Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

What setup do I need and will it work?

Follow
Avatar
Stefan
  • Edited

I just came across Firewalla and it seems like this might do exactly what I've been looking for. But to manage my expectations, I'd like to hear if what I want is possible.

My requirements are as follows:
House 1 (mine) and House 2 (my parents)
Both basically have a similar setup.

  • 1 Gbps internet connection;
  • Synology NAS (2x), security cameras, IoT devices, phones, laptops, WiFi access points, IPTV, HomeAssistant, Philips Hue, etc., basically anything that needs internet is connected somewhere in my network;
  • Site-to-site VPN because the NAS at House 1 runs a number of daily back-ups with a NAS at House 2;
  • VPN server since I want access to my devices in my network only to be possible when I am connected through VPN, to avoid having to open several ports
  • MFA if possible for VPN (or, when using WireGuard, should I not even look into this since you need certificates on the client device anyway?)
  • VPN client to connect to NordVPN
  • VLAN to start segmenting my network

Because I obviously don't want to limit the speed, I'm considering getting 2x FW Gold.
I understand everything above should work, but will it?
More specifically... can I have a site-to-site VPN connection whilst at the same time running a VPN server on both FW to allow for an incoming VPN connection from let's say my laptop or phone, in case I want to access my NAS? And could I then still have a VPN client active on the FW as well to connect to NordVPN to create a secure tunnel for all the network traffic coming from our house? (I know a bit about networking, but this is too complicated for me, at least at the moment :-D)

Thanks for your input!

 

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    Rich T.

    I can't definitively say it'll all work, but I'm pretty sure it would. I don't have a site to site connection but frequently access my home through the Wireguard server from a laptop at work and at the same time I have devices going through the VPN client (ProtonVPN) so similar in that I have VPN in and out at the same time.

    I would suggest not running everything through the VPN client unless there's a reason you want the ancillary devices using it (I route computers and phones out the VPN, but IOT/TVs/ and smart devices I don't see a reason to). You'll take a throughput hit using the VPN https://help.firewalla.com/hc/en-us/articles/360010465893 and may take a bigger hit if NordVPN gets busy.

    I see so many people with 1Gbps (or higher) connections, do you ever max it out? I have 100Mbps up/down and even with 85+ devices, multiple videos (tv/laptop/phone) all going at once, rarely max out the download, and only max out the upload overnight when I push backups to the cloud. 

    0
    Comment actions Permalink
  • Avatar
    Stefan

    Thanks for the reply Rich!

    Sounds all very promising :-) Maybe somebody else running site-to-site as well in addition to the other things can comment?

    And do I max out the connection? Well, actually... :-) when the NAS is doing its backup to the other NAS, then yes. Otherwise with just browsing and watching TV: no.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    I think everything looks fine except I don't think there is MFA for VPN yet? But maybe it is coming. https://help.firewalla.com/hc/en-us/articles/4554420886163/comments/4813141233811

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post