Help us make the Firewalla Switch
The Spec is pending and needs your requirements
-
I think there should be 2 switches, one 8 port the size of the firewalla Gold Pro so it can be stacked on/under the firewall, and another 16 or 24 port for rack mounting for those that rack their firewalla.
Both products should have half the ports be poe+.
The 8 port should have 8 RJ45 ports and have 4-6 be 2.5gb ports and 2-4 10gb ports, with an additional 2 sfp+ 10gb ports to the side of the main RJ45 ports. At least two of the 10gb RJ45s need to be poe+ capable, along with a group of the 2.5gb ports being poe+ capable. This 8 port switch should have a 120 watt poe power supply in it. If it is an all 2.5gb, a pair of 10gb ports plus poe managed switch then the price should be around $250-300. If it doesn't have poe and looses the 10gb ports then price should be around $90-100 since that is the price of the same switches from China you will be competing against.
The 16-24 port switch should have 4 10gb RJ45 poe+ ports, and 8 2.5gb poe+ ports. The rest should be either 2.5gb or some 10gb non-poe ports. It should also have 2 sfp+ 10gb ports on the far side. This rackmount switch should have a 300 watt poe power supply. If this has the 10gb RJ45, 2.5gb RJ ports, as well as the poe and L3, then this could be priced around $450 to compete with the competitions offerings. If this looses the 10gb RJ45 ports but keeps the other stuff including L3, maybe around $350.
Typically switches now days list port count by how many RJ45 they have, and do not include the extra sfp ports included in the port count, and either include two 1gb SFP or two 10gb SFP+ ports for switch uplink
Down the road, once you have recouped investments into the initial switches, you can release a 3rd switch that is 24 port and all 10gb RJ45, with sfp28 ports on the side for the really high end networks. This one should have 8 ports of PoE+ and 4 ports of PoE++ and a 500w power supply.
The larger rack switch should be an L3 switch capable of handling vlan routing. The smaller stackable 8 port switch would be nice if it had L3, but Im fine if it is just L2
-
I agree, 16 ports, 2.5gb ports, maybe 1 or 2 10gb ports to allow for WiFi 7 and the gold pro. I feel if you go with more 10gb ports it will get too expensive to buy and manufacture.
As far as POE goes. I would say half too. Depends where your market is home soho or office. If soho, like my situation, I don't think you need 16 POE ports!
Also I'm thinking of cost for buying the Pro, your AP and your switch. It has to be affordable as otherwise, what's the point
-
For segmentation of networks when VLAN's aren't available on Wi-Fi (eero, etc) when trying to deal with IoT, I would like to see:
- Static MAC-based VLAN assignment
- ACL's for MAC addresses on ports
- Port Isolation. TP-Link example:
https://www.tp-link.com/us/support/faq/525/FYI, newer TP-Link DECO's are getting "Isolated Device" features to assist with IoT support in the absence of VLAN's:
https://community.tp-link.com/us/home/kb/detail/412694P.S. You might make some eero owners happy if you group certain features together for configuration that interfere with TrueMesh and must therefore be disabled in-between eeros; VLANs, anything that might add DSCP/ToS tags, loop avoidance, all forms of STP and all loop prevention features.
-
My personal hope would be a tight integration between the switch and firewall through the app. So when you set up a VLAN it would automatically propagate out to all attached switches and AP. You would still likely have to assign a VLAN to a switch port to make devices down it automatically connect to that VLAN, but the actual defining of the VLAN ID and name would hopefully propagate out to the devices on the network making set up easier. Right now when you have different vendors you must define the VLANs on each device individually and make the IDs match.
Perhaps even create Security Group Tagging feature like Cisco has and allow its use across the firewall and switches? SGTs are a lot like VLANs and rules, but you can apply a security rule to a group of devices and not to others on the same VLAN. Where a VLAN is assigned to a switch port, Security Group Tags are assigned to devices. Sort of the same thing but a different way to go about things, and useful for wifi connecting clients that are all connecting on the same AP and SSID. SGTs are used to represent a logical device group instead of a physical device group. And if you assign a device to an SGT, if you then connect it from one switch on one side of the house you another switch on the other side it would still be apart of the same security group and those rule policies still apply to it.
Maybe apply a QoS scheme across the whole network and not just on the firewall for traffic going through it?
Or what if it is an L3 switch, and they make ACL rules available so you can make them in the app but you can make an ACL exactly like a firewall rule and apply them all in the same place on the app but it uses those ACLs on the switch automatically? ACL rules for VLANs are much faster than a firewall rule is so performance is higher.
Or something really crazy that I don't think anyone does yet: What if you could integrate the switches into the app and firewall in a way that you could set up port mirroring, but instead of mirroring traffic to a physical port on the switch it could create a virtual port in the firewall that gets all the mirrored traffic and then you could log all of the traffic via wireshark directly on the firewall? That way you dont have to use a real physical port anywhere or divert traffic to a device for doing some logs like that.
-
A critical "feature" not mentioned is the ability to operate without sounding like a vacuum cleaner.
Some existing POE switches have great functionality but generate 60-70dB of noise. They sound very much like vacuum cleaners. It is as if the manufacturer designed these switches be placed in some cabinet in a basement datacenter far away from any people.
Since I'm assuming this is a prosumer switch, which will go into people's homes, including in closets adjacent to offices, living rooms, and bedrooms, noise levels need to be calibrated accordingly. Ideally, the unit would be silent or close to it. This may impact design decisions related to form factor or features.
-
@Firewalla
Look up the video "First Look! UniFi Pro Max 16 PoE Switch" on Youtube. This will be one of your main competitors that just came out. Obviously yours wont have Etherlighting, but it is 16 port, with 4 ports of 2.5gb, and PoE+ and Poe++, as well as 2x 10gb SFP+ for a price of $399. You will likely have to at the very least match this spec and pricing to get people wanting to buy it. I feel like if you know you cant hit this price point and feature level for ports then it probably isnt even worth doing since there is so much in the switch space already for cheap with 2.5gb ports.
-
I am going to propose a minimum of 3 - 10Gb ports.
A "mesh" wifi can have a router and two satellites. (Sure, can there be more satellites, but we are talking largely a "home" user base and I wonder how many homes have more than 3 access points.)
Hence 10G from the ISP to the Firewalla. 10G from Firewalla to the wifi router (in access point mode). We would then need 10G from the wifi router (again in access point mode) to this new switch. Finally we would need an additional 2- 10G ports on this new switch to go to each of the satellites. Hence, a need for at minimum 3 - 10G ports.
-
The way I see it is there's a lot of tech savvy people that have bought in to Firewalla. I'd imagine there's a fair number of people that have implemented their own pf/opensense firewalls, probably more ubiquiti routers (ER-X myself). I don't think these people are the target market for the switch. They already know how to setup/maintain VLANs, DHCP bridging, etc.
Personally I think the first switches are best targeted for the people that are using a few desktop switches to connect a few high speed desktops, APs, and a few streamers, printers, etc. The power of a Firewalla switch is to bridge the router to the AP and a few other connections under the simple interface w/o having to remember to tag/trunk ports.
In that vein I think a desktop 8/2 port switch with 2x 10gb (ideally copper, but SFP+ is probably fine), 4x 2.5gb (with a couple POE enabled), and 4x 1gb. If someone has a multi gig gateway then they can use the 10gb otherwise that could a NAS and desktop. The POE would be just for the Firewalla AP (I think 10gb POE is going to blow the budget on the AP).
Personally I have a couple of 24 port switches (a 250w POE and a non POE that I got cheap) as I only have a couple 10gb devices and a couple more 2.5gb (U7-pro, and a another desktop) but not a need to transport a lot of data. Our ISP is 1gb symmetric and rolling 10gb out so at some point I'll upgrade an older NAS and get some 10gb switches.
I could easily see a use for the 8/2 port switch (assuming I can mount rack ears on it).
-
At the moment, it is really hard to zero down to the spec, and that problem is mainly due to pricing expectations from some and also capability concerns from other. Some want the switch to have enterprise features at TPLink price. Others want the best and at any cost ...
@Firewalla I think that would be the case regardless of the product or the vendor. Your through process is correct, try and hit the middle of the bell curve. Enough ports to cover most use-cases.
Personal opinion: I almost would rather see you all have an 8 port 2.5G + 2 port 10G and deploy two of them together for additional density using the 2x10G ports (SFP or Copper). Bonus points if it's 10G across the board (but thats a lot of heat).
I do agree, once you start layering in a POE feature, your permutations get a little bit crazy. Which flavor? How many ports? etc. Maybe merit in having a POE version and a non-POE version? But now you're talking so many SKUs, prob. not what you all are looking to do.
As far as the comment about UniFi, I humbly disagree, I would use their model as an anti-pattern. They have so many models, so many flavors, and so much churn, it's just exhausting.
Having a smaller 8/10 port switch would allow me to setup a homelab in one of these too https://deskpi.com/products/deskpi-rackmate-t1-rackmount-10-inch-4u-server-cabinet-for-network-servers-audio-and-video-equipment
Having Firewalla software/integration on top of a layout/port config similar to CRS310-8G+2S+IN or CSS610-8P-2S+IN (if you wanted POE) would be a solid offering. Esp. as a starting point.
-
At least 12 POE ports mandatory for all existing ports with option to cut off POE individuality for each port (very important for me), at least 4 10G ports for connecting to Firewalla and another switch plus to a NAS and to one computer, remaining ports can be up to whatever you want
-
@firewalla @bryce
I agree, but how much money and power would this take?
Is it in your plans at all?
Can you make a lite version, too?"Bryce
2 days ago
For an 8 port switch 2 x 1gb, 4 x 2.5gb, and 4 x 10gb ports, with an additional 2 sfp+ 10gb ports.All ports and status lights are in the front and power is in the back for a mountable solution, please."
-
Not double, for all 16 ports you’ll need just one power supply, just 2x10G POE, just 6x2,5G POE ports, just one body case. All of that are the most expensive parts and make the main cost, all I ask is to add on top of that 8 more, not so expensive 2,5G non POE ports, which no need more power just a bit more space, but honestly you can fit all of that in a case similar to Firewala Gold Pro.
Will be duble only if you’ll have to buy two 8 POE port Switches each with its own power supply, each with their own 2x10G very expensive ports and so on.
So no, I think it’s not double of that at all maybe 150$ more at max…
Please sign in to leave a comment.
Comments
143 comments