IT Pro Verdict
Easy to deploy
No local web interface
Firewalla claims its Gold security appliance is the world's most affordable multi-gigabit firewall, and the sub-£400 price certainly lends credence to this. In fact, the value looks even better as this is a one-off fee that includes the appliance, all security services, lifetime updates, and online support.
This palm-sized package uses its aluminum shell as a heatsink and sports a reasonable hardware package with a 1.6GHz quad-core Intel Celeron N3160 CPU and 4GB of DDR3 memory in the driving seat. You get four-gigabit ports for WAN and LAN duties, but if you want more speed, the Gold Plus model ups these to 2.5GbE at a cost of around £486.
Firewalla Gold review: Setup
It's a cinch to deploy as you insert it between your internet router and network and use the Firewalla Android or iOS mobile app to link up with the appliance's USB security dongle for Bluetooth pairing and activation. The appliance can also function in bridged mode if you have a separate modem and ISP router, and the excellent online help also shows where it fits in a meshed wireless network.
We used the iOS app on an iPad, which required an email address to register the appliance and then asked us to scan its QR code. An auto-configuration wizard steps in next where you choose an operation mode, add your internet speeds for usage analysis, state whether you're using Google Meet, Microsoft Teams, Webex, or Zoom for traffic prioritization using Smart Queue, and enable the Active Protect mode so it can block malicious activities and send alerts.
The appliance builds on its standard SPI (stateful packet inspection) firewall with extra layers of protection such as the Zeek IDS (intrusion detection and inspection) service and the OpenDNS-powered Family Protect feature for filtering out malicious and undesirable websites. No technical expertise is required as a base firewall rule for inbound traffic inspection is created for you, while Active Protect turns on IDS and IPS (intrusion prevention service) with options for default or strict modes.
The mobile app provides a tidy dashboard showing network performance and a graph for traffic flows and blocked activities, with icons below for viewing all network devices and accessing the various security features. Under the surface, the appliance is surprisingly configurable as you can create VPNs for remote working and ports can be placed in separate groups with custom rules.
These control access to targets, which can be anything from a single IP address or range to a domain, a port, or a specific country. You can also assign popular apps as targets, with Firewalla currently offering nine, including Facebook, Instagram, TikTok, YouTube, and Twitter.
For general operations, all bad connections are automatically blocked while those deemed suspicious raise an alert. Pop-up notifications are very informative as they tell you which network device is viewing videos, playing games, or being very naughty – it also advise on abnormal upload activity with a map showing the location of the external endpoint.
The appliance doesn't have a local web interface but Firewalla's new cloud-hosted managed security portal (MSP) provides remote monitoring services. We tried the free personal plan, which supports one appliance, and were impressed with the level of information provided and the options to view alerts, apply blocking actions, create new device groups, and assign custom rules.
Don't be deceived by its compact dimensions: the Firewalla Gold packs in an impressive range of network security measures. It's easy to install, the well-designed mobile app makes light work of management and the all-inclusive fee will appeal to small businesses and home workers that want to avoid the expense of yearly security subscriptions.
Firewalla Gold specifications
|Chassis||Desktop fanless chassis|
|CPU||1.6GHz quad-core Intel Celeron N3160 CPU|
|RAM||4GB DDR3 RAM|
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.