6 cm | 13 x 11 x 3.4 cm | 21.7 x 16.5 x 4.3 cm |
| Weight | 3.52 oz / 100 g | 3.84 oz / 110 g | 15 oz / 427 g | 19.9 oz / 565 g | 38.5 oz / 1090 g |
| Operating Temperature (with airflow) |
32°F to 95°F | 32°F to 113°F | 32°F to 113°F | 32°F to 113°F | 32°F to 122°F |
| Compliance / Certifications | FCC, CE, RoHS, UKCA | FCC, CE, RoHS | FCC, CE, RoHS | FCC, CE, RoHS, UKCA | FCC, CE, RoHS, UKCA |
Software Features Comparison
- All Firewalla units use the same software.
- For software release updates and release notes, see here.
Purple / |
Gold |
Gold Pro |
|
|---|---|---|---|
| Protect Features | |||
| Inline Firewall | ✔ | ✔ | ✔ |
| Active Protect - Default (up-to-date threat detection and prevention for the whole network) | ✔ | ✔ | ✔ |
| MSP Active Protect (extended behavioral-based detection) (Firewalla MSP only) | ✔ | ✔ | ✔ |
| Device Active Protect (auto-restrict IoT device access) | ✔ | ✔ | |
| Active Protect - Suricata (open-source IDS/IPS) | ✔ |
||
| Visibility & Monitoring Features | |||
| Deep Insights | ✔ | ✔ | ✔ |
| Alarms | ✔ | ✔ | ✔ |
| Bandwidth and Monthly Data Plan Monitoring | ✔ | ✔ | ✔ |
| Network Performance Monitoring | ✔ | ✔ | ✔ |
| Firewalla AI Assistant (FireAI) | ✔ | ✔ | ✔ |
| Core Management Features | |||
| Device Management | ✔ | ✔ | ✔ |
| Device Groups | ✔ | ✔ | ✔ |
| Manage Rules (Allow, Block, Domains, Categories, Applications) | ✔ | ✔ | ✔ |
| Ad Block | ✔ | ✔ | ✔ |
| Target List | ✔ | ✔ | ✔ |
| Blocking Flows | ✔ | ✔ | ✔ |
| New Device Quarantine | ✔ | ✔ | ✔ |
| Geo-IP Filtering / Regional Blocking | 10 countries | Unlimited | Unlimited |
| Web Portal Access | ✔ | ✔ | ✔ |
| MSP (container-based email login, reports, manage multiple boxes at once, ...) | ✔ | ✔ | ✔ |
| DNS and Internet Services Features | |||
| DNS over HTTPS | ✔ | ✔ | ✔ |
| Unbound | ✔ | ✔ | ✔ |
| Unbound (DNS) over VPN | ✔ | ✔ | ✔ |
| NTP Intercept | ✔ | ✔ | ✔ |
| IPv6 | ✔ | ✔ | ✔ |
| DDNS | ✔ | ✔ | ✔ |
| Parental Control Features | |||
| Family Protect | ✔ | ✔ | ✔ |
| Safe Search | ✔ | ✔ | ✔ |
| Family Time/Social Hour | ✔ | ✔ | ✔ |
|
Disturb |
✔ | ✔ | ✔ |
| Users (activity tracking, app time limits) | ✔ | ✔ | ✔ |
| Content Filtering (adult, gaming, video, ...) | ✔ | ✔ | ✔ |
| VPN Features | |||
| VPN Server - OpenVPN | ✔ | ✔ | ✔ |
| VPN Server - WireGuard | ✔ | ✔ | ✔ |
| VPN Client (Router Mode only) | ✔ | ✔ | ✔ |
| Site to Site VPN | 1x connections |
10x connections |
20x connections |
| VPN Devices Management & Flows | ✔ | ✔ | ✔ |
| Smart Queue Features (Router Mode only) | |||
| Advanced Smart Queue | ✔ | ✔ | ✔ |
| Traffic Shaping and Rate Limit | ✔ | ✔ | ✔ |
| Application Prioritization | ✔ | ✔ | ✔ |
| Active Queue Management - FQ_CoDel | ✔ | ✔ | ✔ |
| Active Queue Management - CAKE | ✔ | ✔ | ✔ |
| Advanced Features | |||
| Custom or 3rd-party software installation | ✔ | ✔ | ✔ |
| Docker Containers | ✔ | ✔ | ✔ |
| SSH / Root Access | ✔ | ✔ | ✔ |
| Deployment Modes | |||
| Router Mode | ✔ | ✔ | ✔ |
| Transparent Bridge Mode | ✔ | ✔ | ✔ |
|
Simple & DHCP Mode |
✔ |
✔ |
✔ |
| Router Mode Features | |||
| WAN (PPPoE, Static IP, DHCP, Triple-Play) | ✔ | ✔ | ✔ |
| Network Segmentation (preset network types, inter-network traffic rules) | VLAN Only | ✔ | ✔ |
| VLAN | 5 Max | Unlimited | Unlimited |
| Policy-Based Routing - WAN | ✔ | ✔ | ✔ |
| Policy-Based Routing - VPN | ✔ | ✔ | ✔ |
| Multi-WAN - Load Balancing + Failover |
Wi-Fi+Ethernet (Purple/Orange) Wi-Fi SD+Ethernet (Purple SE) |
✔ | ✔ |
| Link Aggregation (802.3ad) | ✔ | ✔ | |
| AP7 Controller Support | ✔ | ✔ | ✔ |
For a full list of features, check our user manual.
Disclaimer: some of the features above may be in beta, and eventually be in production mode.
* Active Protect Entries:
Active Protect Entries refer to the relative scaling capacity of a unit. Some units have more memory and can apply a greater number of rules. For example, due to its memory limitations, the Firewalla Purple series has a maximum limit on how many countries it can block and how many VLANs it can create.
If you have a large network or complex rules with more things to block, consider a unit with more Active Protect Entries, such as the Firewalla Gold, Gold SE, or the Gold Pro.
Comments
22 comments
Are there any subscription fees? Or do I just buy the hardware?
No, there is no subscription fee…
You just buy the hardware and download the free mobile App.
I have Gigabit fiber to my house. I like all the features of BluePlus but don't need the enterprise capabilities of Gold.
Will the packet processing speed of Blue Plus just end up throttling my 1 Gigabit fiber? Can I get a blue plus (feature set) with Gigabit throughput?
The Blue Plus will throttle your speed to around 500mbit. This is not an artificial limit, but rather the CPU doesn't have enough power to sustaining examining packets at gigabit speed.
I really need the features of gold but our speed right now is not in the range stated. We are running at about 25-30 mbps. Will the firewalla gold work with this internet speed?
@Jason, Gold will work with any speed less or equal to gigabit.
I work from home and need good internet reliability, so I have 2 Internet providers - one via cable modem and one via dsl. I could write scripts to leverage Linux advanced networking to create an automatic active/active connection, but I'm wondering if it would be easier to drop a Gold in and be done with it. Is this something that would be fairly straightforward?
@JJ, you should get the Gold, it can do standby/failover or load balancing between two different WAN, more information here https://help.firewalla.com/hc/en-us/articles/360051575473-Firewalla-Gold-Feature-Guide-Multi-WAN
will packet processing speed affect my internet speed? just say my internet package is 1Gbps and i buy blue which has a limit of 500Mbps packet processing speed, will it slowdown to read the packets in SME organization?
The packet processing power is the total CPU power to dig into your network. For example, if you have a blue+, and it is rated 500mbit, this means if your total bandwidth is 1gigabit, once that passes through Firewalla, it will get shaped (reduced to) 500mbit. You can stop monitoring devices to bypass firewalla monitoring, then that traffic is not shaped, it will be 1gbit.
On the Gold it is rated 3Gigabit, this means the gold can process 3 gbit of traffic in parallel. Since each port is 1gbit, the 3gbit is the aggregation of all traffic flowing (LAN to WAN, and LAN to LAN if you are segmenting)
Hi, What if I already have a VPN services, Can I integrate with Firewalla? by example: ExpressVPN.
Best Regards.
@Rojas, the feature is VPN client, which allows you to use third-party VPN services. https://help.firewalla.com/hc/en-us/articles/360023379953-VPN-Client
Hi Firewalla Team, should the operating temperatures in the comparison be in Celsius instead of Fahrenheit? It just seems like some low values for embedded devices. 45C/113F for a max temperature on my FW Purple seems extremely low. Especially since I'm running consistently at 60C with peaks around 80C. Thanks a bunch, I'm definitely interested in the real op temps.
@Noah, these are operating temperatures, which is the local ambient environment at which a Firewalla operates. (or just the room temperature).
is Active Protect, Deep Insights, Ad Block, Family Protect, Safe Search, and Family Time/Social Hour available when in bridge/transparent mode?
@USTSG Yes, they are supported. However, VPN client & Policy-based routing are not supported in bridge mode.
Does the router replace my Comcast router?
@kirk, it depends. Best look at article and follow the xfinity example https://help.firewalla.com/hc/en-us/articles/4411167832851-Firewalla-Router-Mode-Configuration-Guides#h_01FQZAFRQ5QAXQZBJ76GK204H7
Does the purple SE have wifi build-in?
and for the firewall speed it 500M or 50M? as I read from the review its 50M only.
Do you have disti/reseller for indonesia?
Purple SE does not have WiFi, but it can use wifi SD as a secondary WAN.
Firewalla speed of the Purple SE is 500 Megabits. (with IPS/IDS on, all of our quoted speeds are with IDS/IPS on, a few country blocks)
You will have to buy direct from us
Just setup Firewalla Gold Plus inside Starlink --- fantastic router with pretty easy setup, thank you very much for a fantastic appliance!
Can you please make a switch to complete the package for wired VLANS to work with your APs?
Please sign in to leave a comment.