planning to upgrade to a Firewalla Gold from a Bitdefender box 2 plan to use the Box2 as a sub router. Suggestions?


    GM Josh,


    IMPORTANT: There is a known issue between bitwarden's client "port scan protection" and firewalla's "devices port scan"!

    • in fact, it seems that bitwarden's agent will detect the firewalla device port scan and identify it as an attacker and break temporarily the whole firewalla network lan side blocking access to the internet for the whole network... so you need to disable one of them (i disabled the one in firewalla for now since I have laptops that I take outside my lan and birwarden doesn't allow me to disable the port scan protection for specific LANs)


    going back to your question: it depends, and unfortunately you will have to test and most likely tweak...In my case, I just gave my box2 to my daughter.

    AFAIK the box 2 doesn't have the option to run as an Access Point. So theoretically you can setup your box2 as a router with its own dedicated LAN 192.168.10.x/ behind your firewalla gold but:

    • DOUBLE-NATTING - having 2 routers in serie is not an issue however, when you have 2 firewalls in a row you might face complications when each one of them does its own Natting.
    • You can deal with your own services(a web server) by ensuring that you natting rules on firewall1  match the natting port on firewall2 which match the actual ip:port on your backend. 
    • however, a number of self-registration services (upnp,bonjour,...) are not going to play nicely with double natting... 
    • in your specific use case, the devil is in the details, most smart TV(roku/fireTV/...) might be ok but you might have to define/setup a proxy on the firewalla subnet itself since they should be (https). For your IOT it might be a different problem in particular I noticed that some of my cheap smart outlets connect home over the internet to be managed and they don't seem to work well when you jump subnets.
    • Second (smaller issue), assuming you are using the wifi from box2 right now, you will need a new wifi AccessPoint if you have other non-IOT/SmartTV devices since firewalla doesn't have any wifi integrated. That also means that you want to make sure that both wifi won't interfere with each others... and AFAIK, the box2 doesn't allow you to change the frequency... so make sure that you can pick the frequency on the second AP and avoid overlapping.

    in other words, it might work but unfortunately you have to try and you might have to setup an http proxy, double nat some services, get a second wifi AP, configure it to not conflict with your box2.

    good luck.


