Short Answer: NO, please don't.
Recently, the NSA (National Security Agency) recommended that users reboot their routers once a week. This is a valid "best practice" for standard consumer routers. (References: Best Practices for Securing Your Home Network, National Security Agency; NSA Warning—Reboot Your Internet Router Now, forbes.com).
Consumer routers often have a reputation for needing reboots because their software is less stable or slower to receive updates. Rebooting is an easy way to fix issues like memory leaks and bugs. While this may not be true for all vendors, it is a common concern behind this recommendation.
However, Firewalla is different. It is modeled/architected after enterprise routers and data center networking gear, meaning routine rebooting is not required. In fact, we do not recommend rebooting unless there is a specific issue or reason to do so.
Stability and Security Go Hand in Hand:
Firewalla's software architecture is modeled after enterprise-grade equipment. Instead of using common consumer router firmware (OpenWRT-based Linux), Firewalla uses Ubuntu as a base, the same operating system that runs the "cloud." Not only is Ubuntu more stable, but it also inherits some of the "goodness" of its security baseline from data center usage.
Firewalla software is based on Ubuntu, a Linux distribution that runs enterprise data centers.
Firewalla software, by design, is not to reboot and can self-protect if things go wrong.
Built-in health checks and watchdogs detect and recover from issues automatically, without needing a reboot. (Similar to other enterprise-grade software.)
(This is one of our older units ... up 1568 days uptime.)
Reboot to Update?
Firewalla is engineered to be updated without rebooting and with minimal interruption to your network traffic. All updates are automatic and mandatory. This will guarantee any potential issues are fixed without delay.
Reboot to Remove Threats (Persistent Bad Code)?
Being a security device at heart, Firewalla is designed to protect itself from intrusions, including:
- Blocking unauthorized inbound access (Ingress Firewall)
- Monitoring and alerting on suspicious behavior (Active Protect)
- Providing visibility into network activity and attacks
Please make sure you do not remove Firewalla's recommended configurations, such as the Ingress Firewall, Active Protect, etc.
With automatic updates, IDS/IPS/Firewall, and self-monitoring, using Ubuntu, it will be very hard for attackers to persist malware in memory.
Will a Reboot Ever Be Needed?
We do not recommend rebooting the unit unless absolutely necessary (for example, if your Firewalla has no Internet and you cannot connect to the box via the local network or Bluetooth). If you're experiencing any issues with your Firewalla, please contact our Support Team at help@firewalla.com.
Where is the Security?
For better security, Firewalla will need to "remember" the past and retain short-term memory of moments ago (similar to the human brain). Based on this large set of memory, Firewalla can identify behavior-based events.
Short-term memory includes:
Your actions on system alarms (e.g., mute, allow, or block)
Recent interesting flows
Gathered statistical data
When you reboot the unit, Firewalla will lose some of its short-term memory. It will need to accumulate short-term interactions with you again (such as your interactions with recent alarms, flows, DNS requests, and blocks).
When this memory is lost, the system will become less efficient and will need more time to re-learn "normal" behavior for your devices.
Comments
0 comments
Please sign in to leave a comment.