Help us make the Firewalla AP
Pinned Featured
Order Firewalla AP7 here: https://firewalla.com/products/firewalla-ap7
-
Single SSID supporting 2.4GHz and 5GHz both. Allows IoT and other devices to be same Network. Can manage groups on Firewalla. Usage - My Home Network.
Another SSID for Guest Networks (supports both 2.4 and 5). Should see Guest Network devices individually in Firewalla. Orbi can't do this as it does NAT for Guest. Not a biggie as permissions will be defined in FWP. But being able to not disclose Home Network Pass to Guests feels and adds extra layer.
Wired Backhaul between APs definitely needed.
-
@Firewalla
Thanks for answering the question about AFC. It’s a bit of a bummer because I’m looking for a replacement for the Asus BQ 16 Pro system. A full-fledged WiFi 7 standard indoor powered (implies AFC). I believe AFC’s purpose is to increase indoor TX power of the 6GHz bands to get to levels close to what is allowed for the 2.4GHz. You can see the max. TX level in the first table “Operating Frequencies” of the BQ 16 Pro in this FCC filing at this link: https://fccid.io/MSQ-RTBE6X00, those are only possible with a certified AFC AP.
Anyway, I’m still looking forward to hearing about all the specs and then seeing the unit FCC filing for more details like the max TX power levels per frequencies. I also understand that these transmissions power levels are not going to reduce the quality of the product that you are going to release, but I see this as a future-proofing feature when investing in a new WiFi AP in 2024/2025. Kind of the same reason I bought a Firewalla Gold Pro with 10Gbps capability…but I only have 1Gbps service as of today.
-
We deploy around a hundred residential client networks per year in 5,000-12,000 sq. ft. homes. All access points are hardwired back to the core switch. Mesh isn't even brought up as an option unless it's a retrofit project.
Our gold standard has been three SSIDs per home
SSID #1: <client chosen name> 5 GHz
- 5 GHz band only with Wi-Fi calling turned on with Ruckus Unleashed
- Primarily used for mobile devices (phones, laptops, tablets)
SSID #2: IoT 2.4 GHz
- 2.4 GHz band only with Wi-Fi calling turned off
- Clients are encouraged to join all non-roaming devices (TVs, doorbells, remotes, appliances) to this SSID
- Clients should still join mobile devices to this band in case they roam too far from the 5 GHz signal
SSID #3: <client chosen name> Guest
- 2.4 GHz band only.
- Throttled guest network, created by Ruckus Unleashed, and isolated from the 2.4 and 5 GHz networks
99% of home networks do not require VLANs, and this system design generates a near-flawless end-user experience with hardly a single callback or service call.
You can decide if you have any need for Wi-Fi 7 right now:
https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7 -
Adam this is my exact setup, using Aruba Instant On 25AP which are powered via POE.
I am hoping for something for outside as my generator is internet with my solar and both are on the same vlan and then route out a vpn and makes 2 NAT’d hops. Which is same for IOT setup for IOT and 2 car chargers.
-
@Stuart Munro, have you considered purchasing an outdoor AP enclosure?
@John, Ruckus will tell you that their Beamforming technology is the best in the business, and handoffs are completely seamless and unnoticeable. I can't argue with them, as I've never noticed an issue. I have four R750s (two in my home and two outside in a covered pavilion and shed) and flawless coverage across an acre of land.
Read more about Beamforming here:https://webresources.ruckuswireless.com/pdf/wp/wp-using-all-the-tools-you-can.pdf
-
@john I've run Ruckus at home (at first three R650s, now three R770s) all with wired backhaul. "Mesh" is a consumer grade concept. Enterprise grade APs, like Ruckus, support various Wi-Fi standards to aid in clients roaming between APs on the same SSID. The client decides when to roam, but APs can help "encourage" roaming through various techniques. With properly tuned Ruckus settings, roaming is seamless between APs. Some clients roam better than others, but that's generally due to client logic and not AP issues.
-
@firewalla A Wi-Fi 7 AP can operate at standard power indoors, assuming they support AFC and the associated FCC requirements. I use Ruckus R770 Wi-Fi 7 APs in doors, and they are configured for AFC and support SP. This noticeably extends 6 GHz range in doors. 6 GHz naturally attenuates much more than 2.4 GHz, so support SP indoors is a big win for 6 GHz coverage. There's zero reason to wait for an "outdoor" AP to support SP/AFC for indoor units.
-
The Firewalla AP7 is a low-power indoor unit and does not need to support AFC; it will be an affordable midrange unit. It won't be costly like the 770 (I assume it is 1k to 1.5k range).
I don't think 6ghz at standard power can be better than 2.4ghz, many of these things also depend on the end point device power. (so may not make sense to push that much power at home)
-
"The Firewalla AP7 is a low-power indoor unit and does not need to support AFC; it will be an affordable midrange unit. It won't be costly like the 770 (I assume it is 1k to 1.5k range)."
Yes, please keep this affordable, while having a ton of features is nice, the mass majority of home users do not need or care to be bothered with a ton of settings.
I work in IT, and at the end of the day for my home network I want it to be simple as possible and do not want to have to be constantly tinkering, I do not want to continue with work on my home network...
-
@firewalla. Considering your user experience design in Firewalla - I have no doubt you will do a great job. A few nuggets for you to
Consider though. I believe most comments are from friends who are fairly advanced technically, judging from their comments. HOWEVERPl think about the end user group demographics. Any one using Firewalla at home, particularly gold and above. He/she is an advanced user but not too technical savvy
User.They need to be able to connect a range of IoT devices ( from TVs to home automation ) requiring varying bandwidth. Not all devices accept single ssid for 5 and 2.4.
The auto guest on-boarding ( portal easy access) and cleanup of dormant devices from guest network is great.
Vlans for Dummies in a same way as you have done user groups in Firewalla
For medium to larger houses - mesh is used by us so that all users ( children, non technical spouse and old parents) and roam in and out of house seamlessly. You have to take care of that. It is a must. If new AP can be added to same mesh this would be awesome and allow for seamless migration and investment path.
Needless to say - I believe you will
Use same one app for Firewalla and AP. -
I think the recent comments have become way too nerdy for the common FW user. Most of us just seek security, high speed, reliability, value, range / mesh as needed, obviously VLAN and more than 4 SSID's, I currently have 5 and I would use more if I could, but the frequency they run on, I don't even know what that means, that's were it gets too nerdy for the common man. Most people don't even use multiple SSID's or know what a VLAN is.
-
@Adam Zell: for my home network, I use VLANs to keep untrusted devices (IoT, guests,...etc) from being able to communicate with the rest of my devices. I use different SSIDs for a number of reasons...guest network, IoT network, create wifi 7 (mulit-band) SSIDs, 2.4GHz only SSID for IoT where they don't play well, for management purposes, with multi-band SSIDs,...etc.
-
@adam Zell: I have two VLANs in my home. One is my private network that has everything I personally own including IoT. Matter isn't designed for VLANs, so I keep my internal network simple. I then have a dedicated VLAN for my guest/resident network. That's firewalled off by my Firewalla and just has internet access.
-
@Adam, there is a range of users that FW cater to, but I don't know where the average user is.
I have a home lab and separate my DMZ and Server traffic from my home and automation devices. The DMZ can only talk to the internet and cannot initiate communications to anything else. The Server traffic is protected from broadcast and multicast traffic from the rest of the home.
I have an SSID for all devices (2.4GHZ and 5GHZ), an SSID for 5GHZ only traffic, and occasionally a Guest SSID.
I've seen requests for features that are best handled (or can only be handled) at the termination (switch and AP) and it's great that the teams at Firewalla are listening.
-
Given the ongoing discussion about features for the AP7, I wanted to share that Ubiquiti released the Enterprise E7 today (and announced E7 Campus and E7 Audience for 2025).
Here's the store page for reference with tech specs included: https://store.ui.com/us/en/category/all-wifi/products/e7
I did purchase an E7, but I am very much looking forward to the AP7 from Firewalla.
-
I've been wanting to do an AP refresh and have decided to hold off. I was looking for MPSK/DPSK/PPSK capability so I can reduce SSID's while utilizing multiple vlans. Ashamed to admit this but I currently have 94 devices on my network with minimal isolation and I REALLY need to bump up security. But WPA3 is not compatible with that from a WiFi protocol perspective. Soooo fingers cross that it's some sort of tunnel encapsulation to the Firewalla gateway and allow the Firewalla gateway handle firewall policies of inter-device communication which by default it quarantines from communicating with the local network? However without a Firewalla switch in place (ignoring Firewalla gateway ports) to handle communication directly with L2 wired clients that may be on the network, I don't expect it to be EXACTLY that. Still could be routed to the wired network. Or maybe that's part of the bigger picture in the future?
Please sign in to leave a comment.
Comments
650 comments