Help us make the Firewalla Switch
We are getting closer to building our first Firewalla Switch! To get us moving faster, please fill out this survey: https://forms.gle/iuCZGmchSshjsTkb7
(By answering this survey, you will be automatically subscribed to Firewalla Newsletters)
---
The Spec is pending and needs your requirements
-
@Firewalla -- Who said anything about $10 per port? 1000 / 6 = $167 per port which is quite pricey actually but not bad for the value that FW firmware would add. (Management ports can be 1G.) The MikroTik CRS504-4XQ-IN manages to do 4x 100G ports for $500 (black friday) to $600, i.e. $125 to $150 per port, again, this is end-user pricing, wholesale or VAR pricing will be much better, so there should be more than enough profit margin for you? And again, FW value prop can command a premium but ultimately sustainable success comes from building an ecosystem and integrating products into a lineup (similar to Ubiquity's strategy). But this needs "MVP products" to drive the conversation and pull people in - and this could be such an MVP.
Heat problem
There is none. The Mikrotik simply uses large heatsinks for the QSFP28 modules and does not get hot at all. Its two fans are so quiet that you don't even need to replace them with Noctuas (reviewers online agree). Power consumption is just 25-40W. Certainly in the same neighborhood as the FW Gold Pro with 33W...!
Only downside is that they use the Marvell Prestera 98DX4310 which (afaik) does not support RDMA/RoCE which would be nice to have but is not a dealbreaker. It is also more than 3 years old at this point, so newer, better, even more efficient chips might be available.The Mikrotik is rated for -40 *C to +70 °C environments and also exists in an IP66-rated outdoor version (!), so it certainly does not need a heavily cooled datacenter rack.
@Derek Seaman -- Can I ask why do you feel the need to reply if you have zero constructive thoughts to add? Come on... Nothing here is unheard of or worthy of ridicule, I mentioned an existing product that is on the market right now at a good price point with a similar target audience as FW could reach and outlined its potential for improvement (software, ports) which we know FW could achieve; I don't see why FW could not replicate and improve on its success. The world surely doesn't need more cheapo 1G/10G switches? I completely fail to see what value it would add to slap a FW logo onto a white-labelled, unmanaged switch UNLESS it is part of a comprehensive product lineup and a well-integrated ecosystem that already includes a powerful top-of-rack / aggregation switch. Hence my proposal.
The FW guys & gals are all former Cisco people. World-class engineers (maybe not the best marketing people) but they surely know the tricks of the trade and they have also proven they know how to innovate. This is a proven and existing concept of a product that can easily be innovated upon on the software side (Mikrotik's management stack is pretty bad). Software and UI is FW's strength. So why not do it?
-
I would love to see a switch with 24 2.5gbic and 4 10gbic SFP+ ports. As for POE i would think only the first 8 would need to be powered and the rest are access ports. Something to consider though would be 4-8 10gbic POE ports for AP's.
Issues for users like myself who had a wall mount Levition is space. I can't fit a full depth switch and need something with a shallow form factor. The max switch i can fit currently is the TP-Link TL-SG3428X-M2. I'm in the process of upgrading my Firewalla Gold to a Firewalla Pro but space is a serious problem. In reality my POE+ injector is doing the job if since i don't have the space.
-
Since the AP has a 10gb RJ45 port on it, I would say the switch(s) need to have a bare minimum of two, 10gb RJ45 PoE+ ports on them now.
John Alan
"Only downside is that they use the Marvell Prestera 98DX4310 which (afaik) does not support RDMA/RoCE which would be nice to have but is not a dealbreaker."
They do support that actually. It was added in recent firmware updates. The entire 98DX line should be able to support the DCB features required at the switch hardware level, as long as it is enabled in the control software to set them up.
-
For me personally the UniFi Pro Max 16 PoE is about perfect and what I’d base a Firewalla Switch off of, but I’d rather it had half 2.5G and half 1G. Keep the PoE++ on half of the 2.5G ports and half of the 1G ports, and the remaining can be PoE+. Could also do a non-PoE flavor. Also include an RJ45 SFP+ option so you can use those ports for uplink/LAG to the Firewalla firewall.
-
The reality for me is that I’ve already invested in UniFi APs so the new Firewalla AP is too little too late, but I haven’t invested in new switching. I’d buy a Firewalla Switch at $500-800 in a heartbeat if it met those specs, since I’m looking at that anyway with UniFi and their 24port Pro Max PoE model (I need more than four 2.5G ports, including PoE++). I can do with less total ports which is why I suggested a 16 port variant - seems like a good compromise for most prosumer households.
-
Firewalla, I think that whatever you go with should be fully compatible with the new APs you are doing. Powering them from the switch and allowing full connection throughput the AP can do. If the switch doesnt allow integration on the physical side with your new hardware, I feel like whats the point?
Preferably physically sized the same as the Gold Pro or the Gold, so that it can actually be mounted in the exact same rack unit for those models. That way it stacks perfectly with the firewall it is connecting to for people placing these on an end table somewhere, and it also can be rackmounted for those who want to do that with the exact same hardware you already make and nothing new is needed there. You may even be able to use the majority of the same chassis as well as what you already source, just with a different face plate cut out, saving costs on manufacturing end too.
As for PoE stuff, you could just source a 48v external power supply brick and that brick would sit on the rackmount right next to it like the Gold models do, and then the 48v would go to the poe stuff and use a small circuit board with some voltage regulators on it to step down to 12v, 3.3v, and 1.8v that the switch chips and all their hardware actually use.
-
One POE+ is for regular cameras and WiFi 6 AP, two POE++ are for much power hungry devices like WiFi 7 APs.
10G ports are for other switches, WiFi 7 APs, NAS storage and couple PCs connected to have fast connection with NAS storages.,like 6 10G it’s enough with one POE++ for one AP, or whatever. In rest half ports can be1G POE+ for cameras, and the other half ports can be 2,5G for rest of connected devices . All ports Managed of course…
Ideally, but that’s Me, I guess people have different needs… -
Current setup
Firewalla Gold Pro
Aruba 1930 24G CL4 PoE 4SFP/SFP+ 195W
3 Instant On 25’sI need 4 10 ports, 2 are for NAS 1 for LAN to Firewalla, rest of everything else is 1 gig and use 12 ports. Minimum I need this everything else is nice to have… a outside AP would also be wonderful POE 1 gig is fine for me.
need to support 6 VLans
-
What about if there were different levels of switches.
24 x 2.5gbit + 4 10gbit SFP+
6 or 8 x 10gbit (POE++) + 2 10gbit SFP+
I say this because i would absolutely use this stack. I could connect the 2 switches via SFP+ (x2) and have them communicating with 20gbit throughput and then still have 2 SFP+ ports available for connecting to a Firewalla Gold Pro or another devices. This setup allows me to keep my AP's powered and dedicated and my wired devices to be connected directly without the cost of 10gbit or POE for all ports. Keeps cost down, keeps size down and allows for versatility.
-
Agreed with fanless. Even the small Noctua’s are a pain in the ears. To limit power consumption (and thus, heat), you could choose to limit the PoE budget. Allow all ports to deliver power, but limit the overall power to (say) 100 W.
Also, some sort of authentication/radius support. Firewalla knows what VLAN a device is registered to, so no matter what port you plug a known device in, the switch should configure the port in that VLAN. Unknown devices go into some sort of default VLAN to allow registration.
I also feel like 2 switches could be a good way forward. An 8-port desktop one, and a rack-mount 24 port switch. Or maybe 20+4 SFP. I personally don’t need 2.5 Gbit ports, so can’t really comment on that.
Anyway, if fanless and auto port VLAN config, it’s a buy. Then that Cisco switch can finally get tossed.
-
@firewalla I really hope the future switch is going to integrate/extend the new VqLAN feature coming with the APs (the sheer thought of that has me ready to throw money at y’all!).
Now to add to the chaos of requests for the switch:
Now that details of the APs are solidifying my thoughts on the switch is that it needs be of a port speed that can handle the new APs (so 10Gb) and should probably be 12-16 ports depending on cost discussions.PoE would be nice, but if it’s not possible to have two versions of the switch or make just one for a realistic cost with it included I’d ideally like to see certified PoE adapters (as in certified by Firewalla) that work with the ceiling APs and switches.
Lastly, a 24 port 2.5GbE switch would be a really cool and future proof follow-up down the road (or second switch option if possible now).
-
I'm also thinking about the Firewalla Switch now that AP is nearing launch. As Richard noted, to me the killer features tie into unified Zero Trust policy, being able to manage it all from one app, and the really good cost/performance and quality that your company has brought to market for some years. Kudos to you all!
I do not need PoE. My ask is still relatively modest:
- 8-12 Ports (preferring 12 because connection back to FW chews up a port on both)
- Minimum of 2.5 MGig (would really like at least 2 10Gig ports)
- Ability of have consistent QoS policy across FW, SW, and AP's
- Ability to have consistent Zero Trust policy across FW, SW, and AP's
- VLAN support
-
To be frank 2.5 gb/s is an entry point switch even for the home. I have gone all 10gb which is one of the reason I am interested in the AP7 and have a Gold Pro. I have very little left that is below 10gb/s and I mainly use fiber as it is more reliable than even cat 8 cabling. Fiber cabling is just as cheap as buying Cat 8 by the way, even in longer lengths.
I am looking for at least a 12-port 10gb/s switch and would prefer SFP+ vs UTP. I like the flexibility of plugging/unplugging a transceiver to change cabling types.
FYI - you can buy a cheap 12-port 10g SFP+ switches with 160gbs throughput on Amazon for $250. Now I am willing to pay more for better capabilities but even the best Mikrotik 24-port 10g SFP+ switch the CRS326-24S+2Q+RM retails for $599 and it will support both routing/switching w/ L3 HW ASIC Offloading. That means non-blocking throughput of 320 Gbps and switching capacity of 640 Gbps with a forwarding rate of 252 Mpps. These switches are currently my core and they live up to their throughput claims. The downside is their management/configuration is difficult, similar to Cisco iOS.
I would rather have a Firewalla switch but it needs to be a little higher end to justify the price/port. Perhaps like the APs you might have considered partnering with someone like Mikrotik. Mikrotik's kernel is also linux based and is quite feature/rich and used in smaller ISPs and Telcos.
Suffice it to say that micro-segmentation/VLANs is the minimum these days due to all the risk of IoT devices and everything now hanging off a home network :)
Love your products and the feature/functions and you are fixing some of my biggest issues with new capabilities so I have been a fan since my first Purple which i still have and use when I travel.
-
10g with min 8 ports, preferably all POE++.
Preferably half rack width if possible. I currently have a half width qnap 16 ports, 8 x 10g rj45 and 8 x spf+ for comparison and that cost $600 (too expensive). But would like something with POE that I can add right after the FGP.
I imagine software with biggest shining factor here.
Curious why more ports and switching couldn't be added gold pro, was it mostly to keep things separate which won't be doable in one box?
-
If you are suggesting configurations, please be realistic, and if you can, please put a $ range you are willing to spend on the dream configuration.
The reason is a 8 port 2.5Gbit unit + 2xSPF+ port, is much cheaper than the same unit that has POE++; and a 8x10Gbit managed switch with PoE++ and a few SPF+ ports is going to be much more expensive than a 24 port 2.5Gbit switch with no POE ports
-
4x10GbE PoE++ & 2xSFP+ ~$500
8x10GbE non-PoE & 2xSFP+ ~$500
8/16xSFP+ ~$250/500
8/16x2.5GbE PoE+ & 2xSFP+ ~$300/500
8/16x1GbE PoE+ & 2xSFP+ ~ $175/250Have to keep PoE++ pet count low due to heat. Keep 10GbE rj45 port count low due to heat.
Have all SFP+ option for low heat backbone switching.
Port density (8 vs 16) is a good survey question for customers. -
I’m struggling to understand the point of some of these suggestions. What exactly are we trying to prove? Where are the use cases for a device that integrates with Firewalla? If you simply need a switch, there are plenty of options available on Amazon, so I don’t see why Firewalla would compete in that space.
What makes sense to me is an 8-port switch, fully managed by Firewalla software, with all ports supporting 2.5 Gbps and no PoE. This aligns with the value Firewalla brings to the table. That’s also why the AP7 product seems promising—assuming, of course, that tariffs don’t interfere.
Finally a 48v injector would cover PoE needs. They are cheap and would make the Firewalla switch a more cost effective device.
-
I agree with Michael. A bunch of these suggestions are crazy. I'm currently an Omada user and am looking for something similar to this:
TP-Link TL-SG2210P V3
But with 2.5 gig ports instead of 1 gig. Having a fanless, compact, cheaper design is very important. If 4 or 8 of those ports could be poe/poe+ then that's an extra bonus, but it's not a requirement for me as I have other POE switches that are cheap enough or a pile of injectors. I would pay up to $200 for this basic switch with the understanding it would get the support and development from Firewalla. TP-Link support and firmware update is very poor, but if it works, there is nothing cheaper with the same amount of features for the price.
Then make a higher end switch with 10 gig, more than 2x SFP and Poe++ ports with the screaming fans, etc. for the "hardcore" users. I have no need for 10 gig in my personal network (famous last words) and run plenty of bandwidth intensive tasks, both local and to the internet.
-
For my POE++ Ruckus APs I'm using the following $529 USD switch and it's awesome:
TP-Link TL-SX3206HPP | 6 Port 10G L2+ Managed PoE Switch | 4 PoE++ Port @200W, 2 x 10G SFP+ Slots | PoE Recovery | Omada SDN Integrated | IPv6 & Static Routing | 5 Year Manufacturer Warranty
It's basically silent and is perfect for high power Wi-Fi 7 APs. If Firewalla wants to make a "core" switch that's no for APs, then 16 ports of 2.5G plus 2 10G SFP ports would be a great start.
Please sign in to leave a comment.
Comments
241 comments