Show us your Firewalla, and Win BIG!

Pinned Featured

Comments

165 comments

  • Avatar
    Vitohsafb

    Nothing fancy. Firewalla Blue Plus is in simple mode. Attached to a very cool TP-Link Archer AX11000 router.

    3
    Comment actions Permalink
  • Avatar
    Paul Mokele

    It's a messy view but my firewalla red is working hard to at least keep my network clean (someone must do the job).

    I am running DCHP. 

    The only thing you need to know about my network typology is that, Fingbox serves as my Firewalla stand:-). 

    The firewalla VPN server is my favorite feature as I can access my media server anywhere outside my house. Wishing for a Purple or Gold so that I can do some routing of the VPN traffic.

    0
    Comment actions Permalink
  • Avatar
    Brendan Bellomo
    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

     

    So I have a geographically spread out configuration, not a nice rack with everything in it. So this is just, "part of the picture". 

    Network:

    • Multi-WAN configured in Load-Balancing mode (Two different ISPs)
    • LAG LAN connection to Unifi managed switches (USW-Lite-16-PoE) creating a 2GB connection!
    • Connected to switch are: NAS, 3 Unifi APs, another identical managed switch in a different room
    • Average of about 80 devices on network. 
    • 4 WVLANs and 8 VLANs in total. 

    3
    Comment actions Permalink
  • Avatar
    Adi Kolnati

     

    Greetings from London

    I am an amateur network enthusiast hell bent on creating a secure network for me and my family. :-)

    I am running a small setup configured as follows

    • Device: Firewalla Gold
    • Mode: Router
    • ISP: Virgin Media 200Mbps

     

    Network Setup

     

    Virgin Media is configured to be in modem mode and connected to a TPLink unmanaged 4 port switch that could have WAN devices connected. Firewalla is setup in router mode.

    Deepstack AI server helps with person / object detection using Frigate NVR and Double take (Home Assistant (HA) add-ons). The IPCAM VLAN 70 has couple of WiFi cameras that stream video to the Frigate setup.

    TPLink POE 8 port switch (Single Trunk managed via switch) powers the Ubiquity Access Point to create WLANs, each mapped to a VLAN

    UAP creates 5 WLANs used by various home, office, IOT and guest devices.

    TPLink POE switch also connects to Tado smart thermostat which HA controls

    3D printer along with an Unraid server for Plex, private cloud and windows VM all managed via FWG. The setup is still evolving and have plans to add more smart devices.

     

    Firewalla Gold (in the wild hanging off IKEA pegboard :-))

     

     

     

     

    Hope you like the setup and thanks for reading my submission.

    5
    Comment actions Permalink
  • Avatar
    Norbert Kraus

    My under the desk home network. Three Internet connections from different provider. Firewalla Gold as main router in load balancing router mode. Firewalla blue for my second router (Ubiquiti USG) and as third router for learning and testing a sophos xg firewall on an intel barebone pc. A few switches (Unifi and Mikrotik), four raspberry pi, some shuttle pc's and a lot more in the rest of my home - Synology and qnap NAS, HP Microserver, Cameras, Unifi Access Points, Amazon Echo's, Philips Hue and so on. And all this only because it makes fun, it's interesting and cool. So Firewalla must not be missing - it is one of the coolest stuf in my network. 

    -1
    Comment actions Permalink
  • Avatar
    John Stephen

    To boldly go where no Firewalla has gone before!

    -1
    Comment actions Permalink
  • Avatar
    Blake

    Pardon the mess, but I had to slide my rack out a bit from the inside of my closet.  My setup is AT&T BGW210>>FWG>>USW-24-G2.  I have several ethernet runs through the house for various and sundry applications, and then 2 Netgear Orbi's which are serving as my WiFi APs until Unifi can get their stuff together and release the AP I want (and has been in EA for a long time now).  

    I have the FWG in router mode with 2 physical networks and 2 VLANs.  My physical networks are for Home and Work.  My VLANs are for IoT and Management.  IoT is walled off, and my Work network is walled off from everything as well, except for a couple allowed rules to HomePods and my printer which is on my Home network.  All Apple devices enjoy Home network privileges, and my Lutron and Hue hubs are on the IoT network.  All my smart plugs are on my Home network but are cut off from the internet completely.  As soon as I get an AP that allows VLAN to SSID mapping those things will go on the IoT network as well.  My UniFi switches are on a Management VLAN to segment that from the rest of the network, and I run the UniFi controller in Docker on the FWG.

    I have one child with a phone and that phone is setup with Wireguard set to connect automatically and I have the same rules applied to that connection that are applied at home for her.  So that feature was a big win for me but a pretty big loss for her.

    0
    Comment actions Permalink
  • Avatar
    dot ro

    Firewalla Gold in Router Mode ;)

    -1
    Comment actions Permalink
  • Avatar
    Eric Nunes

    Firewalla Gold in Router Mode.  Also have a Fingbox, an Eero wireless mesh in bridge mode, network server, an IOT hub, network switch, Ring camera, Amazon Echo, and it's all surge protected and battery backed up.  Going to be adding a Tesla Powerwall soon next to the rig and have the Ring Alarm Pro so the whole network will have battery backup and cellular backup :)

     

    3
    Comment actions Permalink
  • Avatar
    Chett Harris

    My network: 

    top to bottom; 

    Apple TimeMachine in bridge mode for primary WiFi, Mac Mini server, and Fingbox.

    Unmanaged 1G switch

    Patch Panel

    Custom panel for Firewalla Gold (Router Mode) and GPS driven NTP Server.  Aside from routing and filtering, The GOLD is my VPN server for remote access to the network.  Cable to left feeds 'guest WiFi'

    PDU and ESP-32 (arduino) clock for displaying time from NTP Server

    Offscreen bottom: QNAP NAS, PLEX Server (another Mac Mini), UPS, and Cable Modem (I had to crop and reduce pic to meet 2MB size limit)

    2
    Comment actions Permalink
  • Avatar
    Blaine Miller

    My setup is very homey. It is a Spectrum ISP backed internet connection with 400Mbps Down and about 20Mbps up. It goes into our own Netgear Nighthawk modem and then goes to the Firewalla Gold in Router Mode. From there I use 2 ports one that goes to a 16 port Gigabit Netgear ProSafe switch and another that goes to a self installed ethernet wall jack that has a Cat 6 cable all the way to my bedroom with another self installed ethernet wall jack and more Cat 6 cables all the way around my room to my entertainment center cabinet with a 24 port Gigabit Netgear ProSafe switch that has cables going to 13 devices and another 8 port Netgear ProSafe Switch for the 4 computers at my desk behind a KVMP switch. I have 3 Wifi 6 Eero Pro 6 mesh routers 2 of which are ethernet backhauled and 1 that is wireless. I love to use just some of the simple features of Firewalla Gold like the active protect, ad block, smart queue for gaming and zoom and Google Meet calls and the DNS over HTTPS as well as safe search. The flows is often used to identify devices and monitor traffic spikes. It has caught several port scanning IPs and all sorts of other suspicious activity. The Country blocks are also quite helpful. Overall the speed improvements from the original Firewalla Red, Blue and now the Gold is massive. I have been happy on the Firewalla Beta channel for some time now. I have attached a picture of my Firewalla Gold in the Living Room protected by a UPS, and my 24 port switch in a cabinet along with its NAS and Mac Mini Server. I also attached a copy that is likely a bit outdated now of my networks topology drawn on Draw.IO. It is rather intermediate overall but It works great. I have about 105 devices on my network and it runs smoothly. Everytime I call in to support I always get things said like "That is the most sophisticated home network I have ever heard of" and "You were not kidding when you said you have 100+ devices"

    -1
    Comment actions Permalink
  • Avatar
    Mrr

    Here's my Firewalla Blue - in simple mode, between my NAS and UPS, and above another UPS. Got the Blue when they first became available and I recommend Firewalla to everyone.

    0
    Comment actions Permalink
  • Avatar
    bao

    In Singapore, most of our home has a utility cabinet which we use it to house all the electronic equipment. Comes with a fiber point - internet @ 1Gbps (yes, in SG, our ISPs provide up to 2Gbps!!). My main equipment are here, including the little Firewalla Blue! (oh, it runs Simple Mode) This is just the tip of the iceberg, there are 20+ other IoT devices around the house....

    Am into automation too! I have Flics, climate sensors, whole bunch of iOS Shortcuts, Switchbots, Cameras, etc. These adds up to the number of devices i have :D... Also have Apilio, IFTTT, SmartThings, so you can imagine the amount of traffic going in/out of this networks.. i think i need to upgrade the box sooooon...

    The 2nd distribution cabinet, houses the storage and "brain" of some services running the house + experimental stuff done on VMs. Say hi to BB8 too! I think i need more than the Blue to manage all these!! :D :D

    12
    Comment actions Permalink
  • Avatar
    Ciscoslacker

    Firewall Gold in Router Mode

     

    ISP -> Firewalla -> Netgear Switch (temporary)  -> Aruba 48 Port POE Switch - > 6 Unifi APs and other devices.

    I am running Lan Network, Guest Network, IOT Network, and Work Network.

     

     

    -1
    Comment actions Permalink
  • Avatar
    James Willhoite

     

    I've been using my Firewalla Gold for over a year now and have loved it. Once I got everything set up, it was pretty much a set and forget. It's been work horse. Here is my Network Diagram. 

     

    From the Diagram I have a site to site connection I set up between my Firewalla gold, and a Raspberry Pi-2 set up at my parents house. This allows site to site connection between us and allows me to remotely troubleshoot my parents computers. 

    I also have a IKEv2 VPN Connection to my Work in Knoxville TN. This is only one way (me to them) but could easily flip a switch to allow site to site. My work is then connected to two other branches and all of those computers (200+) I can access from the comfort of my own home in Ohio.

    From the Firewalla Gold I have a Cat6 cable going to a 24 Port POE Netgear Switch. From there to 3 different Access Points, 1 outside access point and 2 inside. There are about 34 active clients in my home with the Firewalla keeping track of about 55 different devices.

    The Firewalla Gold and the Internet modem are inside the House in a climate controlled environment with a Cat 6 going to the switch in the Garage. From there to the different ports in the house.

     

    My Firewalla Gold is running in Router Mode and handles all my DHCP to my Primary LAN, and two VLANs (Guest and IoT). My Windows R2 Server hosts a Web Server and a Monero Node that is public facing. The web server is hosting 3 different Websites at the current moment. 

    If I were to win another Firewalla I would use it either at My Parents house (replace the Raspberry PI) or make another connection at my Brothers House. (Would then have 5 different networks connected with mine.)

    -1
    Comment actions Permalink
  • Avatar
    William Bryce

     

    The pandemic forced me to step up my network game with 2 families working from home.  Started with a Full TP link based network with fiber lan backhaul. The TP link router had issues and lacked control and security. The Firewalla Gold in router mode bailed me out with parental control, segmented lan, and the best options of control and useability.  The Firewalla Gold is miles above and ahead of the TP Link R605 router I was using. I'm not a network guy, but  the Firewalla made it really easy for me to get control of my network and all the data flowing through it! Main router is located in a workshop, and house is fed with fiber from the workshop to the basement.  The best part is Firewalla gold is Starlink dual wan ready! Original Kickstarter backer for Red, then Kickstarter for backer for Gold, been with Firewalla from the beginning and have not looked back. Networks supports ~98 connected devices including Crypto miners and is powered from solar, in a off grid home. ISP is currently crap ADSL on 4 pair copper, waiting for Starlink. 

    2
    Comment actions Permalink
  • Avatar
    Dave Wengrovitz

    Wow, there are some pretty impressive setups posted in this group.  My modest home network is contained in a small 6U rack that sits quite nicely on a set of shelves in the basement with a few Mac devices, some Raspberry PIs, and some home automation gear.  The firewalla gold is in the bottom right corner.  

    3
    Comment actions Permalink
  • Avatar
    Mattgull

    Pretty simple setup. Gold is running in router mode connected to an Asus GT-AC5300 wireless access point running in bridge mode and a small unmanaged switch. Rock solid performance since the day I got it, and it just keeps getting better with all the improvements. I can't recommend it enough.

    -1
    Comment actions Permalink
  • Avatar
    Kevin Leinenweaver

    Managed to snag a rack from work(SCORE) so I 3d printed some shelving brackets and turned it into a shelving unit / network rack.

    Netgear modem -> Firewalla in router mode -> HP Procurve switch -> Unraid server and unifi access points.

    Plenty of raspberry pi's and what not scattered around as well.  Separate VLAN's for IOT from the rest of the equipment. Always tinkering so cabling will never be neat.

    -1
    Comment actions Permalink
  • Avatar
    Brian Newbold

    Firewalla.. in DHCP mode.
    Quietly lording over Google Wifi and securing my network from the spies at GOOGL.


    Such an unassuming rig.
    a) Firewalla Blue Plus
    b) Google Wifi (original 3-pack mesh routers) hence using DHCP mode
    c) SSD from my laptop, repurposed as a USB drive

    But the goodness is in the setup.
    .Google Wifi is set up with a minimum DHCP range with reservations for each of the mesh nodes and Firewalla, only.

    .Firewalla overlay network provisions IP's for any other devices.

    Here's the fun stuff:
    You'll notice that little silver device.. it's my old laptop SSD in an external case and used as an USB drive and is set as an auto-mount external drive.
    Why? Because running Docker with some containers can be a little more intensive on internal flash/ssd memory than desired, and I want my Firewalla to last as long as possible.

    What's on that drive? Well, containers of course!

    Notice anything different? Well I'm not running my containers in terminal. This is Portainer.io which makes it SUPER EZ to add and manage docker containers. (highly recommended)

    It gets even better.. with docker Stacks managed in Portainer you can do a little re-tooling of the same YAML files you use to create containers, and then deploy new containers with very little friction. I've also set them up to use shared mounts and my containers can very easily drop files and communicate between containers. 

    Want to share Stacks? No problem.. Just copy over the yaml script.

    version: '2.1'

    services:
    alpine:
    container_name: AlpinePy
    image: alpine:latest
    network_mode: bridge
    stdin_open: true # docker run -i
    tty: true # docker run -t
    volumes:
    - /media/usb0/docker:/docker

    #Voila! A new minimal linux container.

     

    In addition to the examples from Firewalla (PiHole, HomeKit, etc) I've also successfully gotten my Firewalla to be:
    Bitcoin Miner
    Minecraft server
    Python script runner
    Wordpress server
    SQL server
    Cloudflare dynamic DNS updater

    Currently I'm managing 3 voracious internet teens, a hubby and a remote business with it's wordpress site, and my Firewalla is purring along with zero hiccups!

    It might just be a tiny little blue+ box on my desktop...
    But never underestimate what Firewalla can do!

    -1
    Comment actions Permalink
  • Avatar
    Andre Liersch

    Still work in progress, but slowly getting there... overall close to 40 connected devices..

    -1
    Comment actions Permalink
  • Avatar
    Jacek S

    Firewalla GOLD !!!
    WORKS LIKE A CHARM. 
    Previously firewalla RED.

    Running router mode. Directly from ISP. Speed 1Gb download / 50Mbit upload. No data-cap.

    Internet (fiber) in -> Firewalla -> 104 devices on the network + 67 Z-Wave IoT devices (connected to Homey and Fibaro hubs). 

    Backup / failover - LTE router with external antennas on the roof.

     

     

    Optionally, if you are doing anything cool, let us know too:

     

    Having fun with

    - deeper connect

    - bobcat helium miner

    - and 'graphics card' project ;)

    -1
    Comment actions Permalink
  • Avatar
    Simon Street

    Like my character - neat and tidy... or annoyingly fastideous as my wife might say :-)

    Firewalla Blue Plus has been an excellent purchase and addition to our home network.

    Having such flexibility and power in the palm of your hand (via iOS) makes for management of the family's internet usage a breeze. Bringing some sensibility and control around usage. Being able to "switch off" Fortnite gaming at the flick of a switch is the most empowered I've been as a Dad for a long time!

    Enjoy

    Simon

    -1
    Comment actions Permalink
  • Avatar
    anup anand

    Here is my Firewalla Gold running in ROUTER mode. I am using features like WAN Failover, VPN, Port Forwarding, Segmentation and more.

     

    Diagram -

     

    1
    Comment actions Permalink
  • Avatar
    Michael Knoell

    For your convenience I am skipping the words (who reads anyway? just wait for the movie).
    Firewalla in router mode and the required photo (complete with cartoons).

    0
    Comment actions Permalink
  • Avatar
    David Cobaugh

    FWG is currently running in SIMPLE mode. Planning to remove my Unifi USG at some point early 2022 and will keep it around as a backup. (FWG is sitting on the bench -- waiting on an ETSY custom rack mount to have modem and FWG side-by-side).

     

     

    -1
    Comment actions Permalink
  • Avatar
    CWest

    My FWG setup in router mode.

    TP-Link Deco M9 Plus (6 total as AP’s)
    Pentair ScreenLogic Wireless adapter
    AT&T AP for Wireless U-verse Cable box
    Firewalla Gold (Router Mode)
    Arris BGW210 (AT&T Gateway in Passthrough Mode)
    Blank panel
    TP-Link TL-SG108E (VLAN for AP’s)
    Wired hub for sensors
    TP Link TL-SG108E (for wired AT&T Cable boxes)
    Cable management unit
    Patch Panel
    Cable management unit
    HP Procurve 1810G-24 Switch
    CyberPower PDU15M2F12R
    CyberPower PDU15M2F12R
    Blank panel
    Shelf (to help hold some wires)
    2x Tupavco TP302 (strapped to underside of shelf)
    2x APC BN1500M2

    0
    Comment actions Permalink
  • Avatar
    Matt Niswonger

    This is my current home setup with my FWG in router mode.  I average about 75 connected devices and have 8 separate networks (main LAN, Kids, IoT, Guest, WLAN, Docker, Lab, and MGMT) and 3 SSIDs for wireless devices (main, guest and IoT).  So traffic can be inspected I route across networks without any issues, including traffic from my Plex server, backups to my unRAID server, and Lancache for cached games and WSUS updates for my Windows endpoints.  This also keeps broadcast domains small and under control, and to cut down on multicast traffic I use IGMP and MLD snooping on my switch.  I'm currently using an LACP group on my FWG for all of my networks except for my primary LAN and MGMT networks.  All networks start with a zero trust model of block all traffic/to from all local networks and block all traffic from the internet.  To further add to my zero trust model I try to avoid allowing traffic rules on a per-network basis where possible (ex. Allow traffic to/from WLAN to/from LAN) and instead make these rules on a per-group basis so only the devices/users that need this can do so.  I use SQM to shape my internet traffic but also to shape internal traffic across networks (ex. game downloads from Lancache).  I make extensive use of target lists to use with SQM.

    Other devices in the rack are:
    unRAID Server (Xeon E3-1245, 16GB RAM, 9TB array, 5x1Gbps port LAG)
    Gigabit MoCA Adapter for an upstairs bedrooms I haven't yet ran Ethernet to.
    TP-Link OC200 Cloud Controller
    Obi200 VoIP Adapter for Obitalk and Google Voice
    2x PoE injectors (powering 2 TP-Link EAP225 APs)
    TP-Link T1600G-28TS 24-port managed switch
    Arlo Pro camera base station
    APC BackUPS Pro 1000 (average 120 Watts draw)

    In the near future I will be configuring a Wireguard tunnel to my Mom's Firewall Blue Plus to setup rsync jobs between her unRAID server and mine.  I'm also hoping to get my unRAID server to smaller footprint using a low powered Intel CPU in a small form factor so I can be completely fanless and use under 100 Watts.

    0
    Comment actions Permalink
  • Avatar
    Chrisjessee

    I am running in Router Mode on my Firewalla. It is connected to a Netgear Orbi Pro Wifi 6 system. All of which is mounted behind my TV.

    -1
    Comment actions Permalink

Please sign in to leave a comment.