Firewalla Blue


1 comment

  • Avatar


    1. The gigabit port (pretty much all modern ethernet) are duplex, or bi-directional.  Meaning, there is 1gigabit tx and 1 gigabit rx for any port.  So in our case, traffic flows in and come out, so max is 1 gigabit.  

    The 500 limit is purely limiting by CPU, we just need to optimize it a bit more. 

    2. Same way as Red, either use spoofing, or use DHCP mode. Check this link out, blue and red share the same code here

    3. VPN max is 70mbits as of now.  If you have that on and local switching on ... should be little impact.  Why?  there are 4 cores on the box.  VPN is CPU intensive, it will pretty much get one core.  While switching traffic will use one of the other cores.

    4. VPN client is real. It will be initially openVPN based.  It is not hard to do ... with funding from Blue, it will be faster.

    5. Ad blocking is DNS, the lookup is local on Firewalla.  So it is lightning fast.  And with this, you also get DNSMasq, which is a DNS cache ... that will make your other lookups faster.

    6. Firewalla will never .... ever ... never ... ever ... inspect encrypt traffic.  The box will always look at the meta data.   Reason, we are security people, breaking encryption ... is not good.

    7. Block by country is quiet easy for us ... if there is a valid reason then send email to, we will create a feature request.   Or one of the engineers picks it up and build one :)

    8. Parental control is decent ... we are pretty powerful on the alarm part.  Time limits we have, needs work to make it flexible. 

    9. Firewalla can be inline with other firewalls.   We have people use it with sonicwall

    Comment actions Permalink

Please sign in to leave a comment.