add firewalla to small office using xfinity business
I am new to firewall appliances.
So far Firewalla appears to be a good choice for a small company.
To clarify my understanding:
My current setup is an xfinity modem/router (with wifi) to a 12 port switch.
10 ports to individual pcs, 1 port to an access point located in a back shop. Currently the access point services 1 wireless pc, maybe more to come. Occasionally, wireless access (office) to the internet is gained via the wifi on the xfinity modem/router.
I am told by xfinity that their modem/router cannot be replaced by an outside vendor because we have a static ip. This seemed to be confirmed by an internet search.
I would need to keep the xfinity modem/router, then connect to Firewalla, then to the switch, then pcs and access point. Any office connection to the modem/router wifi would NOT be protected as Firewalla would be behind the xfinity modem/router. I would need to add another access point to the switch behind the Firewalla, and not use the xfinity wifi, correct?
Firewalla Blue, Blue Plus, Purple or Gold? Future VPN access from home to office would be nice, currently access via google remote (formerly used ms remote desktop but xfinity removed the port forwarding)
Purple would give wifi? (lost bypassing xfinity)
Does Firewalla get software updates to keep current?
A cell phone is the only option to manage Firewalla?
I am remote to the office, no management via web interface, Firewalla management needs to be local, correct? Any plans for update for web management?
Your recommendations are greatly appreciated.
-
A cellphone or tablet is needed for the first configuration (pairing) of firewalla. You can pair more devices like cellphones or tablets to firewalla, the pairings are slightly different from the first pairing (scan the QR-Code from the 1st phone not from the box itself).
And there's a webinterface, currently in beta state, but i love it. You need to go to my.firewalla.com via browser and then open the firewalla app and use the option "firewalla web". on the browser, you'll see a QR-Code, just scan it with the phone and you'll get ready to log in. Phone is still needed, but not the only way to configure firewalla. Some things are much better to set up / configure with big screen and full keyboard instead of the "mouse-cinema" of smartphone-display.
You don't need to be local (inside your LAN) to configure firewalla. The app and also the webinterface will be possible everywhere outside.
You can also login to the firewalla box through ssh (direct access needed, either LAN or VPN). I just played a bit with bmon, so i didn't find out if i could do some configurations there.
firewalla purple and gold are working another way than red, blue and blue+ devices.
gold and purple are "real" routers which are splitting the network in WAN and (V)LAN. Red, blue (+) are just plugged into the network and don't "split" the network. In simple mode, the red and blue (+) devices try to redirect the traffic to and from internet.
-
Beyond the initial configuration via bluetooth In order to manage your firewalla it must be connected to the internet. It does not matter if you are sitting next to it or if you are 3000 miles away the firewalla must be connected to the internet in order for you to manage and access it. If firewalla disconnects from the internet then you lose access and if you don't have the firewalla generated SSH password then you cannot login to the box even if you are local because you need the SSH password for both local AND console access. But fret not you can regain access by using the Hardware Troubleshooting feature on the app which uses Bluetooth to establish the connection. Firewalla has clearly stated that the webUI is considered a feature but not the core component for device administration. I would suggest taking the app as the primary method for device configuration and only look to the web UI as a reporting and viewing platform
Please sign in to leave a comment.
Comments
3 comments