Upgrading my network to 2.5Gbps with the fastest small business and residential firewall: Firewalla Gold Plus

In the year In February 2022, we looked at some of the best DNS blockers and firewalls to keep your small business and residential network secure. Firewalla was developed by a team of former Cisco engineers from a list of recommended hardware firewall products that were easy to use to provide maximum performance for a small business or residential broadband connection.

It should be noted that high-speed broadband does not require a high-speed firewall device. One can go without a firewall by connecting directly to the service provider’s high-speed residential gateway and “get away” using a NAT-based firewall; However, I do not recommend the configuration in today’s threat actor-rich environment as a small business — anyone can be a target.

I like the firewall because it’s easy to install, especially inexpensive, and doesn’t have ongoing charges. Unlike the DNS blocking solutions listed in that article, it’s a true embedded Linux, IP-based rule with advanced intrusion detection capabilities that can monitor every device on your home or small business network. Their products are also very fast, which means you get wire-line performance on the monitor connection; When considering protecting your business and home broadband connection, there’s no significant downside to the software-based firewall solution you can get.

The firewall has an excellent app for mobile devices to manage it and receive alerts and a robust remote management web interface. You don’t need to be a network security expert to set rules and protect your network.

Still, while it’s easy to set up, it’s possible to set some very fine-grained protections and permissions on a device and block a list of different target groups and much more. For the most part, the default configuration applied to all devices on the network is sufficient to protect most home users and small businesses.

At the time that previous article was written, the firewall had four products: Red (100 Mbps), Blue (500 Mbps), Purple (1 Gbps), and Gold (multi-gigabit).

Today, there’s also the Purple SE (advanced protection under 1Gbps) and the Gold Plus — which looks very similar to the Gold with 4x1Gbps ports, but this device has 4×2.5Gbps ports. With channel bonding (LACP) and a supporting gateway device, you can connect Firewall Gold Plus over a 5Gbps+ broadband connection.

In terms of functionality and features, Gold and Gold Plus are similar, but Gold Plus has twice the speed of wireline.

I recently installed Firewall Gold Plus on my network. You may be wondering what kind of network and home broadband you need to take full advantage of this device’s wire-speed packet inspection capabilities: very fast.

Thirst for speed means an upgrade is needed.

A few months ago, I signed up for AT&T Fiber’s 2gig+ service, combining a fiber terminal and router into one device, with a 5Gbps ethernet port for ultra-fast gaming PCs. But I didn’t have a computer fast enough to use this connection until I recently purchased an Apple Mac Studio with built-in 2.5Gbps Ethernet for my workstation.

Mac Studio can use one of the three ports on the firewall (one must be dedicated to the broadband WAN interface), but what about all the WiFi stuff and other Ethernet-connected devices?

For that, we need a 2.5Gbps switch — actually, we need two because of how many devices we have. For the comms part, where the broadband drop was, we chose Netgear MS108EUP8×2.5Gbps ports and 40W and 60W power-over-ethernet (PoE+) managed switch for remotely connected wireless access points.

We decided on TP-LINK for my office. TL-SG108-M2Unmanaged desktop switch with 8×2.5Gbps Ethernet ports. Between these two switches, I had enough spare ports to hardwire (including a legacy 24-port 1Gbps switch) for my other devices in my office and home.

To eliminate the possibility of bad connections, we purchased new Category 6 Ethernet cables with 2.5Gbps as a link-to-switch for all of our connected devices. I can’t stress how important this is when trying to reuse some of my old Category 5e cables on the faster 2.5Gbps ports, as I couldn’t get them to negotiate properly and spent hours investigating various network issues. Result. So if you’re going to spend $1000+ on a new high-speed firewall and accompanying switches, buy some new Cat 6 cables too.

As for WiFi, while it wasn’t a necessary upgrade from my Eero Pro 6, since I was getting 400Mbps-500Mbps reliably – more than enough to do any 4K video streaming work, I wanted to use PoE and also a 2.5Gbps connection, so I bought one. Netgear WAX630E The AXE7800 is an enterprise-grade WiFi 6e managed access point ($369), which provides the fastest-possible wireless connection to everything in the home and future-proofs it for 6Ghz devices (maybe my next iPhone or iPad).

If you’re looking for something a little more expensive with 2.5Gbps connectivity but only 2.4 and 5Ghz bands, I’d recommend the AX1800 ($150), AX3000 ($159), and the AX3600 and AX6000, as the above access point is probably overkill. Models. Depending on how much coverage you need – these all have 2.5gbps Ethernet ports and are powered by PoE+. Some, like the AXE7800, also include a 1Gbps Ethernet port to power off a second switch or other Ethernet-connected device, helping to extend gigabit connectivity to other wired devices.

As with the switches, we ran Category 6 cable to the new AP through one of the MS108EUP’s 60W ports to ensure a clean connection. We also set the broadcast 5Ghz SSID network on the new access point to 160Mhz channel width so modern clients like my iPhone 14 Pro Max, recent Android devices and MacBook Pros can use the WiFi 6 connection.

Over 2Gbps on board

We didn’t have to do much other than the Gold to get Firewalla Gold Plus working. We booted it up, installed the smartphone app, connected to the device using Bluetooth on our iPhone, and set it to “router mode.” We also had to configure IP passthrough on the AT&T Fiber residential gateway web interface to route everything to the MAC address of the firewall’s WAN port, which is AT&T specific.

We also used the app to migrate previous rules that were stored in the firewall cloud in the previous product. But once we did that, it was pretty smooth sailing.

Let’s start with a wired performance using Mac Studio. With 35 to 50 percent of flows blocked using built-in rules and full ad blocking enabled and over a million objects filtered using the firewall’s advanced threat protection, we were getting speeds above and below 2Gbps using Speedtest.net. Using Fast.com local test servers.

And WiFi? Averaged over 650Mbps in both directions, sometimes over 700Mbps or 1Gbps depending on the device — we could download up to 800Mbps or 900Mbps WiFi on our Qualcomm 888-based Android phone thanks to advanced wide-channel support.

Who is it for?

We were impressed with the 2gbps service speeds of the Firewall Gold Plus and AT&T Fiber. But who needs broadband this fast? A 1Gbps connection is sufficient for most residential consumers and small businesses. Unless you have a dozen kids at home streaming Netflix or 1080p zoom calls, you probably don’t need 2Gbps fiber broadband.

More advanced PC gamers will want this for low-latency connections and cloud-based virtual reality, but that’s a big deal — at least until we’re all connected to the Metaverse. But content creators who need to upload and download high-volume videos and appreciate high-quality photos will appreciate it, as will anyone looking for better quality video conferencing solutions that offer a reliable connection and zoom for 4K streaming video.

I believe an argument can be made for a 2.5gbps network upgrade as it will improve WiFi network usage slightly over supported access points. It is also useful – if the PC workstation supports these high speeds – for large file transfers on the LAN, especially when connected to NAS units, the backbone of the Fast Ethernet standard 2.5, 5, and 10gbps switch.