New Installation with Gold Plus and AP7
Decided to take the Firewalla leap and replace most of the equipment in my townhouse, looking to get everything squared away over the next few weeks in anticipation of picking up and moving it to a new place this summer. As I am setting everything up, I have noticed a few things that just don't make sense and can't tell if it is a me thing or a Firewalla-ism that I just missed when doing my research.
Gold Plus + AP7 Desktop
So the Gold Plus has the ability to be its own router, which makes sense, but range seems minimum which I am not surprised on based upon its size and ultimate purpose. I purchased an AP7 to serve as an access point to extend range to a different part of the house, but upon initiating setup I noticed that the first AP7 needs to be connected via ethernet to the Gold Plus for it to run. Doesn't that defeat the purpose of adding the access point, unless I am running a couple hundred feet of CAT to put the AP7 where I need it?
Q1. Is there a way to use the AP7 within a mesh network with the Gold Plus? Or will I need to buy a second AP7 to accomplish the mesh network?
What Happens to Gold Plus Router Function
So as of now, I have my Gold Plus hooked up, with the AP7 hard wired in, sitting about 10 feet apart. From what I see in the Firewalla app, it looks like the AP7 is the one pushing out SSIDs. Not to mention, when installing it, it had me delete the wireless networks I initially created on my Gold Plus.
Q2. When coupled with one (1) AP7, does Firewalla disable wireless functions and rely on the AP7 to serve in that function?
Separate Guest WiFi Network
The last thing I was hoping to do was create an entire separate WiFi network for Guests or dedicated to work assets. Now I am not talking about a VLAN with separate SSID, but a full network solely for when people need access. In the app, it has a template to create one, but since I already have a WiFi network created using the AP7, it will not let me create another individual network.
Q3. Does Firewalla not allow multiple individual networks with separate WiFi vice one overarching network with multiple SSIDs via VLANs to segment?
Q4. Since the AP7 is currently pushing the WiFi, why can't I have the Gold Plus push a separate WiFi network?
Am I just over thinking this? Or is what I am looking to accomplish 'reasonable'?
-
Sounds like you are using WiFi SD on your Gold Plus for WiFi in the first place. The main purpose of WiFi SD is using in conjunction with Firewalla boxes to enable you to tether to your phone (or another Wi-Fi hotspot) when your main network is down, in order to keep your network running even during connection hiccups. While it does also support a WiFi LAN network, it's WiFi range and capability is very limited, as it's not designed to act as a WiFi AP.
You can't have a WiFi network via WiFi SD and have an AP7's WiFi at the same time. (WiFi WAN via WiFi SD + AP7 would be fine). AP7 can't form a mesh with WiFi SD's LAN WiFi. Gold Plus is an ordinary router and doesn't have any built-in WiFi interface; therefore, the first AP unit always needs to connect to Gold plus via ethernet.
If one AP7's range isn't enough, you can get additional AP7 unit(s) to form a mesh via either Wired or Wireless backhaul. Check more in Additional Firewalla Access Points.
Here's an example on creating Guest WiFi with AP7: Example 1: A Simple Guest Network. AP7 can have multiple WiFi SSIDs. You can assign different WiFi SSID to same/different networks. But the network used must be configured on/include the trunk port physically used by your AP7. Example:- AP7 is physically connected to Gold plus port 1
- LAN 1 is configured on port 1 and port 2
- VLAN 2 is configured on port 1 and port 2
- LAN 3 is configured on port 3
- AP7's WiFi can be assigned to LAN 1 and VLAN 2, but NOT LAN 3 as it doesn't use port 1
If I get you wrong in the last part of your post, please share more details about "it will not let me create another individual network".
-
Thanks for the response back.
I have WiFi SD installed on the Gold Pus, but it is not running at this time, as I have established the connection via my phone hotspot yet. Just wanted the equipment there in case I needed it.
Gold Plus is an ordinary router and doesn't have any built-in WiFi interface; therefore, the first AP unit always needs to connect to Gold plus via ethernet.
That is what I needed to hear. I am shocked that it is just 'ordinary' and not possess any additional interface, since routers 5+ years ago possessed this technology and is pretty standard for most ISPs and COTS products. Does Firewalla have any products that have WiFi interface? Any plans to in the future?
As for the last part of my post, here is the current laydown of my setup as we speak:
- AP7 is physically connected to Gold Plus port 3
- Lan 1 is my Main Network, configured on port 2 and 3, and is tied to WiFi
- VLAN 1 (IoT) is configured on port 2 and 3, and is tied to WiFi
- I currently have a VLAN 2 (Guest) which is configured on port 2 and 3, and it tied to WiFi as well (Broadcasting its own SSID).
I would rather have a LAN 2 that is set for Guests (or work) configured to port 1 AND is tied to its own WiFi. I can create it and set it to Port 1, but WiFi broadcast doesn't seem possible unless I also configure it to port 3, which I was trying to prevent.
Shouldn't I be able to have it tied to port 1 and enable WiFi as well to keep those two networks totally separate...Or am I limited due to the equipment (Router v. WiFi interface) and need to keep as a VLAN and set a rule to block traffic across those networks?
-
We just have Orange launched. It's still in pre-sale phase as of the moment. Check more at: https://help.firewalla.com/hc/en-us/community/posts/46216277280787-Introducing-the-Firewalla-Orange-All-in-one-Firewalla-Dual-Band-Wi-Fi-7.
During this initial launch, Orange cannot mesh with AP7, as it cannot run two sets of Wi-Fi simultaneously (AP7 and Orange native Wi-Fi). However, in a future enhancement, we will allow Orange and AP7 to work together in the same Wi-Fi Mesh.You can compare Orange and Gold Plus via Guide: How to Choose between Different Firewalla Products. Note: Orange may not be listed yet, but it has similar hardware as Purple.
A network has to include the port that AP7 is wired to, in order to be assigned with WiFi. AP7 needs to communicate with AP controller via the trunk port.If the WiFi network contains more than one port, then the set of ports has to be used together if you want to create additional VLANs. i.e. you have port 2 and port 3 (AP port) configured on a LAN, then additional VLANs must also have both port 2 and 3.
By default, all Firewalla (V)LAN networks can communicate with each other. No matter if you use Port-Based Segmentation or VLAN-Based Segmentation. You need to setup rules to block traffic between different (V)LANs: Local Network. AP7 has exclusive VqLAN feature which can manage local traffic between WiFi devices easier: VqLAN: Firewalla Microsegmentation.
Please sign in to leave a comment.
Comments
3 comments