Help us make the Firewalla AP
Pinned Featured
- Building a Zero Trust Network with Firewalla
- Firewalla Tutorial: Segmentation and Microsegmentation with AP7
- Early Access hardware is the FINAL production unit
- AP software in BETA.
-
Compatibility Requirements:
- Gold, Gold Pro, Gold Plus, Gold SE: Must run Beta software.
- Purple, Purple SE: Must run Early Access software.
- Firewalla must operate in Router mode.
- Firewalla App must run Beta software.
- Availability: USA customers only.
- Shipping: 7–37 days post-order, in waves (FIFO).
- Order Limit: Soft limit of 3 units per order; exceeding this may delay shipment
- Early access signup ends 12/30/2024 at 11:59PM PST.
- A coupon (small discount) will be sent to early access sign-ups before 1/2/2025.
- You do NOT need to sign up to order.
- We started an AP7 Community Page, please post your questions here
- Full Integration with the Firewalla Security Stack
- Zero Trust Network Architecture
- VLAN Segmentation and Microsegmentation Support
- Easy to install, managed anywhere
- Wi-Fi 7, faster and more reliable
- Wi-Fi Mesh with Ethernet or Wi-Fi backhaul
- Firewalla running in router mode is required
- 8 Spatial Streams, tri-band, low-power indoor unit
- 10Gbit + 2.5Gbit Ethernet Interface
- Early access and beta are available only in the USA. (EU and other countries TBD)
- Price for beta units with discount: $299 to $349
- Final price after 1/20/2025: We don't know; it depends on the tariff
- Tentatively, early access/beta sale starts in early January 2025
Key Principles of Zero Trust
- Segmentation and Microsegmentation: Divide your network into smaller segments to limit the lateral movement of threats.
- Least Privilege Access: Grant users and devices only the minimum access necessary to perform their functions on the network.
- Continuous Monitoring: Continuously monitor and verify the security posture of all users and devices.
We usually run a pre-sale cycle, but due to the political changes (new President), it is not possible for us to pre-sale and build units without knowing possible tariff impacts. Instead, we’ve used the sale proceeds from BFCM to pre-purchase a batch of units.
The AP7 units should be built soon and be available for ordering. We plan to split the orders into groups: (This plan is still tentative, we may also merge beta+early access together)
- Early Access (for our earliest supporters at the lowest price, available mid- to late-December 2024. Must be running Firewalla Gold (v1 & v2), Gold SE, Gold Plus or Gold Pro in router mode)
- Beta Access (about 1 month later, available mid-January 2025. Must be running Firewalla Purple or Gold series units in router mode)
- Production (to be decided after 1/20/2025)
- For details please refer the the status update section below
All units will have the final production hardware, software will be in early access/beta.
- Limited number of units available
- Limited to 3 units per customer
- Early access unit will be using early access software
- Beta access will be using beta software
The Firewalla AP7 Ceiling Mount will come a couple of months after 1/20/2025. It will seamlessly integrate with the FWAP7 Desktop units.
Spec
- Triband 2.4Ghz 2x2, 5Ghz 2x2, 6Ghz 4x4
- 8 Spatial Streams, 320Mhz channel support 6Ghz
- Network Interfaces: 10Gbit RJ45 + 2.5Gbit RJ45
- VLAN
- PPSK+WPA2 Support (Personal Key)
- Mesh with Ethernet or Wi-Fi backhaul
- Dimensions: 5.43 x 3.15 x 7.48 inch
- Item Weight: 1.4 lb
- Power: 30W
- Compatible with and Required: Firewalla Gold / Firewalla Purple in router mode
Status Update: 12/10/2024
- The initial batch of APs is nearly complete.
- We plan to ship some units by air right around or after Christmas to reduce shipping costs.
- Shipping optimization is under consideration to keep the beta/early access pricing closer to $299.
- Apps version 1.64 and 1.980 are targeted for "early access" release during the week of 12/16. These updates will include exciting new features and code support for the Firewalla AP.
- Sales are expected to begin in early January, with units shipping within seven days of order placement. (The exact date will be confirmed next week.)
Status Update: 12/17/2024
- The Firewalla AP7 is coming very soon!
- We are aiming for 1/7/2025 9 AM PST as the Early Access purchase date, but we'll let you know if anything changes! (if the shipment is late, then this date might be pushed back to 1/14/2025)
-
FYI: The AP7 Desktop (March) price will be set to $355.95
Please do sign up here: https://forms.gle/w3w3VcBszX6BwJYH7; we will send you a small coupon (not as much as the beta units, but still a usable coupon to get a few eggs for breakfast)
This price is factored in the new tariff;
-
@Firewalla: As mentioned by at least one other person here (maybe there are others), please consider an AP7 "Pro" Desktop version with , 12 streams (or more) i.e. minimum 4x4 across : 2.4GHz, 5GHz and 6GHz bands. Your existing offering for AP7: which is 4x4 only on 6GHz is actually a hardware downgrade for some of us. My existing Wifi 6 AP's have 8x8 on 5Ghz and 4x4 on 2.4Ghz. There are still a lot of devices using the 5Ghz band !!
Even if it does not improve range, having more streams results in much faster data transfer/ throughput. Also you may not need as many AP's to handle the same number of clients.
Now I understand there will be people saying that you are not targeting top tier AP throughput performance, but by that reasoning - why did you make a Gold Pro Firewalla? I'm sure there is no shortage of demand for that "high end" model.
So - please consider an AP7 "Pro" offering with faster hardware/ more streams (at higher cost, if that is what it takes). It should have more RJ-45/ ethernet ports (minimum 4 with an integrated switch if needed). Sounds like your manufacturer already has a higher end model?
Please take this as constructive feedback from a Gold Pro user. -
More antennae do have unique problems.
- The price is higher (up to 2x of what we are selling now)
- The Size is bigger. If you want the ceiling version, it is going to be huge. (the upcoming ceiling mount is already 7.5-inch square; a 4x4x4 will likely add 2 inches to each side.)
- Due to size, heat will be an issue for the ceiling-mounted version, so you have more gap between the unit and the wall unless we add a fan...
- Unless you are running this in a crowded space with lots of devices, you are unlikely to see much benefit.
-
While I’m not opposed to having choices, I feel that the price is already at the “Pro” level as it’s significantly more than an equivalent AP from Ubiquiti or TP-Link.
When comparing it to gear from Asus and Netgear, you are really looking for a gamer class device, not a pro.
For me personally, I would like to replace my TP Link Omada to simplify my environment, but not if it costs 2x as much for the same capabilities.
I’m not gaming or doing heavy video editing over WiFi. I have a lot of mobile and IoT devices on my network, but almost none of them support WiFi6 as it’s not needed. Most still only work on 2.4Ghz and have very low traffic needs.
But everyone has their own needs, I just want to make sure that Firewalla puts out a product they can support and that is rock solid.
-
I agree with @heath 100%. Having used the 3 AP7's now for about 2 weeks, I'm blown away. And my reference point is 3 Eero max 7's. All wired backhaul, all the same location. Yet way more stable, and ironically, better range on the FW AP7s. All for the same price (after factoring in the Gold SE) as the Eero Max 7's, with way more customization. At this price it's perfect for me, running 100 devices on network (58 are IOTs - 9 speakers, 11 govee lights, 11 locks and smoke detectors, 17 plugs and bulbs and 11 cameras).
No drops, solid connections, the optimize wifi connection works great and seeing the signal strength per device has been awesome.
-
TP-Link I have not had good experience with so I don't think they compare and have been hacked many times in the past. As far a Omada or Ubiquiti I think you are forgetting about the cost of using their other infrastructure as well as the cloud management costs of those devices. Same would be true for Ruckus.
Those are corporate or enterprise solutions which if you implement properly with their full suite of products/tools cost way more than an AP7.
I finally got one of my AP7s installed over the weekend and the zero trust, microsegmentation(losing 6ghz included) is definitely a plus as I hard-wire all my APs. Those who do wireless back-haul are more impacted of course. If i have to put one outside as well and suspect I will still try to hard-wire it. I am not a fan of wireless back-haul. But I guess I am old school :)
My remaining issues with the AP7 is the lack of coverage/range due to the latest builds as I can't get it to work to Roku's without turning on 2.4ghz. That and some security related things which I am unclear on due to the hard requirement of having to use LANs not VLANs and the required use of VLAN1.
I am probably going to have to put in a dedicated Managed switch just for the APs as I do not use VLAN1 on any of my current switches as it is usually bad security practice to do so. Also, there simply are not enough ports on the back of the AP7 to support the requirements in most larger homes to direct wire them to the back of the firewalla firewall so you will need a switch to connect them to get the port density.
I just hope the next version of the Firewalla firewall has all 10g SFP+ ports as with only two I am stuck with the AP7s uplink from the switch being 2.5gb :( With video streaming the way it is that is just not enough bandwidth with multiple devices which use streaming services or IPTV.
I am just beginning to get the hang of the AP7s as I had a rough start due to the security lock down on my network. So it is slow going, and I don't like to just plug things in and open all ports to install them as I want to know exactly what is required for the devices and only open those protocols/ports.
Having worked with security in the field on a global level including managing CC transaction processing and outsourced services you will be amazed at the holes these types of devices create without proper lock down.
Just my .02 cents..
-
For both this and the AP I think that the best thing would be to get a less expensive device out there and get the software tested and polished. Later on, if the new hardware sells, it will be time to make more advanced versions of the hardware.
I'd have pushed for a WiFi 6E AP to reduce the cost, and an 8-port switch without PoE. Maybe a single SFP uplink port and 7 or 8 2.5GbE ports. KISS :-) (I tend to lag behind with buying WiFi hardware since it takes a while to become good. The stuff that's early to market tends to be expensive and not really that wonderful in terms of stability and reliability. I'd still be running WiFi 5 if I didn't have some mobile devices that support 6 - I wanted to get the improved battery life that's possible with WiFi 6 vs. WiFi 5.)
This "wish list" process just gets people going in all directions and the ask list grows like Topsy. I guess it can work when developing software features, but it is less useful IMO for a hardware project. Firewalla needs to get some affordable devices out there, get people using them, and then look into where they go from there.
We can look at the process for Firewalla routers. They didn't start out with the Gold Pro. They started with much less ambitious hardware. It's taken some time to climb the mountain, but if you go too fast you fall down. :-)
-
@Stuart Make some good points. But that would require some alpha/beta units to be shipped to the field and be tested prior to doing mass production. Not sure Firewalla is willing to invest in that path. I would be willing to participate in this but I do think that SPF+ would be the way to go for those as then you would be able to test both UTP and Fiber in the same test units. What they finalize with for actual production could be a mixture of SFP+ and RJ45s but for field testing which I have participated in with other larger vendors it is good to have the flexibility at the port level to test all use cases. :)
-
@Stuart I am familiar with these as well and have pointed Firewalla to this vendor as I have 3 of there switches I am in the process of switching over to as a core.
2 x CRS326-24S+2Q+RM
CRS504-4XQ-INMy guess is these are still going to be cheaper than the Firewalla switch when produced and mine switch at wire speed on ASICs ;)
-
@Troy - Omada is the business class hardware from TP-Link, and is very different from the commercial stuff.
As to cost comparisons, I don’t have or need WiFi7 at this point, so I don’t use any of those APs. I have a couple EAP-610 and one EAP-245. All were probably around $100 or less per AP when purchased. And I use the software controller on a miniPC I have running Plex and a few other things, so there was no cost there. So for the cost of one AP7, I have a 3 AP setup with a dedicated controller.
But it’s not integrated so I don’t see hostnames on the Omada controller that I have with reserved IPs in Firewalla.
But as someone else said, I have several switches in my environment, including a POE+ and 2x 2.5/10GE switches (10GE between them) to connect some newer devices that support 2.5GE.
So I’m all for a Wifi6E device that is lower cost that I can use to replace my Omada gear.
-
TP-Link is beholden to the CCP, so people outside of China may not want to use their products.
I also wouldn't say that the TP-Link Omada equipment is really business-class. It's still pretty much consumer-grade hardware and software. It just has pretensions of grandeur. :-) (I don't think UniFi is really business-class either. Their Airmax gear is, and some of their other products are, but UniFi is not IMO.)
I know that the appeal of UniFi is the single pane-of-glass, and Omada is kind of a cheap knockoff of UniFi. However, I never found that to be compelling and I used other products that I considered to be better. (Mikrotik, Ruckus, pfSense, Aruba switches...) I've taken this building block approach for many years and it's been flexible and effective.
Ultimately you have to use the gear that you like, so my opinions and choices are my own. :-)
-
@Stuart I too believe in getting best of class gear for each purpose, and sacrifice 'single pane of glass'. My stack is:
Ruckus R770 APs (Wi-Fi 7)
Netgear M4300-16X 10G PoE+ switches (Core/APs)
Firewalla Gold Pro firewall (10G)
I'm very anti-Unifi due to their very spotty firmware record and el cheapo AP antenna design. Yes I have to use multiple UIs to do end to end configuration, but I feel each product is VERY good at its job.
-
@Firewalla: As far as the desktop version of a potential AP7 "Pro" is concerned, the same arguments of heat, size and cost were made for the Firewalla Gold Pro, and yet there is a market for it or you wouldn't be selling it.
Take a look at the Netgear RS700S (hardware specs) - they have put high performance hardware in a form factor similar to the AP7, and it is even a fanless design as far as I can tell. It can be had on sale nowadays for ~$550.
The point is 2x the price of an AP7 "regular" for a 12 stream config is OK (it will still sell just fine). Why don't you do a survey to gauge customer interest in a desktop "Pro" AP7 12 stream offering? I am sure there are people like me willing to wait to get the Firewalla software stack on this kind of hardware (AP7 Pro) - I refused to buy any of the lower spec'd Firewalla firewall units because no amount of software features can compensate for non-performant HW (at least for me). Is there any chance at all that you will put out an AP7 "Pro" offering (at least for desktop)? OR its just not going to happen?
PS: The gold pro is excellent, with good performance. -
Once we have the software ready, it will be extremely easy for us to build pretty much any type WiFi access point. And we sell more units, it is also possible ODM's will look us seriously, and give us more discounts, and priority. (remember, even though we have been around for a while, we are still fairly small compared to a typical consumer vendor... )
-
We are all set for the AP7 Desktop sale on Tuesday, March 4, 2025, at 9:00 AM PST!
- We will send out an official confirmation email during the week of February 24, 2025.
- Those who signed up via the survey will receive a small coupon (enough for a few eggs at a Bay Area Trader Joe's). This is a pre-order discount, a small thank you for helping us with the survey!
- USA only
- Shipping will begin around March 11; it will be in three or four waves.
- We tried our best to order as many as we could based on the survey results. If people are shy about doing the survey, you may want to order early.
- We will have more coming after this wave as well.
- If you are wondering why we are not building enough ... the tariffs make pricing extremely difficult to predict. For a smaller company like us, we usually can't build up inventory when the pricing is fluctuating. The price may go up in the future.
- Ordering link is https://firewalla.com/ap7 (price is what's there)
Ceiling Mount Version (AP7 Ceiling)- USA only
- Sale will start April 2, 2025 (tentative)
- Shipping will begin two weeks after the sale
- Due to parts constraints, we may not be able to ship all orders in April (but we are doing our best).
- Pricing of this unit will be exactly the same as the AP7 Desktop.
-
We always increase the price after the early access/beta period. And yes, the other reason is the tariff added for this batch. Since the tariff situation is still developing (example, qualcomm chips are TSMC or Samsung ...), it is highly likely the price will go higher in the future.
-
@Troy Barwick, we are a small company, and we charge our customers fairly. The tariff is real, and we have no room to 'swallow' this extra cost. Larger companies may have deep pockets and can afford to have a huge inventory, we don't have that much cash; what we do have is passion to make our product better!
-
"world version" is TBD. From our survey, it doesn't look like there is much demand, and since the quantity is small, we don't even know if our ODM can build these. Even if they build, the price will be higher. The certification part is also costly, so even if we build, the world version will likely be CE based first. (EU+UK)
-
"world version" is TBD. From our survey, it doesn't look like there is much demand, and since the quantity is small, we don't even know if our ODM can build these. Even if they build, the price will be higher. The certification part is also costly, so even if we build, the world version will likely be CE based first. (EU+UK)
Indeed very disappointed as well... As a Firewall user, I like what the company has produced and the niche they have filled for enthusiasts and was ready to buy. ( maybe there will be grey market of second hand AP7 imports for those that want them..Some third party could make some money there! ) . So alas here is the the downside of a small company like Firewalla, they have great innovation but struggle to deliver a global product against the big boys like a TP Link, UnFi etc. So it's a risk for us supporting them as one of the big players may just buy you out( everyone is always for sale) , or if they cant , they will out innovate you with deep pockets. Still hoping to see a Firewalla AP7 downunder at some stage as I am rooting for the little guy.
-
The real problem is that the demand for the AP7 outside of the USA is not yet big enough to meet our ODM's minimum build requirements. We are currently working with them to understand if we can pay more to get everything done. The best way to help us complete this survey https://forms.gle/7t34RHXBraHwdpB47
Please sign in to leave a comment.
Comments
648 comments