Help us make the Firewalla AP
Pinned Featured
- Building a Zero Trust Network with Firewalla
- Firewalla Tutorial: Segmentation and Microsegmentation with AP7
- Early Access hardware is the FINAL production unit
- AP software in BETA.
-
Compatibility Requirements:
- Gold, Gold Pro, Gold Plus, Gold SE: Must run Beta software.
- Purple, Purple SE: Must run Early Access software.
- Firewalla must operate in Router mode.
- Firewalla App must run Beta software.
- Availability: USA customers only.
- Shipping: 7–37 days post-order, in waves (FIFO).
- Order Limit: Soft limit of 3 units per order; exceeding this may delay shipment
- Early access signup ends 12/30/2024 at 11:59PM PST.
- A coupon (small discount) will be sent to early access sign-ups before 1/2/2025.
- You do NOT need to sign up to order.
- We started an AP7 Community Page, please post your questions here
- Full Integration with the Firewalla Security Stack
- Zero Trust Network Architecture
- VLAN Segmentation and Microsegmentation Support
- Easy to install, managed anywhere
- Wi-Fi 7, faster and more reliable
- Wi-Fi Mesh with Ethernet or Wi-Fi backhaul
- Firewalla running in router mode is required
- 8 Spatial Streams, tri-band, low-power indoor unit
- 10Gbit + 2.5Gbit Ethernet Interface
- Early access and beta are available only in the USA. (EU and other countries TBD)
- Price for beta units with discount: $299 to $349
- Final price after 1/20/2025: We don't know; it depends on the tariff
- Tentatively, early access/beta sale starts in early January 2025
Key Principles of Zero Trust
- Segmentation and Microsegmentation: Divide your network into smaller segments to limit the lateral movement of threats.
- Least Privilege Access: Grant users and devices only the minimum access necessary to perform their functions on the network.
- Continuous Monitoring: Continuously monitor and verify the security posture of all users and devices.
We usually run a pre-sale cycle, but due to the political changes (new President), it is not possible for us to pre-sale and build units without knowing possible tariff impacts. Instead, we’ve used the sale proceeds from BFCM to pre-purchase a batch of units.
The AP7 units should be built soon and be available for ordering. We plan to split the orders into groups: (This plan is still tentative, we may also merge beta+early access together)
- Early Access (for our earliest supporters at the lowest price, available mid- to late-December 2024. Must be running Firewalla Gold (v1 & v2), Gold SE, Gold Plus or Gold Pro in router mode)
- Beta Access (about 1 month later, available mid-January 2025. Must be running Firewalla Purple or Gold series units in router mode)
- Production (to be decided after 1/20/2025)
- For details please refer the the status update section below
All units will have the final production hardware, software will be in early access/beta.
- Limited number of units available
- Limited to 3 units per customer
- Early access unit will be using early access software
- Beta access will be using beta software
The Firewalla AP7 Ceiling Mount will come a couple of months after 1/20/2025. It will seamlessly integrate with the FWAP7 Desktop units.
Spec
- Triband 2.4Ghz 2x2, 5Ghz 2x2, 6Ghz 4x4
- 8 Spatial Streams, 320Mhz channel support 6Ghz
- Network Interfaces: 10Gbit RJ45 + 2.5Gbit RJ45
- VLAN
- PPSK+WPA2 Support (Personal Key)
- Mesh with Ethernet or Wi-Fi backhaul
- Dimensions: 5.43 x 3.15 x 7.48 inch
- Item Weight: 1.4 lb
- Power: 30W
- Compatible with and Required: Firewalla Gold / Firewalla Purple in router mode
Status Update: 12/10/2024
- The initial batch of APs is nearly complete.
- We plan to ship some units by air right around or after Christmas to reduce shipping costs.
- Shipping optimization is under consideration to keep the beta/early access pricing closer to $299.
- Apps version 1.64 and 1.980 are targeted for "early access" release during the week of 12/16. These updates will include exciting new features and code support for the Firewalla AP.
- Sales are expected to begin in early January, with units shipping within seven days of order placement. (The exact date will be confirmed next week.)
Status Update: 12/17/2024
- The Firewalla AP7 is coming very soon!
- We are aiming for 1/7/2025 9 AM PST as the Early Access purchase date, but we'll let you know if anything changes! (if the shipment is late, then this date might be pushed back to 1/14/2025)
-
Single SSID supporting 2.4GHz and 5GHz both. Allows IoT and other devices to be same Network. Can manage groups on Firewalla. Usage - My Home Network.
Another SSID for Guest Networks (supports both 2.4 and 5). Should see Guest Network devices individually in Firewalla. Orbi can't do this as it does NAT for Guest. Not a biggie as permissions will be defined in FWP. But being able to not disclose Home Network Pass to Guests feels and adds extra layer.
Wired Backhaul between APs definitely needed.
-
@Firewalla
Thanks for answering the question about AFC. It’s a bit of a bummer because I’m looking for a replacement for the Asus BQ 16 Pro system. A full-fledged WiFi 7 standard indoor powered (implies AFC). I believe AFC’s purpose is to increase indoor TX power of the 6GHz bands to get to levels close to what is allowed for the 2.4GHz. You can see the max. TX level in the first table “Operating Frequencies” of the BQ 16 Pro in this FCC filing at this link: https://fccid.io/MSQ-RTBE6X00, those are only possible with a certified AFC AP.
Anyway, I’m still looking forward to hearing about all the specs and then seeing the unit FCC filing for more details like the max TX power levels per frequencies. I also understand that these transmissions power levels are not going to reduce the quality of the product that you are going to release, but I see this as a future-proofing feature when investing in a new WiFi AP in 2024/2025. Kind of the same reason I bought a Firewalla Gold Pro with 10Gbps capability…but I only have 1Gbps service as of today.
-
We deploy around a hundred residential client networks per year in 5,000-12,000 sq. ft. homes. All access points are hardwired back to the core switch. Mesh isn't even brought up as an option unless it's a retrofit project.
Our gold standard has been three SSIDs per home
SSID #1: <client chosen name> 5 GHz
- 5 GHz band only with Wi-Fi calling turned on with Ruckus Unleashed
- Primarily used for mobile devices (phones, laptops, tablets)
SSID #2: IoT 2.4 GHz
- 2.4 GHz band only with Wi-Fi calling turned off
- Clients are encouraged to join all non-roaming devices (TVs, doorbells, remotes, appliances) to this SSID
- Clients should still join mobile devices to this band in case they roam too far from the 5 GHz signal
SSID #3: <client chosen name> Guest
- 2.4 GHz band only.
- Throttled guest network, created by Ruckus Unleashed, and isolated from the 2.4 and 5 GHz networks
99% of home networks do not require VLANs, and this system design generates a near-flawless end-user experience with hardly a single callback or service call.
You can decide if you have any need for Wi-Fi 7 right now:
https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-7 -
Adam this is my exact setup, using Aruba Instant On 25AP which are powered via POE.
I am hoping for something for outside as my generator is internet with my solar and both are on the same vlan and then route out a vpn and makes 2 NAT’d hops. Which is same for IOT setup for IOT and 2 car chargers.
-
@Stuart Munro, have you considered purchasing an outdoor AP enclosure?
@John, Ruckus will tell you that their Beamforming technology is the best in the business, and handoffs are completely seamless and unnoticeable. I can't argue with them, as I've never noticed an issue. I have four R750s (two in my home and two outside in a covered pavilion and shed) and flawless coverage across an acre of land.
Read more about Beamforming here:https://webresources.ruckuswireless.com/pdf/wp/wp-using-all-the-tools-you-can.pdf
-
@john I've run Ruckus at home (at first three R650s, now three R770s) all with wired backhaul. "Mesh" is a consumer grade concept. Enterprise grade APs, like Ruckus, support various Wi-Fi standards to aid in clients roaming between APs on the same SSID. The client decides when to roam, but APs can help "encourage" roaming through various techniques. With properly tuned Ruckus settings, roaming is seamless between APs. Some clients roam better than others, but that's generally due to client logic and not AP issues.
-
@firewalla A Wi-Fi 7 AP can operate at standard power indoors, assuming they support AFC and the associated FCC requirements. I use Ruckus R770 Wi-Fi 7 APs in doors, and they are configured for AFC and support SP. This noticeably extends 6 GHz range in doors. 6 GHz naturally attenuates much more than 2.4 GHz, so support SP indoors is a big win for 6 GHz coverage. There's zero reason to wait for an "outdoor" AP to support SP/AFC for indoor units.
-
The Firewalla AP7 is a low-power indoor unit and does not need to support AFC; it will be an affordable midrange unit. It won't be costly like the 770 (I assume it is 1k to 1.5k range).
I don't think 6ghz at standard power can be better than 2.4ghz, many of these things also depend on the end point device power. (so may not make sense to push that much power at home)
-
"The Firewalla AP7 is a low-power indoor unit and does not need to support AFC; it will be an affordable midrange unit. It won't be costly like the 770 (I assume it is 1k to 1.5k range)."
Yes, please keep this affordable, while having a ton of features is nice, the mass majority of home users do not need or care to be bothered with a ton of settings.
I work in IT, and at the end of the day for my home network I want it to be simple as possible and do not want to have to be constantly tinkering, I do not want to continue with work on my home network...
-
@firewalla. Considering your user experience design in Firewalla - I have no doubt you will do a great job. A few nuggets for you to
Consider though. I believe most comments are from friends who are fairly advanced technically, judging from their comments. HOWEVERPl think about the end user group demographics. Any one using Firewalla at home, particularly gold and above. He/she is an advanced user but not too technical savvy
User.They need to be able to connect a range of IoT devices ( from TVs to home automation ) requiring varying bandwidth. Not all devices accept single ssid for 5 and 2.4.
The auto guest on-boarding ( portal easy access) and cleanup of dormant devices from guest network is great.
Vlans for Dummies in a same way as you have done user groups in Firewalla
For medium to larger houses - mesh is used by us so that all users ( children, non technical spouse and old parents) and roam in and out of house seamlessly. You have to take care of that. It is a must. If new AP can be added to same mesh this would be awesome and allow for seamless migration and investment path.
Needless to say - I believe you will
Use same one app for Firewalla and AP. -
I think the recent comments have become way too nerdy for the common FW user. Most of us just seek security, high speed, reliability, value, range / mesh as needed, obviously VLAN and more than 4 SSID's, I currently have 5 and I would use more if I could, but the frequency they run on, I don't even know what that means, that's were it gets too nerdy for the common man. Most people don't even use multiple SSID's or know what a VLAN is.
-
@Adam Zell: for my home network, I use VLANs to keep untrusted devices (IoT, guests,...etc) from being able to communicate with the rest of my devices. I use different SSIDs for a number of reasons...guest network, IoT network, create wifi 7 (mulit-band) SSIDs, 2.4GHz only SSID for IoT where they don't play well, for management purposes, with multi-band SSIDs,...etc.
-
@adam Zell: I have two VLANs in my home. One is my private network that has everything I personally own including IoT. Matter isn't designed for VLANs, so I keep my internal network simple. I then have a dedicated VLAN for my guest/resident network. That's firewalled off by my Firewalla and just has internet access.
-
@Adam, there is a range of users that FW cater to, but I don't know where the average user is.
I have a home lab and separate my DMZ and Server traffic from my home and automation devices. The DMZ can only talk to the internet and cannot initiate communications to anything else. The Server traffic is protected from broadcast and multicast traffic from the rest of the home.
I have an SSID for all devices (2.4GHZ and 5GHZ), an SSID for 5GHZ only traffic, and occasionally a Guest SSID.
I've seen requests for features that are best handled (or can only be handled) at the termination (switch and AP) and it's great that the teams at Firewalla are listening.
-
Given the ongoing discussion about features for the AP7, I wanted to share that Ubiquiti released the Enterprise E7 today (and announced E7 Campus and E7 Audience for 2025).
Here's the store page for reference with tech specs included: https://store.ui.com/us/en/category/all-wifi/products/e7
I did purchase an E7, but I am very much looking forward to the AP7 from Firewalla.
-
I've been wanting to do an AP refresh and have decided to hold off. I was looking for MPSK/DPSK/PPSK capability so I can reduce SSID's while utilizing multiple vlans. Ashamed to admit this but I currently have 94 devices on my network with minimal isolation and I REALLY need to bump up security. But WPA3 is not compatible with that from a WiFi protocol perspective. Soooo fingers cross that it's some sort of tunnel encapsulation to the Firewalla gateway and allow the Firewalla gateway handle firewall policies of inter-device communication which by default it quarantines from communicating with the local network? However without a Firewalla switch in place (ignoring Firewalla gateway ports) to handle communication directly with L2 wired clients that may be on the network, I don't expect it to be EXACTLY that. Still could be routed to the wired network. Or maybe that's part of the bigger picture in the future?
Please sign in to leave a comment.
Comments
648 comments