Anyone here have any experience with Firewalla ?

Think you'd be better replacing with a newer netgate.

Firewallas are expensive for what they can do compared to the netgate.

For the same price as the purple you can get the netgate 2100. My biggest issue with firewallas is everything I see and hear is it's cloud based config. Besides echos, I have no cloud based devices in my house.

If you want to easy block your kids, give them their own vlan and lock them to only use the DNS you give them (1.1.1.3 is what I use, no porn) with a single a firewall rule.

Edit: since you already have pfsense, pretty sure you should be able to backup your config and move it to a new netgate box. Another plus.

Would one of these be an option?

quote:

---

With InvizBox router, every single connected device will have its traffic sent through an encrypted tunnel. Your PC, your laptop, your home entertainment system, and even your Smart TV.

---

LINK - InvizBox

I have two scenarios I would like to solution, to keep people busy on Sunday evening.

1. Ex wife (no pics) has AT&T in her new place. I want to block malware from the kids devices that are on the network, but I also never want her to call me to troubleshoot anything. If I configure DNS settings on each device, a system update will revert them to defaults, I'm sure, so I was thinking Firewalla purple. Nobody's devices are jailbroken, and junior high kid Surface Go 2 is in S mode, so it's protected by the whitelist filters. Not a lot of risk, but kids and ex-wives, ya know. If I can manage the device (I swore I didn't want to troubleshoot, I know) from my phone, bueno.

2. For my single life pad, either a Firewalla Purple or or Netgate 1100 seem to be OK (1Gb, fewer than 10 devices). However, seeing comments like this are concerning re: the Netgate:

quote:

---

Note that per the pfSense docs and GUI “MSS clamping for TCP connections [is set] to the value entered above minus 40 for IPv4 (TCP/IPv4 header size) and minus 60 for IPv6 (TCP/IPv6 header size).”

Meaning my actual MSS requires to be set to 1412 to be able to send Signal messages or access DuckDuckGo at all.

---

I'm a nerd, but I'm too old to be changing TCP packet sizes.

What say fellow nerds for those scenarios?

quote:

---

I have the Purple w/ 1000/1000 ATT Fiber. Works great,app is nice, and its relativity easy to use. We use it to control my daughters access times and content viewed. It's a cool product but keep in mind support is ticket system only.

It's got some neat DNS security features, VLAN ability, and frequent software updates.

---

I got sick of my unifi equipment dropping connections once a month or so and having wife, kids, etc "need" me to fix it while I'm at work or whatever. Never had issues with the old netgate so I decided to put that back into service.

Then, I went to update it and found that it can't be updated without flashing it to newer firmware because the way it boots has changed. Got it connected up via serial port/terminal did the reflashing from a USB drive and it was a bit of a PITA to get back up and running. Had to frick with it for 2 hours and lost pfblocker-NG settings. I hate feeling like I'm doing IT work at home so this is where the firewalla is appealing.

TP-link makes super simple routers that have firewalls, and then you have cloud products like Omada and Meraki Go. I gave my mom google nest wifi and it is super simple and reliable but I prefer POE and ceiling mount.

Of course, another option is to eliminate the firewall and segmentation all-together like it is in most homes. My kids devices have parental controls on them. I do have porn and tiktok blocked but I could do that with software solutions on the devices.

quote:

---

I'm just saying, if a device has a serial (RS-232) port, it should not probably be powered on a prod or non prod network right now.

---

Serial ports still exist on virtually all enterprise network devices. It's done via usb and usb to ethernet.

quote:

---

shite, that's depressing. I think the last ISDN router I provisioned was with a console cable, not serial.

---

console cables are serial.

All enterprise routers and firewalls have serial (console) ports. Juniper, Cisco, Aruba HPE, Dell, Fortinet, Palo Alto, F5, etc all have them.