Help us make the Firewalla AP
Pinned Featured
- Building a Zero Trust Network with Firewalla
- Firewalla Tutorial: Segmentation and Microsegmentation with AP7
- Early Access hardware is the FINAL production unit
- AP software in BETA.
-
Compatibility Requirements:
- Gold, Gold Pro, Gold Plus, Gold SE: Must run Beta software.
- Purple, Purple SE: Must run Early Access software.
- Firewalla must operate in Router mode.
- Firewalla App must run Beta software.
- Availability: USA customers only.
- Shipping: 7–37 days post-order, in waves (FIFO).
- Order Limit: Soft limit of 3 units per order; exceeding this may delay shipment
- Early access signup ends 12/30/2024 at 11:59PM PST.
- A coupon (small discount) will be sent to early access sign-ups before 1/2/2025.
- You do NOT need to sign up to order.
- We started an AP7 Community Page, please post your questions here
- Full Integration with the Firewalla Security Stack
- Zero Trust Network Architecture
- VLAN Segmentation and Microsegmentation Support
- Easy to install, managed anywhere
- Wi-Fi 7, faster and more reliable
- Wi-Fi Mesh with Ethernet or Wi-Fi backhaul
- Firewalla running in router mode is required
- 8 Spatial Streams, tri-band, low-power indoor unit
- 10Gbit + 2.5Gbit Ethernet Interface
- Early access and beta are available only in the USA. (EU and other countries TBD)
- Price for beta units with discount: $299 to $349
- Final price after 1/20/2025: We don't know; it depends on the tariff
- Tentatively, early access/beta sale starts in early January 2025
Key Principles of Zero Trust
- Segmentation and Microsegmentation: Divide your network into smaller segments to limit the lateral movement of threats.
- Least Privilege Access: Grant users and devices only the minimum access necessary to perform their functions on the network.
- Continuous Monitoring: Continuously monitor and verify the security posture of all users and devices.
We usually run a pre-sale cycle, but due to the political changes (new President), it is not possible for us to pre-sale and build units without knowing possible tariff impacts. Instead, we’ve used the sale proceeds from BFCM to pre-purchase a batch of units.
The AP7 units should be built soon and be available for ordering. We plan to split the orders into groups: (This plan is still tentative, we may also merge beta+early access together)
- Early Access (for our earliest supporters at the lowest price, available mid- to late-December 2024. Must be running Firewalla Gold (v1 & v2), Gold SE, Gold Plus or Gold Pro in router mode)
- Beta Access (about 1 month later, available mid-January 2025. Must be running Firewalla Purple or Gold series units in router mode)
- Production (to be decided after 1/20/2025)
- For details please refer the the status update section below
All units will have the final production hardware, software will be in early access/beta.
- Limited number of units available
- Limited to 3 units per customer
- Early access unit will be using early access software
- Beta access will be using beta software
The Firewalla AP7 Ceiling Mount will come a couple of months after 1/20/2025. It will seamlessly integrate with the FWAP7 Desktop units.
Spec
- Triband 2.4Ghz 2x2, 5Ghz 2x2, 6Ghz 4x4
- 8 Spatial Streams, 320Mhz channel support 6Ghz
- Network Interfaces: 10Gbit RJ45 + 2.5Gbit RJ45
- VLAN
- PPSK+WPA2 Support (Personal Key)
- Mesh with Ethernet or Wi-Fi backhaul
- Dimensions: 5.43 x 3.15 x 7.48 inch
- Item Weight: 1.4 lb
- Power: 30W
- Compatible with and Required: Firewalla Gold / Firewalla Purple in router mode
Status Update: 12/10/2024
- The initial batch of APs is nearly complete.
- We plan to ship some units by air right around or after Christmas to reduce shipping costs.
- Shipping optimization is under consideration to keep the beta/early access pricing closer to $299.
- Apps version 1.64 and 1.980 are targeted for "early access" release during the week of 12/16. These updates will include exciting new features and code support for the Firewalla AP.
- Sales are expected to begin in early January, with units shipping within seven days of order placement. (The exact date will be confirmed next week.)
Status Update: 12/17/2024
- The Firewalla AP7 is coming very soon!
- We are aiming for 1/7/2025 9 AM PST as the Early Access purchase date, but we'll let you know if anything changes! (if the shipment is late, then this date might be pushed back to 1/14/2025)
-
@M:
1. VqLAN should work regardless where you hang the AP. It is not based on VLAN, but rather based on ACLs. This method works nicely in smaller network like homes and small businesses.
2. Personal key requires WPA2, WPA2 does not support 6ghz; So if you use personal keys, then you can't use 6ghz channel. (If you are stuck with 6ghz, you may want other ways to segment, see the articles we send, or wait until the drivers starts to support WPA3)
3. Allow rules for VqLAN will likely happen in the near future after production. May be one or two releases. We need more feedback on VqLAN first.
4. Roaming can be done by the device or the AP. Not all devices can be told what to do, so the answer, it depends ... and if more people want this feature, we probably can build something to make it happen, but it won't work 100% of the time.
-
@Troy Barwick, the distance of the AP to the camera depends on where you place the AP. Is there a wall in between? and how noisy are your neighbors? And how is your camera's antenna is placed.
For example, I have AP7 going through one wall and able to talk to a ring unit 50ft away ...
-
Outside USA pricing is TBD, but it is likely a bit more. We have to build two SKU's and the USA one is a larger bulk, and the world version is a much smaller order; factories charge more $ for smaller orders. (If our AP sale in the USA is good, we may build more world units and that may drive down the cost to be the same as USA orders ...)
-
This is impressive, I read through Zero Trust and the VqLAN idea is brilliant. I currently use a Gold Plus with a Synology mesh router in AP mode and would upgrade to this for integrated management and use.
A few questions and thoughts:
1) Would be great if the AP could serve as the failover wifi source, for using a cellphone or the neighbour's network, instead of using the WiFi SD unit--the WiFi SD has quite limited range and speed.
2) Any details re certification of the unit for Canada, and which bands would be usable?
3) The one thing I'd miss from the the Synology router is that it can run an AirPrint server that sits between wifi clients and a networked printer.
-
1. We do not intend to make the unit run as a station; it will require a lot more code changes. The WiFi SD is much cheaper
2. Canada will likely come after EU and AU certifications, so there will be a wait time. The good part is that I think the "world" version should be usable in Canada.
3. No plan to add a print server to these units. Maybe in the future.
-
Hi Everyone! I'm super stoked the AP's are coming out! It seemed like a really fast product creation or maybe this year just flew by? I haven't told my wife yet....But given Firewalla's track record I'll take a risk on this new product. I've been a customer since Blue through Gold Pro.
Question for you all: I scanned the comments but do not see an answer so asking, how will frequency allocation be done? Can we manually assign channels to AP's? Will there be some automated process to assign/ensure non-overlapping channels? I currently have Orbi Pro which uses all the same channel on all 4 AP's. Kind of sucks for roaming and optimal frequency usage.
I'll order 3 and pretend it is a Christmas and birthday present for next year to myself. ;-)
Thank you! -Andy
-
Another Question while I'm here: Will there be any QoS settings to protect real time traffic or move bulk data to less than default if there is contention?
Firewalla: I'm sure you all know what you are doing or can ping friends if needed, but if I can be of help let me know. I've been deploying WLAN's and Outdoor AP's since 1999 with 802.11 (frequency hopping) and 802.11b and still do some wireless in challenging environments to this day. I'm that triple CCIE guy. Ping me at my account email if I can be of help. I was part of the Gold Pro beta, but I had nothing negative to report because your product was near flawless.
-
I am thinking about corporate sales. So will we be able to manage many access points that can be mounted on the ceiling or wall? For example, will we be able to manage 50 access points via Gold Firewall? For example, will WIFI traffic be tunneled through the Firewall as in Fortigate, or will the access point traffic be sent via the switch? Can you give information about those modes?
-
It might have already been covered in the comments, WiFi7 requires WPAv3 to my knowledge. It looks like WPAv3 won't be available on launch? Not a huge deal for me at the moment because I only have 2 devices which can do WiFi7. Is it planned for us to be able to do different modes per SSID/VLAN? For example devices which can do WiFi7 and WPAv3 are in SSID "EPIC" and older devices which can only do WiFi5 or WiFi6 and WPAv2 are in SSID "LAMER"? Will the AP's be able to support something like that?
-
@Andy, WPA3 is there now, I am using it + 6ghz, are you thinking of something else? (or you can let me know you read that, I can decode) The system will be flexible, so you can pretty much configure anything.
@Andy, how many SSIDs do you need? We plan to put a limit, that just to prevent the system from collapsing
-
@Firewalla,
I was planning to get the Firewalla Gold Plus or Gold SE.
Now this AP Access Point will if you get when it comes out
you have to have one of the firewall like Gold Plus or SE?
for it to work?
I have my mesh Asus system (1 main router RT-AX86U and one setup as mesh same model as above ) and a Asus Extender (RP-AX58 AX3000) will it work fine with those? Have ip cameras, wifi light switches and other wifi devices witch i want to be secure.(about 70 devices on my network)Thanks for advice
-
@ Firewalla, I understand on putting a limit. 4 is what I currently use. 5 or 6 SSID's would be great so there is opportunity to add other SSID's such as for the example I used earlier where I can separate out WiFi7 latest and greatest devices from older IoT or Home Automation type devices which can't be upgraded over time.
-
How will zero trust network on the AP interact with FW routers that are not gold plus? Will the Purple for example, which is limited to 5 VLAN be able to take advantage of all the features?
And
Looking ahead to future personal expansion, can you tease if it is worth waiting for purple 2.0 or would a Gold SE also be able maximize AP features?
-
Zero trust is an architecture; one of the main things of the architecture is the ability to segment+microsegment, and both of these are done via the AP and the firewalla. Purple VLAN limitation doesn't apply to microsegments, so there is no impact. The only thing with purple is, you are not able to get detail local flows, just a summary (due to memory usage)
Since the AP7 is a 10gbit and 2.5gbit ethernet unit, Gold Plus, Gold SE, and Gold Pro should all work nicely.
-
Dear Techincal Team,
How many Access Point devices can we manage? Can we also use it as a Remote Access Point? For example, I have two companies. Let's say there is 1 Access Point in Company A and 2 Access Points in Company B. There will be a Firewall in Company A. Can I manage the Access Point devices in Company B from the Firewall in Company A? Do the Firewall and Access Point always have to be in the same place? Do you have a solution for this? It would be a great solution if I could manage my Remote Access Point devices with a Firewall in a single center.
Regards
Please sign in to leave a comment.
Comments
648 comments