MyFirewalla Retirement.... just an MSP upsell scheme?
I think before you start forcing people onto MSP you should at least give them the ability to fully manage their box before trying to upsell them on other stuff. We have another product in our home network that also does a lot of what our Firewallas do and there is full access to do everything not only from the web browser interface, but even to do it locally.
I shouldn't need to pay a subscription for anything to be able to do what my phone app can do in a web browser, no to mention some tasks would be just plain easier for a user to do through a computer; and the myfirewalla interface has been lacking in functionality for a long time now.
-
MSP was created to manage security and store flows for future analytics. It was never meant to be (although ... it is becoming) a single box configuration interface. At $3 per month, I assume this is really something that affordable, and at the same time helps us pay AWS. Plus, you get some awesome data analytics.
Many of you wanted 2FA for the old my.firewalla, the only way for a 'free' 2fa is go through the msp. (yes ... with aws a simple thing like 2fa cost money).
-
This addressed none of my points, just looks like a justification.
You're selling a security and management device that has 50% or more of its functionality / configuration options locked behind the user needing to do it clumsily on a phone. I was happy enough with MyFirewalla as a hopefully temporary thing, although the login process was a bit annoying, but overall I put up with it because you were at least slowly adding functionality to it, and I expected at some point it would become a fully useable interface that could do everything the phone could do.It's garbage, man. These are products that start a $269 and only go up in price, it's not too much to expect a fully functional interface that I don't have to squint at or fat finger on a phone to use. A cheap home router has more a more accessible interface than this.
Just sell people the subscription if they want the 2FA, there's no reason I need to pay to be able to manage my Networks, VPN Client Profiles, and look at Events/Network performance on a desktop.
Thanks.
-
my.firewalla.com -> MSP Lite with 2FA is free ... there is no additional cost to it. This MSP Lite (my.firewalla.com) is still a proxy service and has no memory, so its capabilities are limited. (also per request from our users, who doesn't want stored data in cloud)
The subscription is for MSP + extra flow storage (starting $3 per month) (This service has memory and can process data in parallel with your firewalla) We can't make this any cheaper, since aws is not free
-
My concern isn't 2FA or the price of an extra service like -that-. It's that you are stopping development of my.firewalla.com and moving customers to the MSP, which has functionality that any home user would expect to be basic and included for any device of this class, locked behind a paywall even though that functionality is already included in the phone app. You have taken what USED to be standard functionality and actually tried to reverse the business model, wherein people would actually pay extra for a mobile access to manage things.
if you're going to be willingly obtuse to the points I am making than I am just not going to purchase anymore products from you.
-
ok... so you retire a working interface and require us to sign up for this garbage after spending over a grand for this... and 2fa if you pay extra... this was supposed to be great for security and now you force us to install holes? can I get a refund because you are removing features and making the whole system insecure? I got a gold pro and 2 access points and now they are insecure garbage
-
MSP Lite has all the same free features as My Firewalla, but with a new, updated look to match the rest of Firewalla MSP. Just with the unified codebase as paid MSP subscriptions, MSP Lite also supports additional minor features and enhanced security, including email authentication before accessing your Firewalla and two-factor authentication support.
In short words, we keeps the free web interface for users while making it more secure than before. More info can be found: Firewalla MSP Lite (previously my.firewalla.com). -
Here is what it should be... A local web interface. The phone app is poorly designed, requiring you to do everything on a tiny screen. We therefore must use the web app. A web app to configure a router MUST NEVER rely on the internet. (Even more so on AWS or any large, prone to failure and taking down the entire internet service) It must be available when the router is not connected to the internet so we can use it to troubleshoot the router. You also don't get to charge the user for the web interface... GLinet gives a built in web interface that works offline. Netgear, Trend-net, Sodala, and everyone else include a built-in to the device, web interface that works while the router is not connected to the internet, and is able to fully configure the device. Do most offer phone apps to augment the setup? Yes. Do they require it? No.
I mean if I wanted to complain about something I thought it would be how the free PiHole software surpasses the firewalla with every feature that the PiHole provides. Not how we still do not have a proper working web interface... and on the several times I have used the new one it asking each time to pay money on connection and throughout the 'new' interface... it is only new because of location, everything else is dated...
And do not brag about adding "email authentication" which is only slightly more secure than sms authentication... also known as INSECURE... Anything that travels through the internet is at some level insecure and everybody who knows anything about security knows this... Even tor isn't 100% secure.
You didn't do this for the users... You (as a company) did it as a forced cash grab after charging a premium for the hardware and software... I mean... the router is running software for a raspberry pi... the user is even named 'pi" -
Here is the reason for not having a "local web interface" from article: https://help.firewalla.com/hc/en-us/articles/360052779253-Firewalla-MSP-Lite-previously-my-firewalla-com
Why not have a local web interface instead?
When we started Firewalla, we wanted everything to be both simple and powerful, which is why we built a dedicated mobile app.
We wanted the presentation layer (UI) to be separate from the control logic. In other words, the interface and core control logic are never running on the same box. Most attacks are web-based, and adding another local web layer would increase complexity and risk. Keeping them separate helps ensure stronger security.
A cloud-based web interface also allows us to release features faster. Each Firewalla box release takes around 3 to 5 months. We did a monthly data overview feature on the web, and it took us just two days to release the UI.
From a software architecture perspective, having the UI outside of the firewall will make it more efficient and secure.
-
Thank you Bill Lafreniere & ZB01 Second/Thirded and upvote!!! I would have never purchased the gold if I had known I would be forced to use a phone app as the primary interface (as that was before MSP) and also relying on bluetooth seems counter to the whole security mantra and branding....
-
Since to use the WEB(AWS) hosted app or the phone app the firewall requires a connection to the internet any so called security boosts are a lie. The box is on the internet... The box can be configured from the internet... How does that beat a local access only http(s) interface that is not exposed to the internet?
I had to make a new account online to manage my router... that is a security issue waiting to happen... And another account so I could post here... that would be another potential security issue. And then your web app constantly pesters for a paid subscription... If I subscribe then your site has my banking/credit card info... For something that should be built in to the router that seems to be a lot of security holes you are forcing on me...
And concerning having the GUI and management features on different systems... that is no help in the least. If the router crashes neither app is useful. If the internet goes down I am again out of luck... if AWS takes down the actual internet again I am out of luck... And a Bluetooth connection is even less secure than wifi...
What are the 3rd party options for software for the router and access points? At a minimum they can be configured and are more secure than the raspberry pi software we have running on the Firewallas... I would have thought at a minimum you guys would have renamed the primary user account on the free software you are using to power these things... -
So, 1980cyber... if you actually read the posts, you would see that the $3 isn't the issue. Even if they stopped the constant pestering to 'Upgrade' within the free interface, the core problem remains: functional regression.
When Firewalla started, their software ran on Raspberry Pi hardware. Back then, those boards had such limited RAM and CPU overhead that offloading the UI to the cloud was a technical necessity. But my Gold Pro is a full-fledged x86 computer. The 'lack of resources' excuse is dead, yet the company is still clinging to a management model born out of hardware limitations from a decade ago.
The claim that a cloud-hosted UI is 'more secure' is a logical fallacy. You are telling us that a local-only, non-WAN-exposed HTTPS interface is a risk, yet you require us to:
-
Open a hole to AWS just to manage local settings.
-
Trust a third-party cloud provider (and their 2nd-party authentication) with the 'keys' to our gateway.
-
Rely on an active internet connection to fix a router that might be offline because it needs a configuration change.
If security was the priority, you wouldn't be shipping a 'Pro' device that still uses the default
piuser account—a remnant of the hobbyist software this system was built on. This move to the MSP model isn't about protecting the user; it’s about monetizing the web interface because you’ve realized that power users are tired of 'squinting' at a phone app to do professional-grade networking.We paid a premium for hardware so we wouldn't have to be the product. If I wanted a cloud-tethered subscription box, I would have bought a consumer Eero. I bought a Firewalla for control, and now you're taking that control and putting it behind a 'Lite' proxy with an 'Upgrade' button.
-
Please sign in to leave a comment.
Comments
13 comments