Firewalla’s new Gold Pro is one of the best firewalls money can buy. It vastly improves over the previous generation of firewalls, providing twice as much processing power and memory.
Specifications
CPU: Intel Quad-Core N97 at 3.4GHz
RAM: 8GB of DDR4 3200MHz
FLASH: 32GB eMMC
Display: 1 x HDMI
Ethernet connectivity: Two 2.5GbE, two 10GbE
General connectivity: Two USB3.1, one Type-C console
Power Consumption: About 35W
Size: 218mm x 165mm x 44mm
Weight: 1.1 Kg
Connectivity has also been boosted, shifting to four copper Ethernet with two that support up to 10Gb. The unit consumes over 35W with all ports connected, while a cooling fan makes it less reliable in the long run.
The hardware is really half the story of this user-friendly firewall. The software is as polished as one can ask for, requiring just two steps to activate a feature in most cases. Firewalla is keen on adding new ideas in every software release, with recent features such as Wi-Fi tests. The Gold Pro has become more than a regular firewall; as a router, it greatly demystifies network setup and fine-tuning.
The Gold Pro is available in only one variant: one based on an N97 Intel CPU with 8GB of RAM and 32GB of flash memory. The price is steep, just under $1000 (currently at $899 for a limited time), when looking only at the hardware. Firewalla offers cheaper models, ranging from the lowly ARM-based Purple SE to the Gold Plus based on the J4125. All products carry a one-year limited warranty and unlimited software updates.
Firewalla Gold Pro: Design
The Gold Pro ships in a brown box with a 40W AC adapter and a user guide. The white and yellow metal enclosure measures 218mm x 165mm x 44mm and weighs 1.1 Kg, almost twice as big as the previous flagship device. Four rubber feet prevent the Gold Pro from moving if too much force is applied to Ethernet cables. Air vents and four mounting holes are on each side of the unit, while the back contains one socket for power. The unit becomes warm after a while, but the small internal fan makes no noticeable noise.
The front panel contains four RJ45 sockets, two USB 3.0 Type-A, one USB Type-C connector for the serial console, and one HDMI socket. Two recessed buttons on the right allow users to reset and enter recovery mode or reboot. The front LEDs are for the RJ45, showing linkup speed and activity. The status LED on the right comes alive during the boot process and remains off under regular operation. A USB key, which ships with the unit, acts as a security and Bluetooth dongle and must be plugged at all times.
Under the hood, Firewalla provides an Intel N97 quad-core x86 processor to do all the heavy lifting. It is the only processor available onboard, and all network traffic passes through it. The board includes two 2.5Gb and two 10Gb Ethernet MACs from Intel to connect the CPU to the network. Application memories consist of a single channel 8 GB RAM in SO-DIMM format, which can be expanded to 16GB, and 32GB of flash as an eMMC chip.
The Gold Pro’s power consumption varies between 17W and 33W, slightly higher than that of the Gold Plus. The fan turns on when the CPU operates at maximum power and is completely silent, making it great as a desktop unit in an office setting. The unit is entirely RJ45-based, so upgrading to fiber is impossible without an SFP media converter. This somewhat limits the utility of the firewall in a home setting, the software supporting PPPoE while most residential Internet is fiber-to-home and thus cannot be connected directly.
Firewalla Gold Pro: In Use
The Gold Pro turns on with power applied to the box. The Linux boot process takes less than one minute, and an LED on the right lights up to show the progress. The software setup requires scanning a QR code at the bottom of the case into the Firewalla mobile app. An Internet connection is needed on the WAN-dedicated port to complete the setup. The Internet port can achieve speeds of up to 10Gbps, keeping the Gold Pro safe from obsolescence.
The Gold Pro can either work as a standalone firewall or as a router behind a firewall. In the router mode, the unit can assign IPs on demand while inspecting inbound and outbound traffic for threats. VLANs have been included for extra security, allowing different networks to reside on the same physical connection. Applications such as VLANs take full advantage of the CPU upgrade, with the N97 achieving over 100% performance uptick over the previous CPU generation.
Firewalla’s mobile application is polished and avoids intimidating the user with too many technical details. The first panel shows the firewall’s health status and warnings about potential threats. The mobile app contains features that can be enabled, such as a Wi-Fi tester, VPN clients and servers, or an Adblocker. The list of add-ons, in addition to the threat list, is updated periodically.
Although not recommended, the Gold Pro’s software can be customized by the end user through Docker containers. Commercial applications such as unRaid for NAS or home automation can be installed remotely through SSH.
Firewalla Gold Pro: The competition
A good firewall requires constant updates from a service provider. Firewalla’s propositions are more than just good firewalls with regular updates. They are, in fact, network appliances with features such as VPN and ad blocker. These features bring more responsibility from manufacturers on the testing and prevention side since they have more points of failure and potential vulnerabilities.
Many OEM PCs with two or more 2.5GbE connections require an OS like pfSense to work. They usually have a competitive price since one only pays for the hardware but needs a steep learning curve to build a working system. A mobile app is also non-existent, while the threat database usually depends on the open-source community, which isn’t true for the Firewalla Gold Pro.
Firewalla Gold Pro: Final verdict
The Firewalla Gold Pro outperforms its predecessor in terms of processing power by a factor of two, while its 10G connectivity is beyond what most people have at home. The ecosystem, including the app, cloud and threat update services, and tech support, sets it apart from the competition. The mobile app is one of the best available and will make setting up the unit a breeze. Services such as VPN and Adblocker make life easier at home or in the office.
A price tag of just below $1000 means the unit remains beyond what most people are willing to pay for a prosumer firewall. With four Ethernet LAN ports, the hardware can route packets on four high-speed links at 2.5Gb and over. Finally, the system is user-customizable thanks to Firewalla’s willingness to open access to the underlying Linux system through SSH.
Buy the Gold Pro if … you need 10G speed and a fuss-free mobile app.
Don’t buy if … you are on a tight budget or if saving power is essential.
We’ve also listed the best Linux firewalls
Read the full article here