Recommended WiFi 6 hotspot to put behind the Firewalla Gold?
Is there recommendations for WiFi 6 hotspots pair up with the Firewalla Gold?
-
If you plan to run the Gold in Router mode
- Any router that does Access Point or Bridge Mode will work perfectly with the Firewalla Router Mode. (Mesh or no Mesh, doesn't matter wifi 6 or no wifi 6). Avoid Google Wifi, it doesn't have AP mode when hookup in mesh mode.
- In general, you do not need a really powerful wifi 6 router; The gold does have a pretty powerful CPU + 4GB of RAM, which is likely far more powerful than your wifi router. By offloading the routing/switching function to it, your wifi router will likely perform better.
Now, all of us here at firewalla like mesh routers, and recently we tested two of these.
TPlink Wifi 6 X60 (around $200 if you get it from Costco)
This unit here performs really well, when paired with the Gold Router Mode in Access Point / Bridge mode. The coverage is decent, speed is also faster than the none wifi 6 routers. The price point is perfect ... (This router doesn't work in Simple or DHCP mode)
Eero Pro Wifi 6 ($500 to $600 Amazon)
This is a fancier unit, the coverage is a little bit better than the TPLink, Signal is a bit stronger than the TPLink. And when run in Bridge mode + Firewalla Gold in Router Mode... it is really fast. (we are still testing this unit in simple mode, and DHCP mode does work)
So, it depends on your taste. we think the TPLink is enough (at least for our setting), and the price point is good. Will it work at your place or not ... it is your call. :)
-
How about the
NETGEAR MK63-100NAS ?My use case I will just set VLAN on the port that the nighthawk is plugged into vs setting VLAN on nighthawk itself.
I current have the Verizon FiOS mesh setup and went to get rid of it.
I ordered my firewalla today and need a fast mesh wifi 6 set up.
I was just going to put the entire wifi on its own VLAN. -
Firewalla Gold and purple I believe support VLANs and regular LANs through 5 physical ports. You either need to have switches and APs that support VLANs or you need to add separate and additional APs to support an IOT network. In short, you segregate either physically or logically.
-
For the AP22s that would work.
You’d need a second unmanaged switch for multiple eeros plugged into a different port or plug your old eero directly into your FWG. You’d have to assign separate network subnets and decide on inter connectivity between your main and IOT networks. Firewalla has some good articles on IOT network segregation considerations. -
No need for a second IP from your ISP. All traffic from both your internal networks can be routed out one external IP.
What I would suggest is start with the gear you have, get it working, and then build from there. If things work and you’re still receiving security updates for all your APs, why change?
I switched from Asus to UniFi for their VLAN support and so that I could break my network into 3 segments: IOT, Home, and Work. I completely segregated the Work network from the rest (disabled the mDNS, etc) because work machines have monitoring software on them. I did not want to buy multiple APs (a pile of 2x3=6 routers around the house was kiboshed) means one set of 2 AP for each of the three networks, did not want to hard wire that many APs, and wanted to use PoE to provide UPS power consistently to the entire network in the event of a power outage.
VLANs do add a level of complexity, both config and troubleshooting. You have to be comfortable with that.
Firewalla Gold is dead easy to config and still super powerful. It’s a solid choice. You might want to draw out your network (even by hand) before you start so have a plan.
Hope that helps. -
Yes , it's what I do.
You create a second DHCP on one of the unused WAN ports, put your guest WAP to it, then create a FW rule that says can not talk with other segments and only the internet.
This link you want to review.
-
There is a newer Netgear Wifi 6 AP, that may work https://www.amazon.com/NETGEAR-Wireless-Access-Point-WAX610/dp/B08D3693SV according to the Q&A, it should have VLAN to SSID mapping. The price is pretty decent. (<== we have not tested this)
We have the none wifi 6 version, which can do the mapping.
-
I tired the Netgear Pro SRX60 which supposedly supports VLANs and it doesn't actually in AP mode.
I have the Gold product and I'm wanting to upgrade to Wifi6, looking for mesh and vlan support several separate SSIDs in AP mode - use cases include separate isolated SSID and VLANs for Home, Work, Guest, IOT. I would prefer not having to buy multiple mesh routers for these purposes. Any suggestions for products that work in this way?
-
So initial testing and configuration results: They're expensive but the Orbi Pro 6 SXR80 (router) and SXS80 (satellite) or otherwise known as AX8000, work for VLAN configurations with segregated SSIDs as long as you turn on network isolation for each VLAN. I have yet to fully test the mesh configuration. There are 4 SSID which can be associated to 4 VLANs. I've used my Firewalla to configure the VLANs all on the same port number. There are a couple of catches: 1) need to have a direct connection to the Orbi router or the VLANs may not be recognized; 2) every Wifi and configuration change take a tonne of time to configure because the units must reboot for every configuration change for every wifi SSID and VLAN change made; 3) performing a complete power cycle might be necessary to reset saved configurations at the end of multiple configuration changes. There are some configuration details that include bridge groups, default VLAN 1, and trunk vs access modes that I'm going to retest. I can say though it all seems to work at this point as an AP leveraging the Firewalla as the main router - positive (and it should be for the $$$$).
I'm running in AP mode to be clear, not Router mode on Orbi infrastructure.
Of note, the Orbi Pro 6 SRX60 (note the difference in model) does NOT work in the same way as an AP as the SRX80 with VLAN, SSID network isolation, and mesh enabled.
I need to test: Mesh configuration holds the same SSID isolation and VLANs across both nodes (main router and satellite), performance and range across the Orbi SRX80 platform (initial tests proved impressive for range), other considerations.
So far, positive!
-
Speed and coverage are good. Not sure yet about the extra $.
I'm having an issue with the VLAN/LAN connection dropping fairly frequently and sporadically. I looked at the Orbi logs and there's nothing indicative of a problem. I'm suspecting it's either a configuration issue or a bug with my Firewalla Gold. Any articles I can read or steps I can take to check my configuration?
-
The Netgear Orbi Pro SRX80 experiment ended with me returning very expensive gear that would enable VLANs but the performance was so poor, unstable, and unreliable with a high % of dropped packets and for the price point, just not worth it. And yes, that's with up to date firmware!
I picked up Ubiquiti HD Nano and what took me hours to setup (because the AP needed to reboot on each screen for each configuration change) took minutes. They also seem solid, and performant with few to no packets dropped. They have VLAN support, multiple SSID capable, Mesh, and decent management console. The catch is that they are only APs, they don't have LAN ports, which is ok, but I'll have to come up with other solutions.
Impressed so far...
-
I currently run UniFi gear but if I was starting from scratch, I'd have a hard look at TP Link Omada or Aruba Instant on. If Wifi 6 is not a deal breaker, second hand Rukus AP's and switches (running unleashed) could be really nice too.
BTW... hard wired AP's are worth the effort vs the mesh stuff IMO.
Please sign in to leave a comment.
Comments
42 comments