Advice on new installation - Gold
Hi there, i'm asking you some advice to fit an upcpoming firewalla gold in my home network. I currently have a blue firewalla, but decided to order a gold one mainly because my connection is a gigabit fiber.
Now, my setup is the following:
ISP ONT (fiber to ethernet) --> Asus RT-AX86U (with VLAN tag in order to provide WAN connectivity) which serves as DHCP, WiFi, DDNS, UPNP --> several devices (up to 25 at the same time, one of which is the blue firewalla in simple mode) connected, both via ethernet and wifi. There's also a 2.5gbit switch providing more ethernet ports, connected to the Asus at its 2,5gb eth port. One more thing: my NAS (Synology 220+) is configured with bonding, so two eth cables runs direct into respective Asus ones (also there of course configurated with bonding).
I understand that the best way to add a gold box is as router, leaving the Asus in AP/Bridge mode. I have to better understand pros and cons of configuring the gold box as router vs gold in dhcp mode:
1) in case of router mode, can I set the VLAN tag for my WAN connection (presume yes, but just to be sure)? I need just one, so this would be on eth4 port if I read correctly...
2) in router mode, can I assign fixed IP for some of my devices (i.e. NAS and other LAN HD)?
3) is there any DDNS and UPNP support?
4) What's the status of IPv6 support? My provider is running on a dual stack, so I currently have both ipv4 and ipv6 connectivity. For reference, right now on my Asus IPv6 is set as "Native".
5) My ISP is about to dismiss the IPv4 stack, migrating all the customers to IPv6 with MAP-T protocol in order to translate IPv4 and ports outside the client's network. Is there any chance to keep using gold firewalla as a router after this? I know that there's no router currently sold that's supporting MAP-T protocol, unless using OpenWRT with some custom modification... when it comes the time I'll ended up switching provider I guess...
Many thanks
-
1. Yes, when you setup WAN on the Gold, you can specify the VLAN ID.
2. You can reserve IP's for devices on your network. https://help.firewalla.com/hc/en-us/articles/115004304054-Device-Management
3. DDNS and UPnP are supported.
4. IPv6 is fully supported
5. Which ISP are you using? As far as we know, we know providers will NAT ipv4, but removing it completely, we have not seen. Is the MAP-T. (You sure this MAP-T runs on the router or within the service provider?)
-
ISP is Sky (comcast company) in Italy. Yes, they ask for a CPE supporting MAP-T.
They're using Sky UK's IPV4 range but they want them back :)
These are the mandatory requirements, valid when they'll switch to IPV6 only:
- Protocol IPoE IPv4/IPv6
- NAT: MAP-T Mapping of Address and Port, Translation mode (RFC7599)
Would be great if you guys add support to MAP-T
Please sign in to leave a comment.
Comments
2 comments