Firewalla Gold Rating: Powerful home network security in a tiny box

price upon verification

$468

Best prices today

The Firewalla Gold offers home users a network filter, router and security engine in a compact hardware package and protects their high-speed Internet connection from attacks from outside the network as well as compromised devices inside the network. It also offers ad blockers, parental controls and a “social hour” that disables access to social networks for 60 minutes, for example to spend time away from the screens.

We tested the Firewalla Gold, which costs $499 when it’s not on sale, but the Firewalla Blue Plus has all the necessary features for most homes for just $189.

It’s not a new idea to insert a hardware gateway between an internal network and the rest of the Internet to inspect data and connections in real time and make decisions about what should and shouldn’t happen and trigger alerts about dangerous activity. But most devices with enough power to be useful require a level of network IT skill or a willingness to fiddle around with a difficult-to-understand web-based management interface.

The Firewalla, on the other hand, is a compact, modern option suitable for the home and a user with only average networking skills. The user interface of the smartphone app is clear, easy to use and, above all, understandable.

Some of its features can be found in advanced home routers or in broadband modem/router combos offered by ISPs. But these hardware options can’t match Firewalla’s breadth or—in most cases—simplicity and depth. Having a dedicated device focuses on utility.

Detection, deterrence and shaping of Internet traffic

Plug in the Firewalla, do a few setups via a smartphone app (including verifying physical ownership by scanning a QR code), and let it quietly scan network traffic for a few minutes and complete the setup. The app will then show a series of choices you can make for alerts, monitoring, prioritization, and blocking, among others.

The Firewalla Gold features an internal four-port Ethernet switch and a separate WAN port for connection to either the rest of a network or a broadband modem. The best value for a device of this type is to place it between your modem or your main router or gateway. The Gold model can also perform all routing functions. (The cheaper Blue Plus can act as a bridge between a router and the rest of a network.)

During the initial setup, the Firewalla can scan the internal network for devices that are known to be compromised, which is a bigger problem than having your computers, phones, or tablets attacked directly from the internet. Now attempts to hijack machines come from devices on your network that have been remotely and automatically hijacked by malware. These local devices are typically ignored by Wi-Fi gateways and ISP routers, although their trusted status makes them easier to attempt to infect local devices or launch attacks as part of a coordinated army of “zombies” to take down other networks.

The Firewalla interface has a neat dashboard that shows some network stats and then offers setting categories like Ad Block, Family, Open Ports and Network as well as much more advanced ones. You can tap any of these items and drill down to view and analyze information or configure options. You can also tap a link that shows the number of connected devices, and then set policies individually for each device, or create groups to apply policies to groups of devices.

With Ad Block and Family, you can enable filters to block known ad serving sites and violent and pornographic content. For the former, Firewalla doesn’t provide any information on how it compiled its ad blocker list and only offers the “Standard” and “Strict” labels as options. Ad blocking can be limited to specific devices. The family section offers options for blocking websites and search results, relying entirely on the free consumer variant of OpenDNS, a service that can be used without a firewalla simply by changing a device’s or router’s DNS servers.

I tested its malware detection by visiting research sites that list malware specifically for testing detection, and the firewalla provided the appropriate blocks and warnings.

Firewalla Gold includes two different types of VPN servers, both open source projects, and a VPN client. The servers allow you to securely connect to your home network and its internet connection from anywhere in the world via a standard VPN. The client can route traffic from a single device to a commercial VPN (Firewalla suggests an Apple TV, which allows you to bypass country-specific restrictions), create a secure VPN tunnel between two firewalls, and other possibilities.

firewalla

Users with more sophisticated networking needs or interests may like the professional features of creating separate physical networks from each of the router’s LAN ports, allowing you to perform network security as separate Ethernet chains. You can also create VLANs (virtual networks) to provide logical separation between physical networks. There are also options to prioritize and control network flows to downgrade video for more work-related purposes – or vice versa!

Firewalla provides iPhone and Android apps required for initial setup. However, it also offers access via a web app that makes clever use of endpoint encryption. When loading the web app, you must authenticate access via a smartphone app by scanning a QR code displayed in the browser. This securely passes an encryption key to the web app, which is only stored locally. This approach prevents other parties, including Firewalla, from accessing the data.

Firewalla’s Gold model, the model we tested, includes all the features the company offers in every router, but comes at the hefty price tag of $499. The company says it can handle data streams in excess of 3 Gbps, making it suitable for a home with gigabit internet. However, if you don’t need advanced physical or logical LAN configuration features and have a network connection of 500 Mbps or less, the much cheaper $199 Blue Plus is for you.

firewalla

The final result

The Firewalla Gold worked as expected when serving part of a home network: it blocked malware, tracked behavior, discovered devices, reported internet-accessible ports, prevented ads from loading, and provided a treasure trove of insights into the devices on my network were there. The company needs to provide more transparency on how it compiles its ad blocking list and should consider licensing safe site lists to integrate directly rather than using OpenDNS indirectly.

The Firewalla Gold or Blue Plus should be sufficiently configurable and provide enough feedback on their actions to suit anyone who wants the level of control as well as extras like a built-in VPN connection. particularly beautiful? No recurring fees.