Saturday, October 5, 2024 โ€ข Welcome to the ๐Ÿ’ฏ Nonsense-Free Zone!
๐Ÿ›๏ธ Todayโ€™s ๐Ÿ”ฅ Deals on An image of Amazon logo๐Ÿ›’

Firewalla Gold (Add-on) Firewall Review (vs. Blue): Expensive but Totally a Keeper

Share what you're reading!

At first, I thought the Firewalla Gold would make a cool, unique router, perfect for those needing a non-Wi-Fi one for the Internet drop in the basement and then run network cables from it to Wi-Fi broadcasters around a large home. And it sure can work as such.

As it turned out, the Gold works best as a souped-up version of the Firewalla Blue Plus. Specifically, you should consider it an add-on firewall/online protection device of an existing network than a router that hosts a network of its own, which makes things a bit too complicated for home users.

And you need to have fast Internetโ€”500Mbps download or fasterโ€”to justify the Firewalla Gold’s one-time hefty cost of around $450. Those with slower Internet should go with the Blue Plus instead. That is if you want this type of device at all.

Firewalla Blue’s in-depth review

Dong’s note: The Firewalla Gold is very similar to the Firewalla Blue Plus versionโ€”almost the same in functionality and featuresโ€”and, among other things, the two share the same mobile app. This review focuses on the few differences between the twoโ€”I assumed that you’d read my take on the Blue Plus first.

Firewalla Gold Front Ports
The Firewalla Gold is the top-tier version of the Firewalla family of mini firewall hardware.

Firewalla Gold: It’s the Firewalla Blue Plus Plus Plus

There’s no typo in the heading. The Firewalla Gold is indeed the Firewalla Blue Plus on steroids.

You can guess that from the look alone. The Gold is some four times the size and nine times the weight compared to its lesser cousin. It now also comes in full-metal housing instead of plastic and mounting accessories. It looks the part.

Since the Blue Plus is so tiny, though, the Gold itself is still relatively compact. It’s smaller than even the smallest cable modem. Those with large hands (like mine) can still accurately call it palm-sized.

Firewalla Gold vs. Firewalla Blue Plus
The Firewalla Gold next to the Firewalla Blue Plus

Firewalla Gold vs. Firewalla Blue Plus: Hardware specifications

The Firewalla Gold is a much more powerful device than the Blue Plus. Among other things, according to the vendor, it can handle up to 3Gbps of Intenet bandwidth, as opposed to 500Mbps.

But it has a Gigabit port so as a result, you can use it in homes or businesses with up to Gigabit broadband without worrying about losing your bandwidth. If you have faster-than-Gigabit Internet, it might still be an issue.

GoldBlue+BlueRed
Price$418$199$179$109
Packet Processing Speed3Gbps500Mbps500Mbps100Mbps
Memory4096 MB2048 MB1024 MB512 MB
Gigabit Ports4111
Max Internet Speed1Gbps500Mbps500Mbps
Active Protect Entries 40,00020,00010,0001000
CPU64bit Quad-Core Intel 2.2ghz (AES NI)64bit Quad Core ARM 1.2ghz64bit Quad Core ARM 1ghz32bit Quad Core  ARM 1ghz
VPN Encryption Speed120Mbps70Mbps70Mbps28Mbps
Storage 32 GB16GB16GB16 GB
Console Port1NoneNoneNone
Power Usage  (Watt)~10W to 12W~7W~5W~5W
Size5.12 x 4.33 x 1.34 in 
(13 x 11 x 3.4 cm)
2.13 x 2.13 x 1.34 in 
(5.4 x 5.4 x 3.4 cm)
1.77 x 1.77 x 1.18 in 
(4.5 x 4.5 x 3 cm)
1.77 x 1.77 x 1.18 in 
(4.5 x 4.5 x 3 cm)
Weight19.9 oz (565 g)2.15 oz (61 g)1.59 oz (45 g)1.52 oz (43 g)
Operating Temperature32ยฐF to 122ยฐF32ยฐF to 95ยฐF32ยฐF to 95ยฐF32ยฐF to 95ยฐF
Common Features:
Active Protect, 
Deep Insights, 
Deep Insights, 
Ad Block, 
Device Management, 
Family Protect, 
Device Groups, 
Rules, Alarms, 
Content Filtering, 
Bandwidth Monitoring,
VPN Server, VPN Client, 
DNS over HTTPs, 
IPV6, DDNS, 
Simple and DHCP Mode
YesYesYesYes
Site to Site VPN10x connections1x connection1x connectionClient only
Geo-IP Filtering  
Regional Blocking
no limitTen countriesThree countriesNone
Web Interface (beta)YesYesYesNone
Custom or 
3rd Party Software App
YesYesYesYes
Inline FirewallYesNoneNoneNone
Simple  Smart QueueYesYesNoneNone
Advanced Smart Queue 
and Rate Limit
YesNoneNoneNone
New Device QuarantineYesYes  (beta)NoneNone
Docker ContainersYesYesNoneNone
Can Work as a RouterYesNoNoNo
Firewalla variants

More ports

Thanks to the larger physical size, the Gold now comes with more network ports, including four Gigabit LAN ports and a Console port, all on its back.

The LAN4 port is designated to connect to the existing network, or an Internet source, like a modem. The rest of the LANs are for wired clients. Chances are you’ll never use the Console port, which is for advanced users to manage the firewall using a Secure Shell (SSH) application.

On the front, you’ll find two USB 3.0 ports. One is occupied by a security dongle that needs to stay plugged in for the Gold to workโ€”don’t remove it. There’s also an HDMI port of which the use is unknown.

Unlike the Blue Plus, the Firewalla Gold comes with 32GB of built-in storage instead of an SD card.

Firewall Gold: Detail photos

Firewalla Gold out of Box
Out of the box, the Firewalla Gold comes with a huge power adapter and handy mounting accessories.

Firewalla Gold Side
The firewall has a full-metal housing that looks quite impressive.

Firewalla Gold USB Ports
On the front, the Firewalla Gold has two USB 3.0 ports and an HDMI port.

Firewalla Gold Front and Box
On the back, there are four Gigabit network ports and one console port.

Firewalla Gold Underside
The underside of the Firewalla Gold. Note the QR code that contains setup information (and license.)

Firewalla Gold Top on Hand
Firewalla Gold’s top.

Firewalla Gold USB Securre Dongle
The Firewalla Gold in action. Note the red secure dongle that needs to remain plugged in at all times.

Firewalla Gold 6
The Firewalla Gold has good heft and feels solid.

Router function included, no Multi-Gig

The Firewalla Gold can work as a routerโ€”all you have to do is connect its LAN4 port to an Internet source, such as a modem.

In this case, this port will work as a WAN port, and the Firewalla will stay physically between the Internet and the entire home or office network. This type of in-line setup is ideal for a firewall device.

The exciting router mode that proved complicated

Needless to say, I was initially quite excited about Gold’s router role.

Since this is a non-Wi-Fi device, it can work as the primary router of a home where the Internet drop is at a place not ideal for a Wi-Fi broadcaster, such as a closet surrounded by thick walls in the basement.

You then can run network cables from it and use Wi-Fi broadcasters, such as access points, strategically placed around the home. There’s a high level of flexibility with this setup.

(By the way, you can switch the Firewalla Gold between the router and add-on mode at any time. However, it’s a better idea to pick this from the beginning. And you can always reset the device and set it up from scratch. )

In the router mode, the Gold only protects devices connected to its LAN ports, which is the case of any router. But in the add-on mode, where you already have another router, the Gold will protect the entire existing network. The protection level (including its features and settings) is the same in either case.

Firewalla Gold App
You can set up the Firewalla Gold as a router from the beginning or change its role later.

Unfortunately, the Gold’s router mode didn’t pan out as well as I had hoped. Mainly because it’s a bit too complicated yet lacking in settings commonly found in most home routers.

On top of that, the Firewalla Gold doesn’t have Multi-Gig ports. As a result, it can’t work with a Gig+ or faster Internet connection, nor can it host a fast server.

That said, if you’re an advanced user who understands the idea of VLAN, IP address, and segmenting your network, etc., and most importantly has sub-Gigabit broadband, the Gold will still work out well as a router.

Truth be told, I consider myself quite an advanced user, yet I found the Gold’s router mode a bit annoyingly overwhelming yet lacking at the same time. To keep this short, as a router, the Gold has too much of what most home users don’t need and too little of what everyone does.

It’s hard to put the finger on what exactly is annoying or, well, strange, but right off the bat, things are hard to work with when you don’t have an actual, local web interface, especially if you have a lot of settings and client entries to the program.

(Like the Blue Plus, the Gold does have a beta “web interface,” but it’s essentially just an enlarged version of the mobile app.)

In all, though, I find the Firewalla Gold works best as an add-on unit for most home usersโ€”it doesn’t have many things a standard router would give you. And in this case, it’s precisely like the Firewalla Blue Plus, just more powerful.

Excellent app, setup process, and feature set

Indeed, the Gold and the Blue Plus share the same Firewalla mobile app, setup process, and features. The Gold can do more.

For example, there’s no limit to how many countries from which the traffic you can block. And it won’t slow down your Internet speed at all, no matter how fast your broadband connection is.

So, check out the review of the Blue Plus for more on what you can expect. The gist is that eh Firewalla Gold is an excellent firewall / online protection device that delivers. Among other things, it puts your entire network in your hand for you to monitor and manage with ease in real time from anywhere in the world.

Shortcomings

And just like the Blue Plus, the Gold has its fair share of shortcomings.

For one, like any vendor-assisted firewall, it places itself between your network and the Internet. As a result, all incoming and outgoing traffic goes through it.

And since the device is attached to a login account with Firewalla at all times, the vendor can potentially spy on you. Not that I say Firewalla would do that, but nobody knows. Here’s the company’s take on the privacy issue.

Also, the Firewalla app’s notifications can drive you nuts. There are a lot of them. You can tune them down a bit by manually tweaking the warning setting for each device at a time, but that takes quite a bit of work.

And finally, the Gold’s LAN ports are still part of a separate subnet when working as an add-on unit. Consequently, devices connected to these ports belong to a different NAT (different local network) and can’t talk to the existing network.

So if you choose to use these ports at all, you’ll have one or multiple double NAT setups, and there seems to be no way to change that. Keep this in mind and use them only when you want to segment your network for some reason.

Firewalla Gold: Excellent performance

I’ve used the Firewalla Gold for more than a week as an add-on unit and have been happy with it. (Before this, I also used it in the router mode and was consistently not exactly happy.)

It’s a much better device than the Blue Plus. I didn’t slow my 700Mbps Comcast broadband at all. But if you have Gigabit or faster Internet, it might be a different story.

The Firewalla Gold also ran cool in my testing. And it made no noise other than a single beep during bootup to indicate that it was ready.

Firewalla Gold's Rating

8.5 out of 10
Firewalla Gold Status Light
Performance
9 out of 10
Features
8.5 out of 10
Design and Setup
8 out of 10
Value
8.5 out of 10

Pros

Super easy to set up and use as an add-on device, can work as a router

Lots of useful and well-designed network protection, monitoring, and managing features

Intuitive mobile app and web interface

Intuitive mobile app with a helpful web expansion

No subscription required

Cons

High cost, and privacy concerns caused by required login account

No PoE support, no Multi-Gig port, complicated yet limited as a router

Can be overwhelming for novice users, no local web interface

Bulky power adapter, excessive notifications

Devices connected to LAN ports belong to a separate NAT

Conclusion

Unlike the Firewalla Blue Plus, which can not handle Internet speeds faster than 500Mbps, the Firewalla Gold will give you up to 1Gbps of broadband speed.

That, plus the powerful hardware and a ton of useful features, including the ability to work as a router for advanced users, make it an excellent add-on security device for a home or even business network. And the (annoying) router role can be a bonus for advanced users, too.

But the $418 price tag is highโ€”you can get an excellent Asus router with a similar (albeit far less comprehensive) built-in protection feature. And the potential privacy risks can be a thing, too. So this one is a bit of a hard call.

But if you decide to get the Firewalla Gold, chances are you’ll find it a keeper. I know I do.

Share what you just read!

Comments are subject to approval, redaction, or removal. You're in the no-nonsense zone and that applies BOTH ways.

It's generally faster to get answers via site/page search. Your question/comment is one of many Dong Knows Tech receives daily. ย 

  1. Strictly no bigotry, falsehood, profanity, trolling, violence, or spamming, including unsolicited bashing/praising/plugging a product, a brand, a piece of content, a webpage, or a person (โ€ข).
  2. You're presumed and expected to have read this page in its entirety, including related posts and links in previous comments - questions already addressed will likely be ignored.
  3. Be reasonable, attentive, and respectful! (No typo-laden, broken-thought, or cryptic comments, please!)

Thank you!

(โ€ข) If you have subscription-related issues or represent a company/product mentioned here, please use the contact page or a PR channel.

65 thoughts on “Firewalla Gold (Add-on) Firewall Review (vs. Blue): Expensive but Totally a Keeper”

  1. Just got the Asus router and keep scratching my head at all the price reviews above about Asus protection. I’m trying to ensure that the bad stuff out there is not easily accessible on my network, but it’s impossible with Asus.

    Asus doesn’t allow me to block specific categories, no blocking of specific domains… Isn’t that where Firewalla comes in? Unless i missed something. Truly confused by a couple comments above to just keep Asus router and not get the Firewalla.

    Reply
    • A couple of things, Julie:

      1. You can NOT keep the bad stuff out 100%. Security is nuanced, not to mention “bad” is also nuanced.
      2. Yes you can do that with Asus routers, just not via the AiProtection feature, which generally only let users turn a function on or off. The user-accessible blocking in an Asus router is in the Parental Control and Firewall (under Advanced Setting) sections of the interface. Both have been greatly improved over the years.

      After some extended experience with the Firewalla Gold, I find the idea of Firewalla overrated. It’s more about giving you pointless notifications and redundant/unnecessary information than protecting you. That’s part the reason I’m no longer interested in testing or reviewing the brand.

      Hope this helps.

      Reply
  2. I installed one of these and was very underwhelmed. The physical construction seems very cheap. There is no active cooling and the thing gets quite got. Mine got so hot I couldn’t hold it for more than a few seconds.

    Second after 1 day of working perfectly, for no reason at all it told me that my AT&T WAN was down and switched over to my Verizon Wireless backup WAN. However when I went home to check the AT&T WAN was not down it was working perfectly. Nonetheless it wouldn’t cut back over, and there was no way to force it back. In the end I had to swap the Verizon and AT&T WAN’s ports and then it worked on the AT&T WAN thinking that it is the Verizon WAN. and meanwhile the port that was connected to the actual Verizon WAN now said that Verizon is down. What this shows is the Firewalla port had failed, not that the WAN failed.

    I suspect this maybe related to heat. Either way I am getting rid of it and replacing it with an Engenius VPN Gateway instead. The Engenius product is much better built and has a more robust service behind it. Plus then my network equipment will all be on one cloud app.

    I tried Firewalla because I liked the consumer oriented interface, but I agree with your review. Once you spend time with it the interface is confusing and does pose privacy issues.

    Reply
  3. Just donโ€™t go down the Firewalla road. Offshore support only through email, short warranty (if they will RMA at all), if RMA is approved itโ€™s lost in transit to China. The appliances are not remarkable for the cost. Power users will be locked down due to automation & poor feature design, retail customers will be lost when something is misconfigured. These issues often end up on the vendorโ€™s Reddit page where 1) told you are the problem 2) given wrong answers 3) no meaningful answers at all. Stateful firewalls will never be set & forget, get idea, does not work. Frankly, many of the marketing statements made are in a perfect lab setting or not true. Engine to this is all open source with them adding app integration & automation. In current price point there are much better appliances to be had. Will any be true plug & play? No, but that is an unrealistic goal for this type of network equipment, IMO. This includes all the vendorโ€™s product line.

    Reply
  4. Great article. Did you disable the firewall on your main router since the Firewalla is checking the traffic first by spoofing? Do you have ipv6 enabled? If so did you disable the firewall for it? I tun Merlin Firmware so i have the regular ASUS firewall running, AI Protection and Skynet. Not sure if all of those would be a hindrance to a Firewalla device.

    Reply
    • I don’t think you need the Firewalla if you already have the Asus router, T. The Firewalla only gives you lots of insights, option, and notifications, it doesn’t do much more in terms of effectiveness. And they are two different things, so turning off the Firewall on the router won’t make a difference in the Firewalla’s perspective.

      Reply
  5. Thanks for the pointer. I just noticed many people on Reddit are switching to FWG+ from their UDMpro/UDM-SE, to handle all their routing as well as firewalling as it apparently has all the features UDM-SE provides and even specs wise it has more processing power as well. Any chance you can elaborate on why you would stay away from FWG+ for routing and stick with UDM-SE?

    Reply
    • I haven’t tested the FWG+. But I can’t see how it can be better than the UDM-SE, other than being more compact.

      Reply
  6. It looks like Firewalla Gold or even Gold plus can do all the routing plus then some. Would you consider replacing your Unifi Dream Machine SE with one of these to get more control? The specs seem about the same and looks like UDM-SE would only be better if you have a higher than 2.5G ISP. Thanks for the answer!

    Reply
    • Nope, Alex. Firewallas just give you lots of information and warnings, it doen’st necessarily do better than almost any other routers, in terms of protection. The UDM-SE is a much superior device.

      Reply
      • Agree with Dong, I have a FWG and have used Unify before. Now a days I find everybody does things good as far as they are reputable. The problem is understanding the jargon and setups, I am in IT and I think FWG has its place amongst the consumers and I think they are very good. It’s a couple hundred more when you compare metal vs metal, But everything cannot be compared like that.

        Reply
  7. Dong, the first paragraph says:

    “At first, I thought the Firewalla Gold would make a cool, unique router, perfect for those needing a non-Wi-Fi one for the Internet drop in the basement and then run network cables from it to Wi-Fi broadcasters around a large home.”

    That’s exactly my situation — my internet drop is in the basement, along with the cat6 drops for the rest of my house, and is a poor location for wifi broadcasting. I need a simple non-Wifi router for the basement internet drop, and then I will place my wifi broadcasters in more suitable locations.

    If you didn’t really like the Firewalla for this purpose, do you have a recommended simple non-wifi router for the basement internet drop situation? Many thanks.

    Reply
  8. Thanks for the review. I see the purple out now so I think I might add the purple firewalla as an add on protection to my 1gb orbi 6 mesh system. Still cringe a little at the price.

    Reply
    • Honestly, Eric, I don’t think it’s worth it. It’s more of a tool to snoop around your traffic than protection. It gives lots of info and control, while they are cool to brag about, they are mostly just a waste of time. Get an Asus router and use its free-for-life AiProtection.

      Reply
      • Yes and No, Do you have a suggestion for a router that provides VLAN capabilities and easy to configure. I had 2 purples die on me and looking to get the gold as i got used to it. Sometimes wonder if the FWG is a glorified PI-Hole with notifications and quarantine mode on it.

        Reply
        • There’s no such thing as VLAN that’s “easy to configure,” Steve. It’s about what you want from VLAN. It’s about the degree.

          I’d recommend a business router if you want/need VLAN. I generally don’t review them. Among home routers, those from Asus (the Pro version), Synology, and Ubiquiti Unifi have decent VLAN implementation.

          Reply
      • Thank you, this was the EXACT question I had in mind. Iโ€™m trying to decide between getting and ASUS router because of itโ€™s VPN server capability, and was wondering if I should instead get a Firewalla Purple and keep my existing router, because of the protection features. No children in the house so we donโ€™t need any of those kinds of features.

        Reply
  9. Your review was super helpful. Thanks for writing it. I’d double check your spying comment though. It looks like the “firewalla account” doesn’t exactly exist – it’s a random key generated at install.

    Do you need a firewalla account?

    There is no firewalla account. “Firewalla User” is simply the public key (generated every time you reset the box) and the license number that came with Firewalla. We may be asked for your email, and that is entirely for communication purposes.

    https://help.firewalla.com/hc/en-us/articles/360012760073-Questions-related-to-privacy-and-data-visibility

    This may have changed since you wrote your article, but this was the only point of clarification I wanted to make, since that seemed like a dealbreaker for me.

    Reply
    • You must provide an email address which is then associated with the license, Brian. So take “account” with a broader sense.

      As for what happens with that, only the vendor knows — the notion on privacy is non-definitive, and I did provide the link to the company’s privacy policy within the review.

      But generally, using what the vendor says as “clarification” on this front is about as good as “drinking the cool aid”. ๐Ÿ™‚

      Reply
      • Thanks for explaining – this makes sense. Their cryptographic keys require registration, which require account creation, which require your email, and only they can do, and likely they can do whatever else they want since they have the keys to the kingdom (for remote support / license enforcement / government cooperation / spying on you.)

        If their claims were true, it would make sense to be able to generate these keys independently from them, to import your own keys, or even better, both.

        Thanks again

        Reply
  10. What are the key differences between using it as a router vs add-on?

    Am I going to miss out on certain features or protection if I want to retain my existing mesh setup and just add the FWG?

    Reply
  11. I’m curious, what routing functionality did you find lacking? I’ve been using a Gold as my router for the past six months and I’m happy with it

    Reply
  12. Hi, great article!

    I was wondering, does it heat uyp a lot? Like, when you touch it, is it very hot?
    I am curious because I had a similar machine at home from another company and it used to heat up at like 115 ยบF or so.

    Thanks again.
    Mary

    Reply
  13. Hey Dong,

    Great review. Very concise- both this one and the one on Firewalla Blue Plus.

    I am wondering which device you would suggest for a home business? I was interested in the Gold primarily because it came with the option for “Network Segmentation,” which (if I understand correctly) is capable of ensuring my roommates’ internet remains separate from my business’ activity, despite running with the same modem and ISP. Would you agree? Am I correct that the blue plus does not have this option?

    Thank you for sharing your expertise!

    Reply
    • Yes, Tyler, you’re correct. The Gold can be a bit of a trip to set it up for special needs, but if you guys only care about the Internet access, it’s a walk in the park.

      Reply
  14. I really wanted this to work well. I need a gigabit router with some advanced features let alone common ones. Right now I’m running OPNsense and it’s great except that it is very touchy. You can bring down you internet hard even if all you are doing is following an official process. pfSense is no better. I am now cautious about Unifi so I’m not sure where to go next.

    Reply
    • Things usually don’t work as you want, do they? ๐Ÿ™‚ And no, as I mentioned in the review, Nnuyan, you shouldn’t use this one as your router, but as an add-on security device.

      Reply
  15. Dong-

    Terrific article. I was wondering your thoughts on the following.

    I have Verizon Fios Gigabit in my home. I am using their provided gateway (Actiontec G1100). Ethernet ports throughout house. I also have Fios set-top box/DVR for TV service (Coax from the gateway to the set top box i.e. MOCA).

    I own the Firewalla Gold but have NOT yet installed it. I bought it to act as a router and then add a better wifi access point or mesh system (using ethernet backhaul). However, I realize that to be able to continue to get the info guide on my TVs and on-demand programming, I will need to keep the Fios router to act as a MOCA bridge (or get a third party MOCA bridge). Searching the web I’ve found folks who have figured out ways to make the above work. But most involve creating a double NAT situation. This won’t work for me as I need port-forwarding for one or two things.

    Reading your article, it seems best anyhow to use Firewalla Gold as an add-on. I am fine with this. However, if I set it up in DHCP Overlay Mode, then I will lose the on-screen TV guides most likely (as the Fios router needs to dole out the addresses to the set top boxes)?

    This leaves simple mode. And so my question is, in simple mode am I likely to see network performance (i.e. speed) degrade? I’d love to use the Gold as you suggest in the article but not if it comes at the expense of dramatically slowing down the system.

    Thanks for any thoughts or other suggestions for how to set it up.

    And thank you for the great work you do on the site.

    Reply
    • I can’t be specific about your Verizon box, Allen, since I don’t use it. But you should be able to use the Gold in the Simple mode and it won’t affect your network performance at all.

      Reply
  16. Hello Dong,

    I am looking at the Firewalla Gold for my 1gig speeds to act as a Firewall and VPN server for my TPLink AC3150v2. I would like to have access to a Remote Desktop while keeping my network secure via VPN. I prefer not to pay recurring costs for a VPN service and use the Firewalla. Do you think it would be a good fit or would you recommend something else?

    Reply
  17. Hi Dong,

    I’ve got a CUJO in between my router and the rest of my network that’s being forcibly retired in just a few days, and found your article while looking for a replacement. I’m on CenturyLink 1gig fiber, and recently replaced my old router with an Edgerouter 4 (which, if I’m being honest, is just too complex for me to do anything with besides initial simple setup and whatever vlan tagging I had to do for CenturyLink). I’m loathe to spend the $400, but the possibility of protection with easy setup and without network slowing is pretty appealing. Would the Gold work as an edgerouter replacement, or should I keep that and look elsewhere for simple in-line protection?

    Thanks!

    Reply
    • You can, Zach. But it’s not as easy as you think as a router if you want to customize your network a lot. On the other hand, if you just want a device with the routing function, it’ll work out well. Note that it has no Wi-Fi, so you’ll need an access point.

      Reply
  18. Hi Dong,

    Great article. Quick question: when you say โ€˜In router mode, only devices connected to its LAN ports are protectedโ€™ are you saying that anything for which it assigns an IP address – for example, if I had other APs and switches coming back to these ports all devices connected to these would be secure?

    Reply
  19. I like the idea of having a firewalla gold in the basement and some access points providing wifi at different levels on a house. But that brings a couple of questions :

    – performance ? Based on the review seems not to be affected.
    – security?
    – if wanted wifi 6 or 6e, do you have any recommendations for access points for this case?

    Or, is it better to have regular router and firewalla working as a device on the network.

    Reply
    • The Gold is quite limited (and can be annoying due to the lack of a local web interface) as a router. But it will work. There are not many Wi-Fi 6 access points right now (let alone 6E), so you’re better off getting a router and use it in the AP mode, but then, why not just use the Gold in the add-on mode?

      Reply
      • I thought that a firewall had to be between the ISP and your network to filter traffic. If is in the network as a device your only monitor the traffic around it. Am I missing something?

        Reply
        • Read the review of the Firewall Blue, Luis — linked above my note at the top of this review. And you’re right, a firewall needs to be in the middle and the Firewalla is, even when it’s not physically so.

          Reply
  20. Great post and very cool router…I have a Synology mesh, with such a router implemented is there still an advantage to running the Synology mesh in AP mode vs getting a set of APs with a central controller like Ubiquiti? I have ethernet everywhere. Do you see the Asus XT8 or Orbi852 or Alien as a significant improvement in capacity or range from the Synology 2600RT? Thanks in advance for your truly excellent site.

    Reply
    • I actually did and did again just now. There was no option as shown in the link (even in Route mode). It must have been some firmware/interface issue. I’ll keep digging. Thanks for the input!

      Reply
  21. Hi Dong,

    Thanks for this review, I’ve had Firewalla Gold for a while, and have just got Amplifi Alien and Mesh point. (our last chat you suggested the Orbi 75x or the Netgear… but I decided to buy redundancy in the Alien!) I now have amazing coverage across the house.

    Just keen to know your thoughts with regards to which order you’d go with?

    a) 1Gb/s Fibre Firewalla Gold (as router) Alien (in Bridge Mode)
    b) 1Gb/s Fibre Alien (in Router Mode) Firewalla Gold (as appliance)

    I’d always assumed that the FWG should be in-line to act as a firewall, but your review seems to suggest that it’s not performant enough!

    Thanks again,
    Tom

    Reply
    • Either will work, but I’d go with b, Tom. The Alien can do more as a router. You might need to reset the Firewalla to set it up from scratch.

      Reply
      • Thank you so much. Alien now working as router, great speeds throughout.

        Will reconfigure Firewalla shortly. I think I can instruct it to change to DHCP overlay mode or simple mode. Fingers crossed!!

        Reply
        • If you reset it and set it up from scratch, then pick it to work as an add-on unit, it’ll figure things out by itself. Your data *might* remain, by the way, since it’s linked to the hardware.

          Reply
          • Want a laugh? The Amplifi Alien in router-mode will not allow you to disable DHCP, therefore the Firewalla’s only option if not used as a router is to work in Simple Mode … which then means it’s reliant upon ARP. Isn’t it great when everything just works!! ๐Ÿ˜›

          • I never thought of that. Well, Tom, if you don’t mind digging, the Gold can work fine as a router. Come to think about it the two are quite similar since they both require an app. But either way will work. ๐Ÿ™‚

Leave a Comment

๐Ÿ“Œ