What setup do I need and will it work?
I just came across Firewalla and it seems like this might do exactly what I've been looking for. But to manage my expectations, I'd like to hear if what I want is possible.
My requirements are as follows:
House 1 (mine) and House 2 (my parents)
Both basically have a similar setup.
- 1 Gbps internet connection;
- Synology NAS (2x), security cameras, IoT devices, phones, laptops, WiFi access points, IPTV, HomeAssistant, Philips Hue, etc., basically anything that needs internet is connected somewhere in my network;
- Site-to-site VPN because the NAS at House 1 runs a number of daily back-ups with a NAS at House 2;
- VPN server since I want access to my devices in my network only to be possible when I am connected through VPN, to avoid having to open several ports
- MFA if possible for VPN (or, when using WireGuard, should I not even look into this since you need certificates on the client device anyway?)
- VPN client to connect to NordVPN
- VLAN to start segmenting my network
Because I obviously don't want to limit the speed, I'm considering getting 2x FW Gold.
I understand everything above should work, but will it?
More specifically... can I have a site-to-site VPN connection whilst at the same time running a VPN server on both FW to allow for an incoming VPN connection from let's say my laptop or phone, in case I want to access my NAS? And could I then still have a VPN client active on the FW as well to connect to NordVPN to create a secure tunnel for all the network traffic coming from our house? (I know a bit about networking, but this is too complicated for me, at least at the moment :-D)
Thanks for your input!
-
I can't definitively say it'll all work, but I'm pretty sure it would. I don't have a site to site connection but frequently access my home through the Wireguard server from a laptop at work and at the same time I have devices going through the VPN client (ProtonVPN) so similar in that I have VPN in and out at the same time.
I would suggest not running everything through the VPN client unless there's a reason you want the ancillary devices using it (I route computers and phones out the VPN, but IOT/TVs/ and smart devices I don't see a reason to). You'll take a throughput hit using the VPN https://help.firewalla.com/hc/en-us/articles/360010465893 and may take a bigger hit if NordVPN gets busy.
I see so many people with 1Gbps (or higher) connections, do you ever max it out? I have 100Mbps up/down and even with 85+ devices, multiple videos (tv/laptop/phone) all going at once, rarely max out the download, and only max out the upload overnight when I push backups to the cloud.
-
Thanks for the reply Rich!
Sounds all very promising :-) Maybe somebody else running site-to-site as well in addition to the other things can comment?
And do I max out the connection? Well, actually... :-) when the NAS is doing its backup to the other NAS, then yes. Otherwise with just browsing and watching TV: no.
-
I think everything looks fine except I don't think there is MFA for VPN yet? But maybe it is coming. https://help.firewalla.com/hc/en-us/articles/4554420886163/comments/4813141233811
Please sign in to leave a comment.
Comments
3 comments