Help us make the Firewalla Switch
The Spec is pending and needs your requirements
-
I think there should be 2 switches, one 8 port the size of the firewalla Gold Pro so it can be stacked on/under the firewall, and another 16 or 24 port for rack mounting for those that rack their firewalla.
Both products should have half the ports be poe+.
The 8 port should have 8 RJ45 ports and have 4-6 be 2.5gb ports and 2-4 10gb ports, with an additional 2 sfp+ 10gb ports to the side of the main RJ45 ports. At least two of the 10gb RJ45s need to be poe+ capable, along with a group of the 2.5gb ports being poe+ capable. This 8 port switch should have a 120 watt poe power supply in it. If it is an all 2.5gb, a pair of 10gb ports plus poe managed switch then the price should be around $250-300. If it doesn't have poe and looses the 10gb ports then price should be around $90-100 since that is the price of the same switches from China you will be competing against.
The 16-24 port switch should have 4 10gb RJ45 poe+ ports, and 8 2.5gb poe+ ports. The rest should be either 2.5gb or some 10gb non-poe ports. It should also have 2 sfp+ 10gb ports on the far side. This rackmount switch should have a 300 watt poe power supply. If this has the 10gb RJ45, 2.5gb RJ ports, as well as the poe and L3, then this could be priced around $450 to compete with the competitions offerings. If this looses the 10gb RJ45 ports but keeps the other stuff including L3, maybe around $350.
Typically switches now days list port count by how many RJ45 they have, and do not include the extra sfp ports included in the port count, and either include two 1gb SFP or two 10gb SFP+ ports for switch uplink
Down the road, once you have recouped investments into the initial switches, you can release a 3rd switch that is 24 port and all 10gb RJ45, with sfp28 ports on the side for the really high end networks. This one should have 8 ports of PoE+ and 4 ports of PoE++ and a 500w power supply.
The larger rack switch should be an L3 switch capable of handling vlan routing. The smaller stackable 8 port switch would be nice if it had L3, but Im fine if it is just L2
-
I agree, 16 ports, 2.5gb ports, maybe 1 or 2 10gb ports to allow for WiFi 7 and the gold pro. I feel if you go with more 10gb ports it will get too expensive to buy and manufacture.
As far as POE goes. I would say half too. Depends where your market is home soho or office. If soho, like my situation, I don't think you need 16 POE ports!
Also I'm thinking of cost for buying the Pro, your AP and your switch. It has to be affordable as otherwise, what's the point
-
My personal hope would be a tight integration between the switch and firewall through the app. So when you set up a VLAN it would automatically propagate out to all attached switches and AP. You would still likely have to assign a VLAN to a switch port to make devices down it automatically connect to that VLAN, but the actual defining of the VLAN ID and name would hopefully propagate out to the devices on the network making set up easier. Right now when you have different vendors you must define the VLANs on each device individually and make the IDs match.
Perhaps even create Security Group Tagging feature like Cisco has and allow its use across the firewall and switches? SGTs are a lot like VLANs and rules, but you can apply a security rule to a group of devices and not to others on the same VLAN. Where a VLAN is assigned to a switch port, Security Group Tags are assigned to devices. Sort of the same thing but a different way to go about things, and useful for wifi connecting clients that are all connecting on the same AP and SSID. SGTs are used to represent a logical device group instead of a physical device group. And if you assign a device to an SGT, if you then connect it from one switch on one side of the house you another switch on the other side it would still be apart of the same security group and those rule policies still apply to it.
Maybe apply a QoS scheme across the whole network and not just on the firewall for traffic going through it?
Or what if it is an L3 switch, and they make ACL rules available so you can make them in the app but you can make an ACL exactly like a firewall rule and apply them all in the same place on the app but it uses those ACLs on the switch automatically? ACL rules for VLANs are much faster than a firewall rule is so performance is higher.
Or something really crazy that I don't think anyone does yet: What if you could integrate the switches into the app and firewall in a way that you could set up port mirroring, but instead of mirroring traffic to a physical port on the switch it could create a virtual port in the firewall that gets all the mirrored traffic and then you could log all of the traffic via wireshark directly on the firewall? That way you dont have to use a real physical port anywhere or divert traffic to a device for doing some logs like that.
-
True. Small companies like ours focus on innovation, better service, to create an awesome experience for everyone. But given the tariff situation/drama and our small size, we have very little leverage in moving production to different/multiple countries on a very short notice. Some of our smaller suppliers are also hurting ... so the priority for us now is to do whatever we can to navigate the unknown, and hope for the best. (no different than all the small businesses impacted)
So, please be patient, and help us spread the word, we are still here to innovate and making kick ass products, just some new hardware may be a bit slow due the tariff drama;
-
For segmentation of networks when VLAN's aren't available on Wi-Fi (eero, etc) when trying to deal with IoT, I would like to see:
- Static MAC-based VLAN assignment
- ACL's for MAC addresses on ports
- Port Isolation. TP-Link example:
https://www.tp-link.com/us/support/faq/525/FYI, newer TP-Link DECO's are getting "Isolated Device" features to assist with IoT support in the absence of VLAN's:
https://community.tp-link.com/us/home/kb/detail/412694P.S. You might make some eero owners happy if you group certain features together for configuration that interfere with TrueMesh and must therefore be disabled in-between eeros; VLANs, anything that might add DSCP/ToS tags, loop avoidance, all forms of STP and all loop prevention features.
-
A critical "feature" not mentioned is the ability to operate without sounding like a vacuum cleaner.
Some existing POE switches have great functionality but generate 60-70dB of noise. They sound very much like vacuum cleaners. It is as if the manufacturer designed these switches be placed in some cabinet in a basement datacenter far away from any people.
Since I'm assuming this is a prosumer switch, which will go into people's homes, including in closets adjacent to offices, living rooms, and bedrooms, noise levels need to be calibrated accordingly. Ideally, the unit would be silent or close to it. This may impact design decisions related to form factor or features.
-
My summary reading so far, is some customers want one switch to cover all of their usages, and some want a few together. And some also want a big one for a home lab type of setup. Honestly, we still don't have a good feel for what our majority of customers and the cost associated with the number of ports and PoE ports. (hopefully, our survey will help answer that)
One thing for sure, the units won't match the pricing of 'no brand' cheap switches via Amazon or even TPLink;
-
Firewalla:
"My summary reading so far, is some customers want one switch to cover all of their usages, and some want a few together. And some also want a big one for a home lab type of setup. Honestly, we still don't have a good feel for what our majority of customers and the cost associated with the number of ports and PoE ports. (hopefully, our survey will help answer that)"
Honestly I think the only way you will capture a lot of customers is to produce the small switch for those who are looking for that, and a large(ish) switch for those looking that way. An 8 port and a 24 port. There are just too many people with all different setups. Either that, or just target a specific small portion of your customer base and know the rest will be wanting something else and hoping you release another product down the line.
Your forums also REALLY needs a quote feature...
-
16 port is the sweet spot for home networks, half should be poe+ with 120 to 150w total power budget. Probably 2.5gb ports. Most home users and even small businesses won't be using anything more. So basically I agree with the 1st post. One thing I would mention about the Poe+ side of things is lifespan and repairability. I've personally not had this issue with my poe switches but I've heard from others that poe switches compared to regular seem to have a shorter lifespan due to the power delivery and/or poor design + cheap power delivery components. That being said, maybe you want to go with a non-poe version for lifespan, and/or the Poe version should have good quality and efficient power delivery for long lifespan and minimal warranty claims for blown ports or power delivery completely failing.
-
M: Thank you.
Robin: I am not anti-thunderbolt. I love the technology. I am just trying to say it does not belong in a switch. The cost of the implementation at the switch level and connecting an endpoint or client device is not justified for a non-niche product.
That being said, 2.5 ports and at least 1 SFP+ port, would be my vote for minimum specs. In dire need of a core switch replacement and Im holding out on Firewalla, especially after getting APs.
-
I replaced my existing Unifi APs with Firewalla AP7s (one on each floor), and they work just fine behind the unifi switches. I'm still looking forward to eventually getting Firewalla switches at some point, but the unifi switches and the cloud key for the management piece work just fine. Overall I've been happier with the AP7s over the Unifi APs - they seem to have better coverage, and they work significantly better behind the Firewalla Gold Plus than the Unifi APs did (the Unifi APs worked better back when I had a Unifi gateway -- but Unifi didn't have dual WAN support at the time I decided to get the Gold Plus, and I like the feature set and the interface on Firewalla better overall).
Really just wanted to point out that there's no reason to get Unifi WiFi7 just because Firewalla doesn't have a switch available yet - it's really more important for the APs to match the gateway rather than the switches.
-
@Firewalla
Look up the video "First Look! UniFi Pro Max 16 PoE Switch" on Youtube. This will be one of your main competitors that just came out. Obviously yours wont have Etherlighting, but it is 16 port, with 4 ports of 2.5gb, and PoE+ and Poe++, as well as 2x 10gb SFP+ for a price of $399. You will likely have to at the very least match this spec and pricing to get people wanting to buy it. I feel like if you know you cant hit this price point and feature level for ports then it probably isnt even worth doing since there is so much in the switch space already for cheap with 2.5gb ports.
Please sign in to leave a comment.
Comments
224 comments