Scheduled auto-reboot
-
Where do they recommend that?
We do not recommend rebooting the firewalla. Firewalla unlikely traditional consumer routers, is a pretty intelligent device. It stores states and also learns from your interactions with it. It has a short-term memory and a long-term memory. If you reboot it, it may have to accumulate the short-term interactions with you. (example, your interactions with alarms)
-
Thanks for sharing. That guidance from the NSA is mainly aimed at typical consumer routers. With Firewalla, routine rebooting isn't necessary due to its architecture, automatic updates, and built-in protections.
For more details, please see our recently published article: https://help.firewalla.com/hc/en-us/articles/50733102793491-Do-I-need-to-reboot-Firewalla-once-in-a-while
-
If you run the NSA article and firewalla’s response through LLM: Firewalla’s advice is technically sound for their specific architecture, but it highlights a fundamental philosophical divide in cybersecurity: State Retention vs. Volatile Sanitisation.
Because Firewalla is more of an Intrusion Prevention System (IPS) than a "dumb" home router, here is why their recommendation differs from the NSA’s general rule.
1. Learning Models and "Cold Starts"
Firewalla uses machine learning to build a baseline of your "normal" network behaviour.
• The Logic: If it sees a sudden burst of data to a server in a different country, it compares that against its "short-term memory" of your habits.
• The Penalty: Rebooting clears the active cache. While the "long-term" database is saved to the eMMC (permanent storage), the immediate, high-speed lookup tables in the RAM are lost. A reboot forces the device to spend time re-indexing and re-learning current patterns, which can lead to a temporary spike in "false positive" alarms or slightly degraded inspection speeds while the cache rebuilds.
2. The Persistence Argument
The NSA’s "Reboot Weekly" advice is a blanket safety net for the average user with a cheap, unpatched ISP router. Those devices are easily compromised and rarely updated.
Firewalla operates differently:
• Read-Only Root File System: Firewalla uses a more secure OS structure where the core system is read-only. This makes it much harder for malware to achieve "persistence" (surviving a reboot) or even to execute in the first place.
• Active Patching: Unlike a standard router that requires a manual reboot to apply firmware, Firewalla updates its security signatures and engine in the background without needing a full system power cycle.
3. When the NSA Advice Still Wins
Despite the manufacturer's claim, there are two scenarios where you should ignore them and pull the plug:
• Memory Leaks: No matter how "intelligent" a device is, it runs on code. Over months of uptime, processes can hang or leak memory (RAM). If the app feels sluggish or your throughput drops, a reboot is the only fix.
• Targeted Attacks: If a highly sophisticated, fileless exploit does manage to hook into the Firewalla’s kernel memory, it will stay there until the power is cut. Intelligence doesn't make RAM non-volatile.
The Verdict
You should not reboot a Firewalla weekly. It isn't necessary for "digital hygiene" in the same way it is for an iPhone or a budget Netgear.
Only reboot the Firewalla if:
1. You are experiencing unexplained latency or app connectivity issues.
2. You have just moved the device or changed your ISP.
3. There is a known, critical vulnerability in the Linux kernel (which Firewalla runs on) that specifically requires a reboot to patch.
In short: Trust the Firewalla team on this one. Their device is a specialised security appliance, not a consumer-grade toy.
Please sign in to leave a comment.
Comments
4 comments