Firewalla Gold Plus (4x2.5Gbit) Updates
The Pre-Sale is over as of 12/6/2022. The Firewalla Gold Plus can now be ordered like any other Firewalla product.
The Firewalla Team is proud to bring you the Firewalla Gold Plus Pre-Sale.
- 4 x 2.5 Gbit Ports
- 4GB RAM
- Packet Processing 5 Gbit
- Same great software as the Gold
- This unit is perfect for the fast internet of the future.
Pre-Sale Starting: 8/23/2022 8 AM Pacific Time
- Product page https://firewalla.com/goldplus
Other Facts:
- The unit price will increase as we are closer to the shipping date.
- Tentative Shipping Dates: 1/12/2023 to 2/25/2023. If we reach 200% of the minimum order, shipping date: 12/12 to 1/12/2023
- Shipping is first come, first serve
Presale terms:
- The is a presale, your credit card will be charged after ordering the unit.
- You can cancel the order before it is shipped for a full refund. (email help@firewalla.com)
- When the unit is shipped, you will receive a tracking number.
- All units can be returned within 30 days.
FAQ:
Will there be a trade-in program?
Unfortunately no, we do not have the capability to create such programs.
Will WiFi SD work with the Gold Plus?
YES!
Will I be able to migrate settings?
Yes, you can. We will likely enhance this so more configurations can be migrated. https://help.firewalla.com/hc/en-us/articles/360015356093-How-to-migrate-data-from-one-Firewalla-Box-to-another-
SIM Slot?
This board does not have cell support. The SIM slot is just left over on the prototype board. It will likely get removed when manufacturing.
9/27 Final Sample
-
Project Status:
- Production finished
- International orders will be shipped early November.
- USA orders shipping late November to early December
- Beta users shipping now to first week of November
We will have very limited Early Access before general availability. To register please see https://docs.google.com/forms/d/e/1FAIpQLScEJm9_OKkFD95WI0BQr1vI5Yd1P9g8IzdYzXI3uXYWPNg6EQ/viewform
-
Performance
Here are some quick examples and test results for the 2.5gbit firewalla performance. Due to the limitations of getting 2Gbit connections, many tests are done via local servers.
- QoS: fq_codel running
- PPPoE: using a local PPPoE server
Comcast:
Here is a quick test on the Comcast 1G plan, and it is pretty cool to get to the 1.3gbit (This is the real Gold Plus, developers edition)
Server: San Francisco Bay Area - US (mlab3-nuq07.mlab-oti.measurement-lab.org)
Download: 1291.30 Mbps (data used: 1548.04 MB)
Upload: 29.01 Mbps (data used: 34.84 MB)
Latency: 19.98 msJitter: 1.37 ms
Packet Loss: 0.00%
Speed Test Results For General WAN
WAN: DHCP/Static IP (2.5G)
- Network Setup
- Box B sets up DHCP WAN to Box C
- Box B sets up a LAN, and Box A connects to the LAN port
- Box B is firewalla plus
- Run iPerf3 server on Box C
iperf3 -s
- Run iPerf client on Box A
# download iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800 # upload iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
- Test Case Combinations
Direction QoS Result Download Off 2.35Gbps Upload Off 2.35Gbps Download On 2.3Gbps Upload On 2.3Gbps - Monitoring tools
sudo htop bmon -b -p e*,if*
WAN: LAG/Bond (2x2.5G)
- Network Setup
- Box B sets up two bond interfaces (for WAN & LAN each)
- Box B is firewalla plus
- Box A sets up one bond interface. (as WAN)
- Box C sets up one bond interface. (as LAN)
- For performance testing purposes, need to set up xmit_hash_policy for all bond interfaces to
layer3+4
- Run iPerf3 server on Box C
iperf3 -s
- Run iPerf client on Box A
# download iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800 # upload iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
- Test Case Combinations
Direction QoS Result Download Off 4.7Gbps Upload Off 4.7Gbps Download On 2.7Gbps Upload On 2.7Gbps - Monitoring tools
- sudo htop bmon -b -p e*,b*,if*
WAN PPPoE (2.5G)
- Network Setup
- Box B sets up PPPoE WAN to Box C
- Box B sets up a LAN, and Box A connects to the LAN port
- Run iPerf3 server on Box C
iperf3 -s
- Setup and run high performance PPPoE server on Box C
- Run iPerf client on Box A
# download iperf3 -c <box_c_LAN_ip> -P4 -R -Z -t 1800 # upload iperf3 -c <box_c_LAN_ip> -P4 -Z -t 1800
- Test Case Combinations
Direction QoS Result Download Off 1.70Gbps Upload Off 2.2Gbps Download On 1.3Gbps Upload On 1.35Gbps - Monitoring tools
sudo htop bmon -b -p e*,p*,if*
-
Been waiting for this have a firewalla gold with a 2 gig connection and it doesn't allow for bonded connections on same vlan so this is the fix!! Really excited to be able to finally use all bandwidth through firewalla instead of splitting it up at the modem and having a gig as DMZ Zone
-
Will my config from my original gold unit transfer over to the new gold plus unit so I don't have to start from scratch with the config again? I assume my login to Firewalla will allow this to happen but please verify for us. I have too many hours invested to want to start over again anytime soon.
-
I have added many of the questions here in the FAQ section of the above post.
We don't have MSRP pricing on this, we will likely increase the product's price as it gets closer to the delivery date. (The same way we did in the past crowdfunding/s) So purchasing early is the best way to get all the savings, please you get to play with it early :)
-
Will the Firewalla Wi-Fi SD (which I recently added) work with the new product? Also curious about transferring settings from existing Firewalla Gold. As someone else mentioned, will there be a trade in program for an existing Firewalla Gold? Tempted to keep existing as a backup but would also think about trade in.
Thanks!
-
I want to second the SIM slot. There are a number of situations where I want to have multiple carriers (fiber / coax as well as cellular (ATT / Verizon) for active active and active / passive internet connections where I do not want to tether my cell phone during a failover. Please leave the SIM slot for future software capabilities and features.
-
@Firewalla,
Which Intel CPU is being used in the Gold Plus? When should we expect to see super early bird discount coupons in our inboxes? Any chance migration of VPN configuration will be available by the time of release of the Gold Plus?
Thanks for the amazing community engagement. I'm looking forward to waking up early to place my pre-order.
-
@sarkawt
Gold Original vs Gold B is here https://help.firewalla.com/hc/en-us/articles/5001754775827-What-is-the-Firewalla-Gold-Rev-B-
And Gold Plus is a completely new board that's optimized towards 2.5gbit traffic.
All three are the same form factor and fit in the same fanless chassis.
-
Gold Plus has 4x2.5Gbit interfaces and 5Gbit of packet processing. Is the quoted packet processing performance an aggregate and as such will the individual interfaces be able to achieve 2.5GBit line rate? Or will the interfaces only be able to achieve a lower-performance eg. 4x1.25Gbit totaling the 5Gbit packet processing stated? The former is obviously much more preferable to the later...
-
@Firewalla, fantastic performance data. Thank you for sharing. Just to help provide a bit more visibility to potential performance, will the Gold Plus be using Intel i225V NICs? Will they be at least stepping 3?
I'm hoping this is the case. The i225Vs NICs are very performant with the J4125 CPU.
This could be shaping up to be a great router that could be perfect companion for one of the many different high performance WiFi 6E solutions like the Eero 6E or the UniFi 6 Enterprise mesh APs that have 2.5 GbE ports.
-
I can see PCI lanes is the limit. Instead of adding 5th Eth port, please post a tutorial how to merge the two Firewallas. Keeping the Gold and adding Gold Plus onto existing network.
Please post some suggestions how to connect the two in tandem, for example if we could efficiently bridge the two units together, we could possibly hook one more WAN or use existing Gold as a VLAN aware switch... Would the Gold Plus be setup in router mode while the older unit will need to be configured as DHCP or something else? Prepare some article with suggestions and sample diagrams.
I asked in the past, can the developers finally separate the WAN management regarding (automated) Speed Test? We should schedule and see pings, DNS test, and speeds per EACH WAN.
In the "Flows" I also asked in the past, I need to see which WAN the traffic were sent through for diagnostic purposes to prove the Static Rule did work as intended.
Can we have ability to configure one password per VPN provider instead of each connection (the same credentials need to be re-entered). It is so hard on the phone doing this and switching screens constantly while copying and pasting. First, let us create a VPN provider profile with the credentials, not the connection profile. Then we create a connection profile and choose which provider it is related to.
Can VPN management we finally available on the desktop web interface if we have to keep entering and pasting users and passwords all the time on the phone. It would be easier if you don't want to make management on the phone app simpler?
-
@R, there are many ways to use firewalla's for sure. For example, we usually create secondary networks within our network using the gold for testing and isolating dangerous things. (for example, experiment with bad sites ...) The gold also works really well if you dedicate it as a wireguard VPN Server.
As of multi-wan, I just forwarded your suggestions to our dev.
Please sign in to leave a comment.
Comments
188 comments