Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

Firewalla Blue

Follow
Avatar
Rafael Diaz

Hello all,

I got a notice about Firewalla Blue (I almost supported Red but it was just too under-powered for my needs) so I thought I would revisit Firewalla Blue (FB).  First I like the focus on performance but was immediately disappointed in the fact that there is only ONE gigabit NIC.  So I had the following questions.

1.  How will Firewalla Blue achieve "near" gigabit speeds on one network card?  Traffic needs to enter Firewalla and exit Firewalla through the same interface, wouldn't this limit you to 500Mbps?

2.  How are clients directed to go through FB (arp spoofing/poisoning)? 

3.  How will the VPN server impact Firewalla's performance?  Ex: if I'm remote and connect to my firewalla's VPN server at around 70Mbps what impact will this have on it's performance?

4.  How likely will a VPN client be?  Being able to connect the firewalla to a 3rd party VPN provider is a must have for me.  

5.  Is the Ad Blocking based on DNS?  How much of an impact will this have on overall performance?

6.  How will Firewalla inspect encrypted traffic and will this break websites?

7.  Can you block traffic/connections by country?

8.  How robust will the parental controls be?  Can we set daily time limits by device/user?

9.  Can Firewalla Blue work inline with other firewalls?

 

Anyway that's all I have, thank you.

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Firewalla

    Answers

    1. The gigabit port (pretty much all modern ethernet) are duplex, or bi-directional.  Meaning, there is 1gigabit tx and 1 gigabit rx for any port.  So in our case, traffic flows in and come out, so max is 1 gigabit.  

    The 500 limit is purely limiting by CPU, we just need to optimize it a bit more. 

    2. Same way as Red, either use spoofing, or use DHCP mode. Check this link out, blue and red share the same code here

    https://help.firewalla.com/hc/en-us/articles/115004292514-Tutorial-How-does-Firewalla-Intercept-Traffic-

    3. VPN max is 70mbits as of now.  If you have that on and local switching on ... should be little impact.  Why?  there are 4 cores on the box.  VPN is CPU intensive, it will pretty much get one core.  While switching traffic will use one of the other cores.

    4. VPN client is real. It will be initially openVPN based.  It is not hard to do ... with funding from Blue, it will be faster.

    5. Ad blocking is DNS, the lookup is local on Firewalla.  So it is lightning fast.  And with this, you also get DNSMasq, which is a DNS cache ... that will make your other lookups faster.

    6. Firewalla will never .... ever ... never ... ever ... inspect encrypt traffic.  The box will always look at the meta data.   Reason, we are security people, breaking encryption ... is not good.

    7. Block by country is quiet easy for us ... if there is a valid reason then send email to help@firewalla.com, we will create a feature request.   Or one of the engineers picks it up and build one :)

    8. Parental control is decent ... we are pretty powerful on the alarm part.  Time limits we have, needs work to make it flexible. 

    9. Firewalla can be inline with other firewalls.   We have people use it with sonicwall

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post