Firewalla Gold pre-setup advice
Hello Firewallas,
I'm a new owner of a Firewalla Gold. I had some quick questions for folks here pre-setup that I hope might save me a lot of angst and colorful language. :)
I'm wondering if most people setup their Gold as a router or go with one of the two 'add-on' modes?
If the latter does anyone also own a Fingbox? I like the way my Fingbox actively blocks any new device joining my network vs. what appears to be a Firewalla notification but no block. Given that in simple mode both devices would use ARP spoofing I have heard there are workarounds to get them to play nicely together but these seem to result in using the Firewalla intrusion notification rather than Fingbox blocking.
Any one have any experience with this?
Secondly, would I be correct in assuming that using Firewalla in router or DHCP mapping mode avoids this issue?
Finally, on a more general level from reading some reviews (post my excited purchase) it appears that the Firewalla perhaps needs to connect to Firewalla's front and backend in order to function? Is this correct and, if so, is this a single point of failure for the system when/if Firewalla's infrastructure goes down? Will I get spammed with notifications and, perhaps more importantly, if I'm in router/DHCP mode will my network still function without a connection to the Firewalla mothership?
Thanks to all in advance.
Cheers,
S.
-
Majority of our users are using the Gold in router mode; This is the best / most optimal mode for the Gold and you can fully utilize things like the smart queue, multiple-WAN connection features ...
The Gold has the quarantine mode, which you can use to apply any policy to new devices. https://help.firewalla.com/hc/en-us/articles/360058853313-Firewalla-New-Device-Quarantine
The last part question, I don't understand, " it appears that the Firewalla perhaps needs to connect to Firewalla's front and backend in order to function".
And lastly, the gold can operate as a router even there is no internet, but you won't be able to communicate with it if you are remote, a local connection should be possible. Also, the security feature will not fully be working since the cloud provide intel ...
-
Thanks so much for the zippy reply and the helpful answers!
The last question is born of issues I have experienced with my Fingbox which have prompted me to supplement my network with Firewalla Gold. The Fingbox connects to a Fing front/backend. In recent times this has been suffering from problems which has resulted in the Fingbox 'disconnecting' - the home network is online, connection to the ISP and Internet stable, the Fingbox powered and 'online', but all Fingbox monitoring and many additional services non functional or in a degraded state for long periods. Because you have a similar Firewalla account which is paired with the FWG device, and due to reading a review where it intimated there was a live connection between this account and the device in operation, I wondered if I might experience any issues similar to those described above which could possibly be more impactful if my FWG was the primary entry point to my network.
Should I to read your statement 'Also, the security feature will not fully be working since the cloud provide intel ...' as suggesting I would experience some degradation of FGW features if/when the cloud infrastructure you mention is unreachable/down/overloaded?
I hope that makes more sense now? :)
Many thanks.
S.
-
You can control all kinds of things on the firewalla. Even what types of alarms to receive see https://help.firewalla.com/hc/en-us/articles/360006083334-Manage-Alarms
-
That's a useful link thanks.
Sorry to be a broken record but is the answer, 'Yes, you will experience certain security features not working if the Firewalla cloud backend suffers from downtime"?
It's not a massive issue because I can use the Fingbox as a redundancy service and the likelihood of both servers being down at once is very small. :)
-
I don't think Fingbox can be used as a redundant service. These two devices are much different. Fingbox is a good device scanner ... the firewalla boxes are inline devices that can see traffic.
Anyway, you should not worry too much about the cloud, modern software has good redundancy so you don't have to worry too much about services going down.
-
I don't think Fingbox can be used as a redundant service. These two devices are much different. Fingbox is a good device scanner ... the firewalla boxes are inline devices that can see traffic.
Anyway, you should not worry too much about the cloud, modern software has good redundancy so you don't have to worry too much about services going down.
Please sign in to leave a comment.
Comments
8 comments