In February of 2022, we looked at some of the best DNS blockers and firewalls to secure your small business and residential networks. The firewall, a family of products created by a group of former Cisco engineers, was one of our list of recommended hardware firewall products easy to build and provide the highest performance for a small business or residential broadband connection.
It should be noted that high-speed broadband does not require high-speed firewall devices. One can go “naked” without a firewall, connecting directly to the service provider’s high-speed residential gateway and using its simple NAT-based firewall; However, this is not a configuration I would recommend as a small business in today’s threat actor-rich environment—anyone can be a target.
I like Firewall because it’s straightforward to set up, not particularly expensive, and has no ongoing fees. Unlike the DNS blocking solutions detailed in that article, this is a true embedded Linux, IP-based rules firewall with advanced intrusion detection capabilities that can monitor every device on your home or small business network. Their products are also very fast, meaning you get wire-line performance over monitored connections; There’s no significant degradation like you might find with a purely software-based firewall solution, which should be the bare minimum when considering the security of your business and home broadband connections.
Firewalla also has an excellent app and a robust remote management web interface for managing mobile devices and receiving alerts. You don’t need to be a network security expert to set rules and protect your network.
Yet, even though it is easy to set up, it is possible to do some very granular security and permissions on a per-device basis and set up block lists of different target groups and many other things. For the most part, the default configuration, when applied to all devices on a network, is probably sufficient to protect most home users and small businesses.
At the time of the writing of that previous article, Firewalla had four products, Red (100Mbps), Blue (500Mbps), Purple (1Gbps), and Gold (Multi-Gigabit).
Today, there is also Purple SE (advanced security for less than 1 Gbps) and Gold Plus – which looks very similar to Gold, which has 4×1 Gbps ports, but this device has 4×2.5 Gbps ports. With Channel Bonding (LACP) and a supporting gateway device, you can connect Firewalla Gold Plus to a 5Gbps+ broadband connection.
From a functionality and convenience perspective, the Gold and Gold Plus are identical, but the Gold Plus is twice as fast at wireline speeds.
I recently installed Firewall Gold Plus on my network. You may be wondering what kind of network and home broadband you’ll need to take full advantage of this device’s wire-speed packet inspection capabilities: very fast.
Thirst for speed means upgrading is needed
A few months ago, I enrolled in AT&T Fiber’s 2Gig+ service, consolidating the fiber terminal and router into a single device with a 5Gbps Ethernet port for an ultra-fast gaming PC. However, I didn’t have a computer fast enough to take advantage of this connection until recently, when I bought an Apple Mac Studio with built-in 2.5 Gbps Ethernet for my primary workstation.
The Mac studio can use one of the three remaining ports on the firewall (must be dedicated to the broadband WAN interface), but what about all the WiFi stuff and all the other Ethernet connected equipment?
For that, we needed 2.5Gbps switches — in fact, we needed two of them because of how many devices we have. For the comms room where the broadband drop was located, we chose Netgear MS108EUPA managed switch with 8×2.5Gbps ports and 40W and 60W Power-over-Ethernet (PoE+) support for devices such as remotely connected wireless access points.
For my office, we decided on TP-Link TL-SG108-M2, an unmanaged desktop switch with 8×2.5Gbps Ethernet ports. Between these two switches, I had enough spare ports for all my other devices in my office and home that were hard-wired (including a legacy 24-port 1Gbps switch).
To eliminate the possibility of poor connections, we also purchased new Category 6 Ethernet cables for all of our 2.5Gbps connected equipment, such as switch-to-switch connectivity. I can’t stress enough how important this is, because when I tried to re-use some of my old category 5e cables on the faster 2.5Gbps ports, I couldn’t get them to negotiate properly And spent hours diagnosing various networking issues. a result. So if you’re going to spend $1000+ on a new high-speed firewall and associated switch, buy some new Cat 6 cables too.
As for WiFi, while an upgrade from my existing Eero Pro 6 wasn’t necessary as I was getting between 400Mbps-500Mbps reliably – more than enough to handle any 4K video streaming tasks, I’d like to take advantage of PoE and also 2.5Gbps connectivity, so I got a Netgear WAX630E The AX7800 Enterprise-Grade WiFi 6e Managed Access Point ($369), which will provide the fastest-possible wireless connectivity for everything in the home and future-proof it for 6Ghz devices (likely my next iPhone or iPad).
If you’re looking for something less expensive with 2.5Gbps connectivity but only the 2.4 and 5Ghz bands, as the above access points are probably overkill, I’d recommend the AX1800 ($150), AX3000 ($159), and AX3600, and the AX6000 would recommend. model. Depending on how wide of coverage you want — they all have 2.5 Gbps Ethernet ports and are PoE+ powered. Some, like the AX7800, even include a 1Gbps Ethernet port for hanging a secondary switch or other Ethernet-connected device, which helps extend Gigabit connectivity to other rooms for wired equipment.
As is the case with switches, we ran Category 6 cabling from the MS108EUP to the new AP on one of its 60W ports to ensure a clean connection. We also set up our broadcast 5Ghz SSID network on the new access point to up to 160Mhz channel width, so that modern clients like my iPhone 14 Pro Max, recent Android devices, and Macbook Pros can use WiFi 6 connectivity.
Cruising at over 2Gbps
To run Firewalla Gold Plus, we didn’t need to do anything apart from Gold. We booted it up, loaded the Smartphone app, connected to the device using Bluetooth on our iPhone, and set it to “router mode.” We had to configure IP passthrough on the AT&T Fiber residential gateway’s web interface to packet-forward to the firewall’s WAN port MAC address, which is an AT&T-specific problem.
We also used the app to migrate previous rules we’d set up in the prior product, which were stored in the firewall’s cloud. But once we did that, it was very easy.
Let’s start with a wired demo using Mac Studio. Despite blocking flows from 35 to 50 percent using built-in rules and with full ad-blocking enabled and over a million items filtered using Firewalla’s advanced threat protection, we were unable to use Speedtest. Fast.com is using local test servers.
and wifi? Over 650 Mbps on average in both directions, sometimes up to 700 Mbps or over 1 Gbps depending on the device – On our Qualcomm 888-based Android phone, we could get 800 Mbps or 900 Mbps WiFi downloads due to advanced wide channel support Huh.
what’s that for?
We’re impressed with the speeds of the Firewall Gold Plus and AT&T’s Fiber at 2 Gbps service speeds. But who needs broadband this fast? For most residential consumers and small businesses, a 1Gbps connection is sufficient. Unless you have a dozen kids simultaneously streaming Netflix or making 1080p Zoom calls in your house, you probably don’t need 2Gbps fiber broadband service.
Extreme PC gamers will want it for low-latency connections and cloud-based virtual reality apps, but it’s an edge case — at least until we’re all bundled up in the metaverse. But content creation professionals who need to upload and download large volumes of video and high-resolution photos will appreciate it, as will anyone who needs reliable connectivity for 4K streamed video and a better-quality videoconferencing solution. There will be what Zoom can provide.
I believe an argument can also be made for a 2.5 Gbps network upgrade, as it vastly improves the throughput of WiFi networking through supported access points. It is also useful — provided the PC workstation supports these higher speeds — for large file transfers over a LAN, especially when connecting to NAS units that use the faster Ethernet standards of 2.5, 5, and 10gbps switch backbones. supports.