Enquiry
Dear Firewalla community
I am currently designing an enterprise-grade network architecture for a new retail supermarket and would like to validate whether the Firewalla Gold Pro (or highest available tier) is suitable to act as the primary firewall and Layer-3 gateway for this environment.
High-Level Environment Overview
The proposed design supports 55+ concurrent users and includes:
-
19 Cloud ERP users
-
36 additional Microsoft 365 / internet users
-
Segmented VLAN architecture for:
-
Office users
-
Cloud ERP users
-
POS / payment systems
-
Printers
-
CCTV / IoT
-
Guest Wi-Fi (internet only)
-
-
Primary internet: Business-grade microwave link (target 250 Mbps symmetric)
-
Secondary internet: 4G/5G backup with automatic failover
-
Switching: Cisco Catalyst (Layer-2) switches
-
Wireless: Ubiquiti UniFi Wi-Fi 6 access points on a dedicated UniFi switch
-
All inter-VLAN routing, security policy enforcement, and WAN failover handled centrally by Firewalla
Intended Firewalla Role
The Firewalla device would be required to:
-
Act as the single Layer-3 gateway for all VLANs
-
Terminate 802.1Q VLAN trunks from Cisco switches
-
Enforce zero-trust inter-VLAN firewall policies
-
Provide IDS/IPS, DNS filtering, and threat detection
-
Support QoS / traffic prioritization (ERP Cloud and Microsoft 365 over guest traffic)
-
Handle multi-WAN failover (microwave primary, cellular backup)
-
Support VPN access for controlled vendor and IT support
Information Requested
Could you please advise on the following with respect to Firewalla Gold Pro / highest tier model:
-
Throughput & Performance
-
Sustained throughput with IDS/IPS enabled (approx. 250 Mbps symmetric)
-
Practical VLAN count and inter-VLAN routing performance
-
Any known performance considerations with ~7 VLANs and ~60 endpoints
-
-
VLAN & Switching Compatibility
-
Best-practice integration with enterprise switches (e.g. Cisco Catalyst)
-
Any known limitations with 802.1Q trunking in multi-VLAN environments
-
-
QoS & Traffic Shaping
-
Level of application-aware QoS available (particularly for ERP and Microsoft 365 traffic)
-
Ability to deprioritize or rate-limit guest Wi-Fi traffic
-
-
WAN Failover & Stability
-
WAN health monitoring methods used for failover decisions
-
Typical failover time between primary and secondary links
-
Suitability for microwave-based primary links
-
-
Operational Considerations
-
Recommended sizing for this type of environment
-
Any design constraints or scenarios where you would recommend an alternative Firewalla model or architecture
-
Thank you in advance for your time and support. I look forward to your technical feedback.
-
Thanks for your interest, you can check out below documents to help you better understand what Firewalla can achieve:
-
Throughput & Performance
-
VLAN & Switching Compatibility
-
QoS & Traffic Shaping
-
WAN Failover & Stability
-
WAN health monitoring methods used for failover decisions - Network Performance and Quality Monitoring
-
Typical failover time between primary and secondary links - It depends on how it takes Firewalla detects the Primary is down and Secondary is active. Should be fairly quick within 1 or 2 minutes.
-
We support Ethernet WAN link (native) and WiFi WAN via WiFi SD. At the moment, Firewalla supports 2 WANs at the same time: Firewalla Feature Guide: Multi-WAN
-
-
Operational Considerations
-
Recommended sizing for this type of environment - what's the specific sizing you meant here?
-
How to Secure Your Network with Firewalla (Part 4): Zero Trust Network Architecture
-
-
Please sign in to leave a comment.
Comments
1 comment