Help us make the Firewalla Gold 10Gbit Unit
Featured
-
@Federico Iezzi: Simplicity and reliability is why I got rid of VLAN's in favor of everything on two isolated LAN's. I also take advantage of the Eero (in bridge mode) Guest network to isolate lots of insecure IoT stuff since guest devices can only talk to the WAN (if I ever need a similar wired isolation, enterprise level switches can do the same thing).
I no longer need to have backup smart switches for reliability in case one fails. I don't have to configure smart switch VLAN's. And I have a number of routers that I have previously used and support for others which are easy to swap in place of the Firewalla Gold+ should it die. Plus I eat my own dogfood, meaning that I configure and support routers for friends and some businesses, so it needs to be simple for them to support.
That said, I agree with that Firewalla can have a simpler and less expensive router like the FWP if they restrict LAN ports. However, users are asking for support for 3 WAN ports from Firewalla, so I don't see how a high end 10Gbps router can get away with less than 4 ports. Plus, how is a single LAN port going to have the bandwidth to drive the WAN ports at full speed. Example: One WAN at 10Gbps, another WAN at 2.5Gbps means a 10Gbps LAN port restricts the WAN throughput to 10Gbps instead of 12.5Gbps.
-
I've already modified the community feedback requirement to have 2 2.5gbit ports, a total 4 ports.
Unfortunately, we are not considering virtual instances at the moment. It is just too hard to maintain and we have no capabilities to support all the different environments out there. Having a dedicated hardware is a lot easier for us.
-
What is the pre-requisite cable for 10Gbps? Cat8 cable? or?
1. Probably will be good to have user to self upgrade the ram if there is..
2. Firewall rules should have block all except allow by user? As currently, it's allowed and notification, meaning the traffic pass thru. Before could be mute/block.
3. The wifi dongle should still be intact for "emergency" access
4. Will it have additional cooling system?
Overall the product is great. Thank you. -
Cat6e and Cat7 are more than enough for 10gb. Cat8 is rated for 40Gb ... it is bananas for anything less :) lol. I had to lay anything in the ground it is optical all weather. In walls copper.
As to the comment from firewalla that you have to support other environments I get the thought but choose a VSA standard with a specific hypervisor and then it is on the user to make sure that the hardware is on the HCL. But hey, I get the desire to control the harware. (I don't agree and I know how it can be done easily. But that's fine)
-
@1980cyber - To go from RJ45 to fiber/SFP+, you need an expensive media converter box that tends to run from $100 and up. Some ISPs will provide one as they know that consumer gear rarely has SFP+ ports or fiber ports directly on it.
But if the unit has SFP+ ports, you have options for fairly inexpensive SFP+ modules that give 1G, 2.5G, 5G and 10G RJ45 and Fiber connections. So it presents the ultimate flexibility.
My understanding is that going with something with all SFP+ ports would be the least expensive option for the main unit. Then offer bundles for those that don’t want to buy SFP+ modules. Offer the unit with 1 to 4 trusted/certified SFP+ to RJ45 or fiber modules or a mix of them.
As it stands, I see a number of people that are either “if it has SFP+, i won’t buy it” or “if it doesn’t have SFP+, I won’t buy it”. And packaging with both RJ45 and SFP+ adds cost to the base unit.
I did a quick, very unscientific search on AliExpress for switches that supported 10GE to see what the options and price differences were. You can get switches with 8 x 10GE SFP+ ports for as low as $90, but the lowest I saw an 8x 10GE switch with RJ45 was $200. So there is clearly a price premium for RJ45 10GE ports. And yes, the SFP+ modules can cost anywhere from $15 - $30 each depending on brand and if you want fiber (lr or sr) or RJ45.
So if Firewall can knock $120 off the price of the core unit and make available SFP+ modules for either use case for $30 ea, it would cost the same but be much more flexible.
-
Are you talking about the RJ45 SFP+? The adapter that makes the SFP+ port into RJ45? Amazon has it for $30, I have been using that to connect my Aruba switch with another 10Gbit (RJ45) backbone switch.
The advantages of RJ45 are
- cabling is cheap and forgiven
- RJ45 can support 1G, 2.5G, 5G, and 10G (I hope firewalla can do this!!!)
- works great on the LAN side (I have eero wifi 7). AP's are not SPF+; they are RJ45 POE
I also don't mind if firewalla can come up with a 10Gbit switch :)
-
Just out of curiosity, how much more would it cost to change the 2.5Gbps ports to 10Gbps ports so all 4 ports would be 10Gbps? I understand that the throughput of the proposed router can't handle 40Gbps throughput. In fact, your description seems to indicate the total throughput may be limited to 10Gbps with fq_codel.
So we can already overload the throughput limit with 2x10Gbps plus 2x2.5Gbps. So why not all 10Gbps ports if the cost isn't significant? I know another router manufacturer who told me that moving from 1Gbps to 2.5Gbps had almost negligible cost, but I don't know about 10Gbps ports.
This is kind of a selfish request in that I would like to be able to standardize the first and second ports to be dual-WAN and the third and fourth to be LAN similar to how I've configured Gold and Gold+ for people so it is easy to upgrade them with no re-education as they will only have one 10Gbps WAN with the second WAN being a backup and not needing 10Gbps, but at least one LAN needing 10Gbps.
When I reflect upon this, why burden people with figuring out what port they must plug into? Let people just be burdened with figuring out how to meet the throughput limit which they are going to have to do regardless of having some 2.5Gbps ports or all 10Gbps ports.
-
The cost of a 10Gbps MAC is much more expensive, and they are a lot harder to reserve (with the ASIC vendor) than 2.5 Gigabit MAC. Plus, if we add another two 10Gbps, the CPU will have to handle 20Gbit (instead of 10Gbit), which will strain the system + heat + add cost.
Two extra 10Gbit MAC will also increase the board size, the amount of heat sink used, and likely require the fan to be running all the time.
-
@Firewalla it looks there’s split of opinions.. We know at the end you’re gonna venture what’s more beneficial for Firewalla’s future.
Maybe you can just think of create two revisions 2 x sfp+ x 2 Rj45 2.5Gb and the other would be 2 x 10Gbe Rj45 x 2 2.5Gb and the production will 25% for the sfp+ and 75% for the Rj45 ports ? -
Another consideration, maybe you can usher in a new generation of Firewalla. the possibility of a Firewalla OS 2.0 not just new hardware, but the ability to grow the software with additional features. I would love to see configuration options like IPv6 subnet assignments, Router Advertisement control so users may have DHCPv6 stateful, stateless or both.
-
I have several multi-rate RJ45 SFP+ adapters, they work quite well. They negotiate at 10gig, and support 1/2.5/5/10 Ethernet.
10Gtek 1.25/2.5/5/10G-T SFP+ to RJ45 https://a.co/d/gZMw0gu
-
I still don't get the SFP+
- If LAN, most people should use RJ45 in-house ... If just to connect to that switch, a simple $30 RJ45 SFP+ will work nicely.
Is it that you WAN coming into the property is SFP+ cable? not a SPF+ port? if it is SFP+ port, you can also get that $30 adapter.
-
My ISP runs fiber directly to the router and provides an SFP+ adapter to plug directly into the router.
I believe a fiber converter for 10gig is about $100 and would need to be plugged in (another power brick). It also gives an additional point of failure. If the firewalla had an SFP+ port, I could plug my ISP fiber SFP+ directly in.
-
And please, please, build in a local web server for the entire configuration experience. Having a phone/tablet app is fine...don't drop it. But we REALLY REALLY need a local browser UI that we can use a on a desktop. The lack of a local web UI and backup/restore are my two TOP complaints.
-
@1980cyber Some ISPs are fiber only, and have specific authentication protocols that are needed if you want to totally bypass their (usually sucky) router. But giving us the ability to use a SFP+, there's a MUCH higher chance such people with tight fisted ISPs could totally bypass all ISP equipment and authenticate directly via the Firewalla (or a CLI add-on package).
-
For us to push forward and not add any more cost to the unit, we are going to go with
- 2x2.5Gbit (RJ45 operating at 100Mbit, 1Gbit, 2.5Gbit)
- 2x10Gbit (RJ45 operating at 1Gbit, 2.5Gbit, 5Gbit, 10Gbit)
- 4GB of RAM (we will ask them to make this as a module) xxx
- A variable speed/silent fan
- Delivery by Christmas 2024
We will submit this to our ODM first thing Monday morning and have them give us a final quote and timeline of the project. If we can sell the unit below 1000 dollars, we will officially kick off the project and pay the deposit.
Due to the broad interest, we will likely do a pre-sale to drive down the price further.
The above process will likely take about one week.
Here is our designer's render of the latest.
-
I didn’t sign up for this as I have no need for the design, but I do appreciate the work by Firewalla to push the boundaries.
Right now, the Gold is more than what I can use and if they ever do connect the fiber run through my neighborhood last fall, I’ll likely only go with 1 or 2 Gbps service at the most and they use fiber handoff. So the Gold+ is more than what I need.
What I’d love to see and might make this more interesting would be to see PoE support on it for situations where I may want to run 1-2 APs directly off the FW and not need a separate switch with PoE.
Or even if firewalls came out with a managed switch with 2.5 G PoE that could be managed through the app. That way I had one interface to manage VLANS vs 2 or more.
I use TP-Link APs currently and run their Omada controller and it works well for what I need.
-
PoE is an entirely different story. If everyone agrees wifi7 is the future, then we will have to provide something like PoE++ (60W) for wifi 7, and lower end wifi 7 may work with PoE+ (30W). If two of these, it will likely increase the price a lot.
There are suggestions that we produce a simple switch, this may be possible if we find the right vendor with something already in the market and port some of our code to it.
Please sign in to leave a comment.
Comments
876 comments