In the current online environment, if you’re not at least mildly concerned about data security and the online safety of your family you probably aren’t paying enough attention. There are constant threats online from spam, phishing, malicious code and many more. Of course for every threat there are three devices offering to help you protect yourself but which ones are worth the time and your money?
One of the many options we’ve had a nudge from a couple of readers about is Firewalla. At this point, there are two options available, Firewalla Red for US$109 (intended to be the affordable option) and Firewalla Blue for US$179 (aimed at power users wanting more speed and control).
What is it?
Our review unit is the Firewalla Blue which is simple to set up and not only monitor but control traffic, access and provide an initial layer of protection to the devices — and people — on your network.
While it would be simple and for many users, acceptable, to use this as a monitoring tool only there is so much more to offer. The features list for something physically so small and costs relatively little is huge and includes:
- VPN Server
- Ad blocking
- Family Protect
- DDNS
- Open Port scanning
- Network Monitoring including IPv6
- Social Hour
- Safe Search
- Active Protect
| Pros | Cons |
|---|---|
| The simplicity is outstanding | Lots of mainstream/popular routers aren’t compatible. |
| No subscription services, you purchase the device once and pay nothing more. | Some alerts are false positives, My Android phone will communicate with Google servers a lot – STOP TELLING ME!! |
| Per device rule application eg. applying ad or adult content blocking to specific devices. | While very simple, some of the features (like ad blocking) could do with more configuration to add exceptions. |
| A wide range of features that you can turn on or off as you wish. | There are cheaper options available, but they require a lot more effort to implement. |
| Network and data usage monitoring. |
The hardware and setup
If you’re considering a solution like Firewalla, you should always spend a bit of time to ensure your existing hardware is compatible. In my case, there are issues with the Netgear XR500 Router I run and the Firewalla running in “simple” mode. The two options I had were to disable DHCP on my router and let the Firewalla do that work or, plug the Firewalla into the D-Link COVR gear currently on the test bench and on a separate subnet.
The review unit itself I expected to be larger. The Firewalla Blue is barely bigger than a box of matches. It plugs into your network in a variety of potential pathways and is powered via a Micro USB plug. Once plugged in and powered up, you can begin the process of installing and setting up the box to your wants and needs.
Installation is ridiculously simple
The installation process is really easy, just head to the install page and follow the bouncing ball. Now there are a few little caveats, starting with the hardware checks to ensure your router is compatible. The other is to have some basic (you really don’t need high level) knowledge of networking to manage the physical connection to your network. Then it’s over to the app to get the device working on your network.
There are a couple of options to consider when you’re setting up the Firewalla. For most users it will be simple mode providing your router supports it, DHCP mode has the Firewalla device handle the core network routing for your home. This requires a lot more configuration which thankfully, I didn’t need to delve into.
For the simple mode option, there is no real user input required. You set the device to start working and it will start monitoring your network to determine what is normal behaviour and what is not.
There’s a lot of features to explore
That’s somewhat of an understatement — the Firewalla box can do a lot of the legwork that far more expensive and/or subscription-based devices do for the once off cost. It’s worth noting that if you’re not across the specifics of your network, some of the data presented could be alarming. In fact, it could be outright terrifying at times and the push notifications can be somewhat alarmist. So it’s important to not panic and take the time to understand the data that is being presented to you.
Let’s get into it and take a closer look.
Active monitoring
The active monitoring options are pretty broad and for a lot of users, this is where the frightening scale of the Internet may be highlighted. Even when your devices aren’t in active use, some users may be concerned about the amount of activity that is going on in the background. Apple, Google (Android), various social media as well as other apps “phone home” a lot. If you’ve got items like Dropbox on your phone or laptop, they ping servers a lot and just having Internet tabs open has the same result.
Options for the safety of your family
There are two functions that fall under this realm. Family protect and Ad Blocking is — like the other features of the Firewalla — both are easy to configure.
Family protect and safe search work together and are aimed at parents wishing to prevent their kids from being exposed to some of the nefarious or adult content online. By enabling the family protect and safe search features, you’re putting up a barrier to accessing any known sites that meet these criteria.
Adblocking is something I’m a big fan of — Please whitelist Ausdroid on any Ad Blocker you have, it keeps the lights on — because frankly, some sites make ads very intrusive. For the Firewalla you can arbitrarily turn on adblocking for all devices, or select devices you want to prevent being exposed to adverts.
I love the other family-focused feature, social hour. A simple feature that allows you to block access (by device or holistically across your network) to social networking. The theory is, to encourage the members of your home to get off social networking and actually be social with each other. I did test it, then turned it off. I’m the only one in my home (kids are too young and my wife hasn’t really engaged) using social media. It works, it works well and is easy to engage but keep in mind if users have mobile data available, it’s also easy to sidestep by disabling Wi-Fi.
VPN Server
The VPN server is another simple to set up and use option. You basically need to turn the feature on, install OpenVPN, download the profile for your home login and connect anytime you’re out of the building. I find it a little amusing that Firewalla covers this by saying “Bypass censorship and internet filtering at work or another country.”
If you want or need to, you can also create a site to site VPN link between Firewalla devices. This is a more complex setup scenario and will require some higher-level networking knowledge, but a very helpful feature to include for users who need it.
Other features
DNS Booster or DNS Cache, runs in the background to cache DNS records for your network to speed up access to outside sites.
A DNS cache (sometimes called a DNS resolver cache) is a temporary database, maintained in memory, that contains records of all the recent visits and attempted visits to websites and other internet domains. After the initial visit to any website, the DNS lookup results will be returned from memory to speed up connections.
In the initial phase of using the Firewalla where I noticed a bit of a decrease in speed, I did see that speeds continually improved. It wasn’t just to the level that it was at with my previous setup, but exceeded the speed at times noticeably.
Now there are features (like VPN) that can make it useful to know and be able to access your home. The problem is most Internet Service Providers (ISP) provide users with a dynamic IP address. This can reset overnight, anytime you reboot your router and some ISP will force refresh these at least daily. The Firewalla has Dynamic DNS built into the device. What this means in simple terms is that you have a single site to remember forever.
So rather than having to remember that your IP address is 204.199.194.111 which could be 203.122.271.59 tomorrow, you can simply remember 123xyz.d.firewalla.org because the Firewalla device checks your IP address regularly and updates their software to match it.
IPv6 and SSH functionality are also available for advanced users who want the feature. In testing the Firewalla Blue, one thing has been consistent through all of the features of the device: The documentation on their website has been very good, detailed where it needs to be and allowing users of all knowledge and skill levels access to the various capabilities of the device.
What needs improving?
There are a number of areas where advanced or “power” users will find the Firewalla a touch lacking. Honestly, despite it being a well designed and functional device, there are a few areas I’d like to see tweaked as well as some additional functions.
The main issue that I believe a lot of users are going to see is that the push notifications are very “alarmist”. What I mean by this is that they are clearly based on access to specific servers to label the traffic in a particular way. So by watching a video based on a specific site, false positives trigger a notification stating that XYZ device is playing a game, watching inappropriate material etc.
I also saw alerts regarding unusual data traffic that my phone had uploaded 1.4MB to a Google server, not sure how that’s unusual but I got a push notification that my phone was doing so. Over the first couple of weeks, many of these alerts subsided but occasional false triggers still remain.
I’d really like to see the ad-blocking capabilities expanded to whitelisting domains or allowing individual devices to be excluded instead of being forced to opt-in all devices you want to be covered. The main reason for this is a personal one, Ausdroid is funded by adverts primarily and without that revenue and ability for users to whitelist domains, our site may not exist or be as independent as it is today. If you’re using an ad-blocker please consider whitelisting us if you haven’t already.
A couple of other “nice to have” but not needed functions I’d love to see is bandwidth and access limitations per device. For example. A bandwidth limitation of 1GB per day for kids devices to prevent them from streaming all afternoon while they should be doing homework. Or enabling social media blocking for individual devices permanently, or potentially even on a schedule. Scheduling access for devices so they simply can’t access the Internet after a certain time would also be fantastic for parents to prevent sneaky late-night Netflix sessions.
Should you buy one?
There’s really not much to report in terms of daily use with the Firewalla device. It does its job, it does it well and for the most part, does it silently. Ad blocking, Safe Search, Family Protect, Social Hour and DDNS “just work” and for a device like this – that’s possibly the best feedback I can imagine giving.
If you’re into all things tech, prepared to tinker and invest the time in something like PiHole, then you may well find the Firewalla option restrictive.
There are custom firmware options for some routers that may cover the functions users may need also but that’s not the target market for this device. It’s aimed at users who want a simple setup and use option that can provide another layer of protection and monitoring for the home or business.
The Firewalla options are pretty easy to understand: Red is the entry-level, offering up to 100Mbps throughput for USD$109 and the Blue is capable of over 500Mbit at USD$179 making either a worthwhile investment if you don’t have the time or knowledge to set up your own option.
Disclosure Statement
Firewalla has not requested the hardware to be returned following the review period.
Just wish they offered more than 1 year warranty and not Australian at that.
Interesting article. Its always nice to find out what is new in this area.
But false positives is what really puts me off these things.
For limiting kids activity though I think one of the better options out there is meetcircle.com.
Yeah, pass.
Pi-hole is cheaper
I think the Fing box sound better