April 28, 2022 · Product Reviews, Products

Firewalla Purple Provides All-in-One Network Security

By

Indiegogo staff are putting crowdfunded products to the test in our series of honest reviews. In this review, Indiegogo’s Engineering Manager provides an honest review of Firewalla Purple, a next-generation smart firewall for home and work.

My network setup backstory

As more and more in-home devices become network-connected, visibility into what data is flowing in and out of a home network has shifted from a nice-to-have to a necessity. Feeling limited by the capabilities of my home network appliances, I recently embarked on a journey to find something better – and ended up with a solution that surpassed my expectations.

Over the years, my home network solutions have shifted based on my needs at the time. A previous iteration made use of an Arris Surfboard modem paired with an Apple Airport Extreme, plus a few Airport Express units for whole-home coverage. Most recently, I landed on a Netgear Orbi mesh system, which provided an all-in-one approach via a combined modem/router/AP and additional satellite AP. Both satisfied my needs for whole-home coverage, but each came with their downsides. And in both cases, visibility into the network and attached devices was fairly lackluster. Further, both seemed to have a “it’s fine, trust us” approach to security with no real visibility or metrics around data flows. Netgear provided an advanced security solution to the tune of $99/year; I never tried it, on the principle of not wanting to pay for Yet Another Subscription.

Why I chose Firewalla Purple

I decided I wanted to lean into a separation of concerns approach in which my modem, router/firewall, and WAP were all separate devices. This would give me the most flexibility when it comes to swapping out components (due to failures or for opportunistic upgrades) or choosing devices that excel in their specific areas – avoiding the “jack of all trades, master of none” issue that can come with all-in-one solutions. I decided to purchase two Ubiquiti Unifi Wifi 6 APs – highly recommended by a friend – and recommissioned the Arris SB6190 modem I held onto from my Apple Airport network days. All that was missing was something to act as a router and firewall. Enter the Firewalla Purple.

I started out my search for a router, pondered managed switches, and ultimately came across Firewalla’s offerings – the Firewalla Red, Firewalla Blue, and Firewalla Gold. I clicked through their website to compare models, and the functionality really spoke to me: Active security alerts, data flow visibility, VPN capabilities, Ad Block – so many features were baked in (and without a subscription!) that the bar was raised on what role this missing piece in my network could play. The Firewalla Gold was a little pricey, and a bit beyond the functionality I was looking for. Fortunately, I was made aware that Firewalla was currently in the crowdfunding stage of their newest appliance, the Firewalla Purple. I decided it was worth the wait until crowdfunding completed, and became a backer of the Firewalla Purple.

Photo Credit: https://www.gocomics.com/calvinandhobbes/1989/03/04God’s Crime Scene (or, Waiting for My Propeller Beanie)

The ten days between my Firewalla Purple shipping and delivery in February 2022 had me feeling like Calvin waiting for his Chocolate Frosted Sugar Bombs Propeller Beanie. Each day I’d excitedly check the mail, and… well, one day it finally arrived. I finally had the literal missing link in my new home network, so I got to setting things up.

The box!

First impressions

It’s a minor thing, but my first positive impression was of the packaging. I’m a sucker for well-designed packaging. Firewalla’s packaging is all paper/cardboard, likely recyclable, and the minimalist size and design is just a joy. A quick install of the iOS app, and I’m into the setup process. Setup is straightforward; I really appreciate that the device uses Bluetooth for initial configuration, a departure from the common “broadcast wifi” setup method which, in my experience, has been fraught with problems.

What’s in the box

A few simple configuration steps – I configure my Firewalla Purple in “Router Mode”, which is the recommended topology – and my Ubiquti Wifi6 lights up with an established connection. I’m immediately presented with a handful of local device identification notices; no surprises, but nice to see the immediacy at which the Firewalla recognizes and informs about new devices on my network. I leave the devices with default settings for now so that connectivity flows freely, with plans to come back and (micro-)manage them.

Poking around the app, I discover functionality I wasn’t expecting, including an Open Port scanner, helpful to determine if any devices are exposed to the internet. Over the years, I’ve tinkered with port forwarding settings on my gaming devices and PCs, and played around with external connectivity settings on my Network Attached Storage shares, so there’s a non-zero possibility I left something in a partially-configured state. I expect (hope?) that there are none, and am comforted by the app’s report that this is the case. I also hadn’t expected FireWalla to have an Ad Block feature, and I’m pleasantly surprised to discover it.  I turn it on immediately, figuring it can only be beneficial. We’ll come back to this.

As I move ahead with Clicking All The Things™, to configure settings or verify defaults, I discover some features I’ll be sure to revisit in the future – Smart Queue will be helpful for prioritizing my household’s work-related network traffic;  VLAN support will be great for separating my trusted/human-operated devices from IoT devices; VPN Server functionality will provide connectivity to my NAS appliances without risking opening them up to the internet.

 

My updated network devices

48 to 72 hours later, I tune alerts a bit – yes, I know my PS5 accesses gaming sites; yes, I know my Smart TV uses a large amount of bandwidth while Netflixing – and I move into some extended functionality of the Firewalla. Moving devices into logical groups allows me to apply unique policies based on however I’ve chosen to group them. As an example, I’ve found that my Smart TV’s Hulu app complains when it can’t load ads, and thus won’t play content. So, I’ve grouped my Audio/Video devices together and turned off the Ad Block policy on them, while keeping it enabled for my other devices. New Device Quarantine functionality lets me move new devices into a group with specific access rules until I decide where they should ultimately be placed; this will be helpful to ensure no new devices join the network without explicitly having permissions applied.

40-day check-in

As of this writing, I’ve had my Firewalla Purple deployed for 40 days. The following are my likes/dislikes from this first month+ of experience:

Likes

  • Mobile app alerts & network flow dashboards – I feel like I’ve never had a clearer picture of what’s happening with my home network, and all in one place.
  • Device groups & policy management – Classification of devices is my call, and applying policies to them is a snap.
  • Remote management – The app seems as responsive when I’m out of home as it is when I’m in. I don’t have to jump through extra hoops to jump or log into a clunky online portal.

Dislikes

  • Further tuning of Alerts would be nice – I get “Abnormal Upload” notifications daily from some IoT devices and some expected devices connecting to expected services like Dropbox, GoogleAPIs, etc. I have the option to mute such alerts based on the site/domain/IP, but any of those available options feel like they’d mask legitimate Abnormal Uploads – 1-2MB uploads to these remote hosts is “normal”, but I’d prefer being informed if the order of magnitude changes and 10s or 100s of MBs flow out.

Looking towards the future

My next steps with Firewalla Purple are to utilize functionality it provides that weren’t immediately on my radar when I set out to rebuild my home network. Configuring VLANs to separate IoT devices from the rest of my network will create a segmented network of trusted vs “less than trusted” devices. And, as mentioned before, I’ve long wanted access to specific data on my NAS devices, but hesitated to expose them to the internet. Configuring a VPN Server on my Firewalla should help in that regard, and exemplifies the separation of concerns approach – I’ll let my network device handle the networky stuff, and let my NAS handle the file sharing stuff.

Network Performance mobile app view

Long term, Firewalla Purple provides additional features that I’ll keep in mind if use cases arise where they’ll be helpful: Trusted LAN falling back to a local wifi hotspot is an interesting method for maintaining connectivity around ISP blips at home, while the portable hotspot may come in handy while traveling, providing familiar security when connected to hotel or Airbnb hotspots.

To learn more, check out the campaign for Firewalla Purple.