Gold Plus Suitability
I'm considering a Gold Plus
I'm wondering if I should. I like the features, think the data offered on network use would be a nice thing.
If I do this, I'll have to swap it in as router. I have a well functioning network so I don't want to find that this box will not perform for me.
Any input will be appreciated on suitability for my use case.
I understand that the inbuilt DDNS is only for the firewalla DDNS, but you can in fact install ddclient. If true, no worries on the DDNS.
My current setup:
1 ASUS RT-AX86U running Asuswrt-Merlin as the router
This provides DHCP including static IP address assignments, DDNS, Forced DNS redirection to piholes, port forwarding of 3 ports to both IPv4 and IPv6 (via routes for IPv6)
Static Address Devices
1 ASUS RT-AX58U running ASUS stock as AP
2 managed switches
1 unmanaged switch
2 MoCA devices
1 proxmox with 6 containers 1 NIC for proxmox management, 1 NIC for container bridge
1 networked printer
2 Davis PWS devices
1 HDHR cable tuner
1 Sony 'smart' TV
1 Bose 500 speaker
4 Nest smoke/CO alarms
1 smoker controller
1 LG washer
1 LG dryer
1 garage door monitor
4 Kasa smart plugs
8-10 PCs, phones, tablets.
Google DDNS to point to 2 webservers, 1 mosquitto server run in house
This is a pretty straightforward network.
Ideally, use Gold Plus in Router mode. That's where you get the biggest bang for your buck. If you want network segmentation you will need a managed switch and APs that support 802.1Q VLANs.
You can probably reuse your switches. You can use the router in AP mode but I don't think that one supports VLANs so if that is something you want to do in the future, you could upgrade your APs.
Firewalla has built in DDNS if that works for you. You can turn it off, but then you have a little more work to do if you want to use things like the VPN Server.
Another other cool features to consider are Link Aggregation if applicable to your ISP or switches.
There is an actual DDNS built into every firewalla. Firewalla uses it for things like VPN Server among other things. If you prefer to use your own DDNS, that's fine too. You can run the IP updating software from your network or, if it is capable of running on Ubuntu you can probably ssh into Firewalls and run it there.
There is very rich port forwarding with the ability to be very specific about what can get in and what can't.
What other things are you looking for?
Thanks for the reply.
I had considered running on a machine on the network, but also found the scripting ability of the Gold Plus. I think it should be doable. So, DDNS sorted.
Port forwarding. I see nothing too in depth. Basically most of the info relates to IPv4 and/or UPnP.
Those are nice to know and partly answered my question.
Two things are needed to make the go/no go decision.
IPv6 ports to an internal IPv6 address. Can it be done on this device? If routing is the only way, is it available/usable?
For IPv4 and IPv6, hairpin ability. Meaning when someone inside the LAN uses the webserver (www.example.com), will they connect? Some routers do, some don't without workarounds, some actually won't without creating local DNS entries to prevent the external IP from being used internally.
My mistake is to use the wrong term when it comes to IPv6.
There isn't port forwarding as such.
The firewall needs to pass that traffic to the target device. I also need the hairpin.
Sorry for being confusing. I was using shorthand (how I think about this) and it makes it difficult for others to give me a lucid reply.
Please sign in to leave a comment.