Firewalla Gold Plus (4x2.5Gbit) Updates

Comments

188 comments

  • Avatar
    Firewalla

    Project Status:

    • Production finished
    • International orders will be shipped early November.
    • USA orders shipping late November to early December 
    • Beta users shipping now to first week of November

    We will have very limited Early Access before general availability. To register please see https://docs.google.com/forms/d/e/1FAIpQLScEJm9_OKkFD95WI0BQr1vI5Yd1P9g8IzdYzXI3uXYWPNg6EQ/viewform

     

     

     

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    Performance

    Here are some quick examples and test results for the 2.5gbit firewalla performance. Due to the limitations of getting 2Gbit connections, many tests are done via local servers.

    • QoS: fq_codel running
    • PPPoE: using a local PPPoE server

     

    Comcast:

    Here is a quick test on the Comcast 1G plan, and it is pretty cool to get to the 1.3gbit (This is the real Gold Plus, developers edition)

    Server: San Francisco Bay Area - US (mlab3-nuq07.mlab-oti.measurement-lab.org)

    Download: 1291.30 Mbps (data used: 1548.04 MB)

    Upload: 29.01 Mbps (data used: 34.84 MB)

    Latency: 19.98 msJitter: 1.37 ms

    Packet Loss: 0.00%

     

     

    Speed Test Results For General WAN 

     

    WAN: DHCP/Static IP (2.5G)

    • Network Setup
      • Box B sets up DHCP WAN to Box C
      • Box B sets up a LAN, and Box A connects to the LAN port
      • Box B is firewalla plus
    • Run iPerf3 server on Box C
    iperf3 -s
    
    • Run iPerf client on Box A
    # download
    iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800
    
    # upload
    iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
    
    • Test Case Combinations
    Direction QoS Result
    Download      Off      2.35Gbps
    Upload      Off      2.35Gbps
    Download      On      2.3Gbps
    Upload      On      2.3Gbps
    • Monitoring tools
    sudo htop
    bmon -b -p e*,if*
    
     

    WAN: LAG/Bond (2x2.5G)

    • Network Setup
      • Box B sets up two bond interfaces (for WAN & LAN each)
      • Box B is firewalla plus
      • Box A sets up one bond interface. (as WAN)
      • Box C sets up one bond interface. (as LAN)
      • For performance testing purposes, need to set up xmit_hash_policy for all bond interfaces to layer3+4
    • Run iPerf3 server on Box C
    iperf3 -s
    
    • Run iPerf client on Box A
    # download iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800 # upload iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
    • Test Case Combinations
    Direction    QoS    Result
    Download    Off    4.7Gbps
    Upload    Off    4.7Gbps
    Download    On    2.7Gbps
    Upload    On    2.7Gbps
    • Monitoring tools
    • sudo htop bmon -b -p e*,b*,if*

     

    WAN PPPoE (2.5G)

    • Network Setup
      • Box B sets up PPPoE WAN to Box C
      • Box B sets up a LAN, and Box A connects to the LAN port
    • Run iPerf3 server on Box C
    iperf3 -s
    
    • Setup and run high performance PPPoE server on Box C
    • Run iPerf client on Box A
    # download
    iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800
    
    # upload
    iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
    
    • Test Case Combinations
    Direction QoS Result
    Download     Off     1.70Gbps
    Upload     Off     2.2Gbps
    Download     On     1.3Gbps
    Upload     On     1.35Gbps
    • Monitoring tools
    sudo htop
    bmon -b -p e*,p*,if*
    
     
     
     
     
     
     
     
    5
    Comment actions Permalink
  • Avatar
    GamerZer0

    Great!!!

    A much needed upgrade!!!

    Can't wait to pre-order 👍

    0
    Comment actions Permalink
  • Avatar
    Sriram Puppala

    I see a SIM card tray, is there an option for a WWAN card for failover?

    2
    Comment actions Permalink
  • Avatar
    Tim Barnes

    MSRP?

    1
    Comment actions Permalink
  • Avatar
    Chuck

    Been waiting for this have a firewalla gold with a 2 gig connection and it doesn't allow for bonded connections on same vlan so this is the fix!! Really excited to be able to finally use all bandwidth through firewalla instead of splitting it up at the modem and having a gig as DMZ Zone

    2
    Comment actions Permalink
  • Avatar
    Thiel

    Any trade-in program for current Firewalla Gold owners?

    9
    Comment actions Permalink
  • Avatar
    Billy

    I second the inquiry about possible trade in from original gold owners.

    4
    Comment actions Permalink
  • Avatar
    Matt S.

    Will my config from my original gold unit transfer over to the new gold plus unit so I don't have to start from scratch with the config again?   I assume my login to Firewalla will allow this to happen but please verify for us.   I have too many hours invested to want to start over again anytime soon.  

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    I have added many of the questions here in the FAQ section of the above post. 

    We don't have MSRP pricing on this, we will likely increase the product's price as it gets closer to the delivery date. (The same way we did in the past crowdfunding/s) So purchasing early is the best way to get all the savings, please you get to play with it early :)

    0
    Comment actions Permalink
  • Avatar
    John R.

    Will the Firewalla Wi-Fi SD (which I recently added) work with the new product?  Also curious about transferring settings from existing Firewalla Gold. As someone else mentioned, will there be a trade in program for an existing Firewalla Gold? Tempted to keep existing as a backup but would also think about trade in.

     Thanks!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @John, please scroll to the top; the FAQ section has answers to all of these. 

    0
    Comment actions Permalink
  • Avatar
    Steven

    I want to second the SIM slot.  There are a number of situations where I want to have multiple carriers (fiber / coax as well as cellular (ATT / Verizon) for active active and active / passive internet connections where I do not want to tether my cell phone during a failover.  Please leave the SIM slot for future software capabilities and features. 

    2
    Comment actions Permalink
  • Avatar
    R

    With dual WAN setups we have one less port leaving us with only the two LAN ports.

    Why the PCB design have not added 5th Ethernet port yet?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @R more port will require more PCI lanes. There isn't enough on this CPU for a 5th port. 

    @Steven, will leave the SIM there. This SIM needs a special modem, so it may not work just come out of the box. WiFi SD is probably the better solution

    0
    Comment actions Permalink
  • Avatar
    J C

    @Firewalla, 

    Which Intel CPU is being used in the Gold Plus? When should we expect to see super early bird discount coupons in our inboxes? Any chance migration of VPN configuration will be available by the time of release of the Gold Plus?

     

    Thanks for the amazing community engagement. I'm looking forward to waking up early to place my pre-order.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    @JC/ CPU is J4125, coupon should be send out Friday 8/19 or Sat 8/20. Let me ask the developers and see if they can migrate the VPN configurations. I know they will be working on it in 1.52 release

    1
    Comment actions Permalink
  • Avatar
    J C

    Thanks @Firewalla. I'm in, even if I do have to recreate my Wireguard connections. The wireguard implementation in Firewalla is very efficient. 

    0
    Comment actions Permalink
  • Avatar
    sarkawt

     what is a different between them  Gold Plus vs Gold vs Gold Ver B   

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    @sarkawt

    Gold Original vs Gold B is here https://help.firewalla.com/hc/en-us/articles/5001754775827-What-is-the-Firewalla-Gold-Rev-B-

    And Gold Plus is a completely new board that's optimized towards 2.5gbit traffic. 

    All three are the same form factor and fit in the same fanless chassis. 

    1
    Comment actions Permalink
  • Avatar
    Richard Hastie

    Gold Plus has 4x2.5Gbit interfaces and 5Gbit of packet processing. Is the quoted packet processing performance an aggregate and as such will the individual interfaces be able to achieve 2.5GBit line rate? Or will the interfaces only be able to achieve a lower-performance eg. 4x1.25Gbit totaling the 5Gbit packet processing stated? The former is obviously much more preferable to the later... 

    0
    Comment actions Permalink
  • Avatar
    David J Cuccia

    Very exciting. Firewalla keeps nailing their products, and the marcom is unbelievably good.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Richard, I have updated the comments for performance.  

    1
    Comment actions Permalink
  • Avatar
    J C

    @Firewalla, fantastic performance data. Thank you for sharing. Just to help provide a bit more visibility to potential performance, will the Gold Plus be using Intel i225V NICs? Will they be at least stepping 3? 

    I'm hoping this is the case. The i225Vs NICs are very performant with the J4125 CPU.

    This could be shaping up to be a great router that could be perfect companion for one of the many different high performance WiFi 6E solutions like the Eero 6E or the UniFi 6 Enterprise mesh APs that have 2.5 GbE ports.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    The ethernet MAC is i225 (not sure it is V or not); these things are expensive but can offload much better than the cheaper MAC's. 

    0
    Comment actions Permalink
  • Avatar
    R

    I can see PCI lanes is the limit. Instead of adding 5th Eth port, please post a tutorial how to merge the two Firewallas. Keeping the Gold and adding Gold Plus onto existing network.

    Please post some suggestions how to connect the two in tandem, for example if we could efficiently bridge the two units together, we could possibly hook one more WAN or use existing Gold as a VLAN aware switch... Would the Gold Plus be setup in router mode while the older unit will need to be configured as DHCP or something else? Prepare some article with suggestions and sample diagrams.

    I asked in the past, can the developers finally separate the WAN management regarding (automated) Speed Test? We should schedule and see pings, DNS test, and speeds per EACH WAN.

    In the "Flows" I also asked in the past, I need to see which WAN the traffic were sent through for diagnostic purposes to prove the Static Rule did work as intended.

    Can we have ability to configure one password per VPN provider instead of each connection (the same credentials need to be re-entered). It is so hard on the phone doing this and switching screens constantly while copying and pasting. First, let us create a VPN provider profile with the credentials, not the connection profile. Then we create a connection profile and choose which provider it is related to.

    Can VPN management we finally available on the desktop web interface if we have to keep entering and pasting users and passwords all the time on the phone. It would be easier if you don't want to make management on the phone app simpler?

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    @R, there are many ways to use firewalla's for sure. For example, we usually create secondary networks within our network using the gold for testing and isolating dangerous things. (for example, experiment with bad sites ...) The gold also works really well if you dedicate it as a wireguard VPN Server. 

    As of multi-wan, I just forwarded your suggestions to our dev.

    1
    Comment actions Permalink
  • Avatar
    Bryce

    Are there procedures in place to allow a max number of pre-orders per person? I tried right at opening and they were immediately sold out. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Bryce, pre-order starts 8/23/2022 8AM pacific time ... you will have to wait for that time to order.

    2
    Comment actions Permalink
  • Avatar
    Mike

    Hello,

    I signed up for the super early bird around midnight on the 19th, but haven't received a coupon, does this mean I was too late to get it, or is are they still being sent out?

     

    Also, are you looking for any beta testers with multi-gig internet?

     

    Thanks!

    0
    Comment actions Permalink

Please sign in to leave a comment.