Firewalla Gold SE Review for Home Lab

 

I was recently sent one of the new Firewalla Gold SE devices to test out in the home lab. However, other than the unit being sent to me for my thoughts, this is not a paid review, and I only give my thoughts and opinions on testing and using the Firewalla in the home lab. Many of the readers of this site are interested in home labs and technologies for home labs reviews. The question is, is this a good firewall for home lab use?

What is Firewalla?

Firewalla is a cool project that was started as a Kickstarter back in 2017 and kicked off Firewalla as a business. Their business focuses on providing effective cyber security firewall router appliances that are easy to use and don’t take a CCIE to figure out.

The Firewalla device has been built to add to your existing network with an existing router, either in router mode, simple, or DHCP mode. You can use it to protect your entire network or a segment of the network with a separate subnet such as an access point

What makes it different?

Firewalla has a few characteristics that make it different than other firewalls in this space. First and foremost there are no subscription feeds with Firewalla. Even though you get features like premium web filtering, there is no subscription service for these. They are simply included.

Advanced cybersecurity features of the firewalla gold se review unit
Advanced cybersecurity features of the firewalla gold se review unit

They are trying to branch out more into the business sector, and there is an interesting statement on their FAQ page noting the following: “In the future, we may provide additional apps or features for pro/business users for a reasonable fee.” So, it sounds like there may be subscriptions for some of the business premium features coming down the pipes.

Also, with Firewalla, most of the configuration is carried out using a mobile app. I like and don’t like this at the same time. Firewalla has designed their products to primarily use the mobile app for configuration, management, and monitoring. I think this is great for most home users. However, for those of us running a home lab, most like the “nerd knobs” and like to be able to get to and tweak all aspects of the system.

 

There is a web interface, but it is not as fully featured as the mobile app. Keep that in mind that if you want to tinker with the more advanced settings, you have to have the phone app and you are reliant on the Firewalla cloud connection for the management web interface.

Firewalla firewall models

Firewalla has several models of their firewall to choose from, including:

  • Firewalla Blue
  • Firewalla Blue plus
  • Firewalla Purple
  • Firewalla Purple SE
  • Firewalla Gold
  • Firewalla Gold Plus
  • Firewalla Gold SE

Introducing the Firewalla Gold SE

The new Firewalla Gold SE is a new offering from Firewalla that has all of the features of other Firewalla devices with (2) 2.5G network ports. It is an affordable choice for both home and business environments and I think also home lab environments as well. Note the following hardware and software/capabilities features.

Hardware

  • Quad-Core ARM CPU
  • 2 x 2.5Gbits & 2 x 1Gbits Interfaces 
  • 2Gb Software Packet Processing
  • 4096 Megabyte DDR RAM
  • 32GB Storage

Features

Firewalla Gold includes the following features in the SE model:

  • 2 x 2.5G and 2 x 1G network interfaces
  • Protections your devices from cyberattacks
  • Advanced insights into your network
  • Safeguards your personal and business data
  • Dynamic content filtering to block sites (porn, etc)
  • Parental controls
  • Monitor and control Internet usage
  • Block unwanted ads (ad-blocking)
  • Built-in VPN server and VPN client
  • Network segmentation and Lockdown mode protection
  • 2 Gigabits deep packet inspection hardware
  • Advanced Smart Queue reducing network latency
  • Multi-WAN for better performance and availability
  • No monthly feed

Background: The Firewalla Gold Lineage

The Firewalla family, including the Firewalla Gold and Firewalla Gold Plus, has established a reputation for robust network management and security. The Firewalla Gold SE builds on this foundation, offering an affordable version without compromising on key features.

Firewalla Gold & Gold Plus

  • Firewalla Gold: The Firewalla Gold is known for its relatively robust hardware and multi-layered security measures
  • Firewalla Gold Plus: An enhanced version of the Firewalla Gold that offers more additional features. If you have more demanding network security and traffic needs, the plus is a step up from the Gold
  • Firewalla Gold SE: This new model is positioned in the lineup for those who need a high-performing cyber security solution at a reasonable price. It retains the core functionalities of the Firewalla Gold line and has 2.5G connectivity.

Design and Hardware

The Firewall Gold SE has a compact design and a very small physical footprint. I think this makes it ideal for a home lab setup, especially if you don’t have a server rack and your lab is in a bedroom or office space. It features four ethernet ports, including (2) multi-gigabit ports. It definitely appeals to those who have made the jump to 2.5 gig connectivity in their home network or have upgraded to multi-gigabit Internet access.

 

Key Hardware Components

  • LAN Ports: Equipped with (2) 2.5GbE and (2) 1GbE ports, it can provide network segmentation and management.
  • Robust Hardware: It is outfitted with a quad-core processor and 4 GB of RAM to handle many connections

Unboxing

Let’s take a look at the unboxing of the unit. The unit comes in nice packaging.

Firewalla gold se review unit in the box
Firewalla gold se review unit in the box

You wills see a box with your power adapter, and the getting started guide that is included.

Taking the top lid off the firewalla gold se review unit
Taking the top lid off the firewalla gold se review unit

A picture of the network ports and power slot (micro USB). The default WAN port is the far-right port with the yellow around it. As you can see below, the two outside ports are designated as 2.5G, and the two middle ports are 1G.

Front ports of the firewalla gold se
Front ports of the firewalla gold se

On the back side, you can see the unit has a reset button, a micro SD card slot, an HDMI slot, which allows advanced users to connect a display device for advanced configuration, a USB slot with the security dongle used for box pairing and activation, and another USB slot.

Viewing the back of the firewalla gold se
Viewing the back of the firewalla gold se

 

Installation and User Experience

The setup process of the Firewalla Gold SE is straightforward using the smartphone app. The device supports various modes like router mode, bridge mode, and simple mode for different network setups.

Firewalla has installation guides for your respective Firewalla model: Firewalla Installation Guide | Firewalla

Firewalla installation guide
Firewalla installation guide

First, install the app for either Apple iOS or Google Android:

 

Open the app and click on the “+” sign to add a new Firewalla appliance for setup.    

Beginning the process to pair your firewalla device in the mobile app
Beginning the process to pair your firewalla device in the mobile app

Select the model of the appliance you will be configuring.

Choose your model for pairing in the firewalla app
Choose your model for pairing in the firewalla app

 

Cable up the WAN port from the Firewalla to your ISP modem or existing network. For my purposes in testing, I am simply cabling up the Firewalla to the existing network switch in the lab environment to test with a client.

Connecting the cabling for your firewalla gold se
Connecting the cabling for your firewalla gold se

You will see a permissions request to use the Bluetooth on your mobile device.

Bluetooth access required prompt
Bluetooth access required prompt

Click to allow the permissions requested.

Allow bluetooth for the pairing process with the firewalla gold se device
Allow bluetooth for the pairing process with the firewalla gold se device

One of the neat things that Firewalla does is place a QR code sticker on the bottom of the appliance. Using the app, scan the barcode to onboard the device into the Firewalla cloud.

Prompt to scan your qr code
Prompt to scan your qr code

 

Next, you configure the “mode” of the device. Even though I am adding it to the existing network, I still chose, “Yes, set up as a router” since I wanted to test it with a client on its own network segment. So, my lab network hands out a “WAN IP” to the Firewalla in the form of a private IP address from DHCP.

Note the following mode types:

  • Router Mode: Ideal for use as a main router, providing comprehensive control over home network traffic.
  • Simple Mode: For less complex setups, offering ease of use while maintaining effective network management.
Set the mode of your firewalla gold se device
Set the mode of your firewalla gold se device

We are directed to connect to the ISP modem at this point using an Ethernet cable.

Connect your modem to the firewall gold se
Connect your modem to the firewall gold se

Once this is all configured, you will see the Firewalla appliance begin the Setting up phase.

The setup process begins on the firewalla gold se
The setup process begins on the firewalla gold se

 

Once completed, you should see the Get Started button.

Getting started with the firewalla gold se review unit
Getting started with the firewalla gold se review unit

Navigating around in the app

On the mobile app, there are quite a few options you can configure and drill into for information, configuration, and management. Below are a few screenshots of navigating the app so you can see what options and menus are available.

Mobile app dashboard and configuration guide
Mobile app dashboard and configuration guide
Viewing devices on the firewalla mobile app
Viewing devices on the firewalla mobile app

Looking at the tools and configuration available.

Viewing the firewalla gold se menus and configuration options
Viewing the firewalla gold se menus and configuration options

 

Under the more features, you can see the list of things that are enabled and those that aren’t used as of yet. The Wi Fi Test is a new app listed.

Viewing enabled and disabled features for the firewalla gold se review unit
Viewing enabled and disabled features for the firewalla gold se review unit

Using the Create Network menu, you can create your networks, including LAN or VLAN configurations.

Create a new network screen in the firewalla mobile app
Create a new network screen in the firewalla mobile app

VLANs and Networks

One of the first things I wanted to understand and do with the Firewalla Gold SE was create additional VLANs and networks. If you navigate to the Network dashboard, there is an option to Create Network. On this screen, you can set the following:

  • Name – Name the network
  • Type – Set the type of network, either LAN or VLAN
  • Ethernet port – Select the ethernet port you want to associate with the new network
  • Template – Under templates, by default, you can select Guest Network or Lockdown network
  • Network settings – Configure the subnet for the network, DHCP range, DNS servers, etc

When you choose to Create Network, you will see the options to create the various network types, including WAN connection, Local Network, Guest Network, and Lockdown Network.

 

Below are the descriptions for the network types:

  • WAN connection – Connect to the Internet using DHCP or Static IP
  • Local Network – LAN or VLAN without present rules
  • Guest Network – Devices can use the Internet without access to other local networks
  • Lockdown Network – Devices are blocked from the Internet connection and other local networks
Creating a new network screen for beginning to add a vlan
Creating a new network screen for beginning to add a vlan

If you choose VLAN, you can create tagged networks with that specific VLAN. Below, you can see I am choosing the first port, which I already have my mini PC plugged into.

Create a network screen and choosing ports
Create a network screen and choosing ports

If you create a LAN port, it must not be a part of any other network. I believe the differentiation here is untagged traffic vs tagged traffic. When you add a port to a LAN, you are untagging that traffic on the port for that network. 

Error when you choose lan for a port that is already a member of another network
Error when you choose lan for a port that is already a member of another network

As you can see below, the first port is a part of LAN 1, LAN 2, and LAN 3. It is untagged for LAN 1, and then I created two additional VLAN networks to tag for those specific VLANs on the same port.

Viewing new networks created in the firewalla mobile app
Viewing new networks created in the firewalla mobile app

Testing VLAN connectivity

To test my theory on tagged vs untagged, I added a Hyper-V virtual switch to my mini PC and then created two tagged virtual network adapters on the Hyper-V switch in Windows 11. 

Adding a virtual network adapter tagged with the new firewalla vlan
Adding a virtual network adapter tagged with the new firewalla vlan

 

As you can see below, the mini PC successfully grabbed an IP address from the new VLAN 100 that matches the new VLAN I created on the Firewall Gold SE.

The firewalla correctly pulls an ip address from the new vlan
The firewalla correctly pulls an ip address from the new vlan

Alerts and Notifications

One of the nice features of the Firewalla solution along with the mobile app is the notifications and alerting you get by default. When I created the additional VLANs and tagged virtual network adapters for the VLANs, I immediately got alerts for the “new devices” found on those networks. 

I run Arpwatch in my home lab environment for this purpose. However, if you have the Firewalla solution, this is a great way to have visibility of rogue network devices that appear on your networks as you will get these alerts and notifications in the app. 

Viewing new devices in the firewalla mobile app
Viewing new devices in the firewalla mobile app

Advanced Features

Firewalla Gold SE is more than a basic firewall device. It provides a complete network management solution. It has additional features like advanced smart queue management, content filtering, and VPN capabilities.

Also, you get policy-based routing capabilities that you find on enterprise firewalls that allow flowing traffic different directions based on the type of traffic.

Advanced features of the firewalla gold se
Advanced features of the firewalla gold se

 

Cybersecurity and Traffic Management

Firewalla has many other types of cybersecurity and traffic management features built into the solution. First it contains the classic ingress filtering when in router mode for stateful ingress firewall rules.

Firewalla ingress rules
Firewalla ingress rules

It also has egress filtering, which I think everyone should be using as malicious traffic often calls home using abnormal ports, etc.

Firewalla egress filtering
Firewalla egress filtering

For home server and home lab environments, it also has a segment firewall, meaning you can block or allow traffic between the segments you have created on your network.

Segmentation using firewalla filtering
Segmentation using firewalla filtering

The Active Protect feature is a full-fledged IDS/IPS (Intrusion Detection Service / Intrusion Prevention Service) provided by Firewalla that automatically detects, blocks, and alerts on suspicious activities.

Strict Mode checks Firewalla’s cloud database of security intel more often and is more likely to block network flows. It can lead to false positives, but is the most secure mode.

Firewalla active protect
Firewalla active protect

It also has behavioral detection, allowing Firewalla to understand an attacker’s intent. This detection looks beyond matching signatures and deep dives into the network flows to detect:

  • SSH login failure attempts
  • Heartbleed attacks
  • Unusual uploads or transfers of data
Firewalla behavioral detection
Firewalla behavioral detection

 

Monitoring and Control

Firewalla provides network performance insights and device management capabilities.

Network Performance Insights

The Firewalla app gives detailed visibility into network usage and performance. You can view flows, blocked traffic, Upload and Download amounts.

Network performance insights using the firewalla mobile app
Network performance insights using the firewalla mobile app

You can also see data usage.

Firewalla data usage
Firewalla data usage

Device Management: Allows control over connected devices, ensuring optimal network function and security. You can see all devices on the Firewalla network, including upload and downloads in real-time.

Device management in the firewalla mobile app
Device management in the firewalla mobile app

 

You can sort your devices by different metrics like Top download/upload.

Device sorting and filtering in the firewalla mobile app
Device sorting and filtering in the firewalla mobile app

Does it have a web interface?

One thing that home labbers and those familiar with traditional firewalls will be asking is, “does it have a web interface for management”? Well, the answer is “it does and it doesn’t.” Let me explain. You can’t browse to a specific IP on the LAN side and log in as you can with traditional firewalls you may be used to, like pfSense, OPNsense, or other commercial firewalls. 

To get to the web interface involves a process that starts with the Firewalla mobile app. Tap on the Firewalla web tool in the app.

Launching firewalla web
Launching firewalla web

It will direct you to go to my.firewalla.com which will present you with a barcode.

Scan the firewalla web barcode
Scan the firewalla web barcode

After you scan the barcode, it will display the Confirm Sign In screen. Tap Sign In.

Confirm sign in
Confirm sign in

 

After this, you will be taken to the web interface for your Firewalla appliance. As a note, you can only do a few basic things from the Firewalla web interface and you don’t have access to the more advanced configuration you can do from the mobile app.

Firewalla web interface
Firewalla web interface

Video review

Take a look at my video review of the Firewalla Gold SE for home lab:

Wrapping up the Firewalla Gold SE review

Up until I received the Firewalla Gold SE device with 2.5G connectivity, I had not had my hands on a Firewalla device. I have to say that I am pleasantly surprised at the features and ease of use of the unit. It actually has quite a few advanced cybersecurity features. It can do things that I think most running a home server or home lab network will want to do, like creating VLANs and segmentation, along with rules for blocking traffic between their different networks.

There are what I think are good & bad at the same time features. I think the mobile app is great, especially for being on the go and seeing everything going on with your devices and network. However, I would like to see Firewalla make the web interface more readily accessible and with all the features you have in the mobile app. What happens if the Firewalla cloud is down? The web interface should be an effective alternative.

Even if you don’t want to use the device as your main security device behind your ISP modem/router, I think it would work as a great appliance for a separate segment of your network, maybe in between your home lab/server network and your family/home network or to protect and filter kid’s traffic for parents.

Post a Comment

0 Comments