Help us make the Firewalla Switch
Pinned Featured
Please fill out this survey: https://forms.gle/iuCZGmchSshjsTkb7
(By answering this survey, you will be automatically subscribed to Firewalla Newsletters)
- The pre-sale price will be decided later.
- Pre-sale discounts + pre-sale coupon will be sent to those who register
Firewalla Switch 10G (Switch X) Price > $699
- 8x10G RJ45 With POE++
- 4x10G SFP+
- Rack mountable
Firewalla Switch 2.5G (Switch SE) Price > $300
- 8x2.5G RJ45 with PoE+
- 2x10G SFP+
- Not rack mountable
About the upcoming pre-sale (aiming for July 7), two product variations will be available (both at the same price):
1. Early Access (Switch): This product variation is very limited and available only in the USA. (If you are outside of the USA, you will not be able to see it) These units will likely ship within days. (Final hardware and beta software)
2. Pre-sale (Switch): This is the pre-sale unit, where you buy at a discount (pay full upfront) and we likely ship them in September / October. (Same hardware and production software)
-
General Pre-sale is available to USA, UK, EU, AU, New Zealand, Canada, Singapore, Turkey, Israel, Switzerland, Hong Kong, and UAE
-
Other Countries: This product is FCC, CE, ISED, and RCM certified. Please verify your country allows personal imports for this equipment; as the importer, you are responsible for local customs requirements and processes.
Firewalla App 1.69.1 Will Support Both Switches
-
These are white-label (existing units from the ODM) loading our software. Not much we can do with customizing things, otherwise, you will see a cost ++
And yes, Switch X power is inside the metal box, so it get a bit hot once you load all 400+ watts. Not much room for other things.
-
Update June 4, 2026
-
Targeting Beta in the middle of July with a very limited number of units.
-
Pre-sale / sale date, unknown, waiting for commitment on CPU/Memory/EMMC
-
Likely, both Switch X and Switch SE will be available. If not, Switch X will be there for sure.
-
Both units should have CE/FCC/Canada certifications. (Class A devices)
-
There are white-label units designed to be industrial or enterprise by the ODM.
-
-
-
For normal operations (we have 4 PoE+ running) on X, the fan is low spin, in office can't hear it. In a quiet room, if you are 3/4 feet from it, you can hear. Any further, not noticeable. (I'll get more scientic numbers when we get our final unit)
But if you are starting to use most of the 400W PoE, then likely the fan will spin louder. (I assume when this happen, you will be placing it in a isolated rack)
-
The early access sale and pre-sale dates will likely be July 7 or July 14th. (mark your calendars) Both of these units will be discounted from the target price. (as usual)
Early Access: These are early units, final hardware, and beta software. Shipping within a few days of placing the order. We want to get some early feedback while waiting for parts. (very limited quantity)
Pre-Sale: These are future units, likely shipping in September or October.
We may have a pre-sale 2, since even the initial pre-sale units are limited due to the chip shortage.
-
We may separate the early access and pre-order buckets for the sale. The early access side will have a limit of 1 unit per kind of switch. And the pre-order one has no limit. The number of pre-sale units will be limited ( a lot more than early access) due to parts limitations.
Early access delivery is within few days. (we fly them over from Taiwan ...) And pre-sale is September / early October.
-
I was planning on purchasing enough SE’s for early access to do proper testing of VqLAN. However, Firewalla just posted that we “will have a limit of 1 unit per kind of switch” for early access. This may submarine early access for me because I have two layers of switches, two Cisco’s for my Gold Plus’s two separate LAN’s, and Netgear 5 and 8 port switches in different rooms at the edge, all connected with Ethernet.
I’m going to dive deep with questions to figure out whether there is any way to have non-Firewalla switches at the edge (at least temporarily) as others have also expressed interest in doing. For example, there are small managed switches with port isolation which can be configured. There are a few unmanaged switches with a hardware isolation toggle that allow no east-west traffic (TP-Link TL-SG1210MP). And there are some MikroTik switches supporting bridge horizon (similar to the hardware isolation toggle).
The challenge with these isolation techniques comes when a device must talk with other devices (they will work if a device only talks to the internet). Will VqLAN work for the following cases in a two layer switch architecture where the Firewalla router talks to a Firewalla switch which in turn talks to edge switches which do not allow east-west traffic:
- Will Firewalla allow device to device communication when the two devices are in separate edge switches?
- Going a step further, will Firewalla enable local-proxy-arp on their routers and switches so ARP will work between devices in the same subnet on the same edge switch, thus allow the devices to talk to each other? Enabling local-proxy-arp will cause the Firewalla routers and switches to answer the ARP on their behalf with its own MAC address.
-
Sorry about the limit, we need all thanks to the AI boom
You can still mix switches, when you have a non-firewall switch, firewalla app will not be able to control / view flows of devices attached to that device; It may still be able to see flows and control access if the devices on a non-firewall edge switch is talking to a device on a firewalla switch.
Firewalla can't see device-to-device traffic that never crosses any firewalla switch.
Even when device traffic goes over a firewalla switch, we also can't guarantee we can capture or manage that traffic, due to ACL limitations.
If you don't care about the visibility and control, a third-party switch should work nicely.
-
Good question. I don’t have your complexity but am assuming down stream edge switches will have no issues other than crosstalk within a non-managed switch before AP’s (as link home run) to FW router or a 100% populated switch with same group of devices (Reolink PoE) connected to a dedicated core switch port. I’m a bit over my skis in the final management plan or options.
-
I will be testing the two non-Firewalla edge switch scenarios in early access, but would greatly appreciate if Firewalla can at least let us know if local-proxy-arp is configured in the Firewalla router (Ubuntu Unix) and the Firewalla switch. For my and other's sake, I hope it is enabled!
-
BTW, we're giving away 2 Firewalla Switch SE's in our newest contest! Check out the details and enter here: https://forum.firewalla.com/t/contest-2026-show-us-your-network-the-best-and-the-messiest/61
If you don't plan to enter, you can still participate by voting for your favorite submissions. Good luck to all!
Please sign in to leave a comment.
Comments
446 comments