ZDNET’s key takeaways

• The Firewalla Gold Pro is available for preorder for $838.
• It offers enterprise-level security with high performance, advanced features like deep packet inspection and multi-WAN support, and user-friendly configuration.

• It’s larger and more expensive than basic consumer firewalls, requires an external access point for Wi-Fi monitoring, and may require advanced configuration knowledge for some features.

In 2022, I upgraded to the fastest residential broadband available — 2 Gbps fiber. As we approach the end of 2024, internet service providers (ISPs) are pushing the limits, offering speeds up to a staggering 10,000 Mbps (10 Gbps).

Fiber internet remains the gold standard for speed and reliability in the US, with top providers offering ultra-fast plans:

• AT&T: Up to 5,000 Mbps

• Google Fiber: Up to 8,000 Mbps

• Xfinity: Up to 10,000 Mbps

Such high speeds are crucial if you work with large data volumes, like video editors, 3D modelers, and organizations using Generative AI that need fast data transfer at the edge of their networks. Many of these users also require fast, reliable VPN connections. While a computer can initiate a VPN, it consumes significant processing power, affecting performance. A dedicated device for continuous site-to-site VPN connections ensures encrypted data is processed efficiently, maintaining near-wired speeds.  

View at Firewalla

Standard broadband gateway devices from ISPs usually include simple NAT routers with basic rules but lack advanced packet processing, VPN management, and threat detection. For users with high-speed broadband, a dedicated hardware firewall is essential. Traditional high-speed firewalls from SMB and enterprise vendors are often prohibitively expensive, designed for large sites, requiring extensive networking knowledge, and costly ongoing updates and management subscriptions.

Also: How to secure your home and office network: The best DNS blockers and firewalls

Enter Firewalla, a company founded by former Cisco engineers. Firewalla aims to make unified threat management accessible for small and home offices and remote professionals. Its products offer high-speed firewall solutions that are both user-friendly and cost-effective.

Having extensively used and recommended Firewalla products, I was eager to review the company’s latest offering — the Firewalla Gold Pro. I had high expectations, but this new device still managed to impress. Here’s an overview of the current Firewalla product line to help you choose the best model for your needs.  

The Firewalla Gold Pro is the company’s largest and heaviest product, built with solid metal for durability and enterprise-grade quality. Weighing 38.5 oz (1,090 g) and measuring 8.54 x 6.5 x 1.69 inches (21.7 x 16.5 x 4.3 cm), it meets the robust standards of SMB-level network equipment. Despite its size, the Gold Pro operates efficiently and silently with a 110V AC power brick, drawing up to 33W.

While it functions well in typical residential and small office setups, it’s best to connect the Firewalla Gold Pro to a pure sine wave UPS to protect against power fluctuations. The unit is passively cooled and should be placed in a well-ventilated area, as the aluminum case can reach up to 140°F when fully loaded, especially in warmer environments. An optional rackmount enclosure is available for integrating the Gold Pro into a standard datacenter-style rack.

The Firewalla Gold Pro includes two 10 Gbps ports (one typically used for WAN but configurable) and two 2.5 Gbps ports. I recommend supplementing it with an additional 10 Gbps or 5 Gbps switch for optimal performance.

In my setup:

• Another 10Gbps port connects to a 16-port 10 Gbps switch, linking servers, Wi-Fi 6E access points, a 5 Gbps high-speed desktop switch in my office, and storage.

This configuration maximizes the Firewalla Gold Pro’s performance and ensures optimal connectivity across my network.

Installation

Thanks to the iOS and Android smartphone apps, setting up the Firewalla Gold Pro is straightforward. The setup and configuration procedure uses Bluetooth, which is provided if Ethernet connectivity is disrupted or the device needs to be managed or reconfigured out of band.

When the app prompts you during initial setup, scan the QR code on the bottom of the device to pair it with the app. If you’re an existing Firewalla user, you can “clone” your current configuration, preserving all settings, including rules, device groupings, segmentation, and ISP configurations. In my case, selecting “Replace Device” made the process seamless.

New users must choose between “Router Mode” and “Transparent Bridge Mode”:

• Router Mode: Firewalla functions as the primary router, managing all network traffic with full functionality.

• Transparent Bridge Mode: Firewalla is placed within your existing network without altering the IP address scheme. 

I recommend Router Mode because Transparent Bridge Mode disables key Layer 3 (IP layer) services like VPN Client, Policy-Based Routing, Smart Queue, Site-to-Site VPN, and Device Monitoring. If you opt for Router Mode, the setup may vary slightly depending on your ISP. Firewalla provides detailed documentation for various ISPs.

For example, as an AT&T Fiber user, I needed to configure my gateway for IP Passthrough, allowing Firewalla to manage the network. This involved logging into the gateway, navigating to the Firewall menu, selecting “IP Passthrough,” choosing “DHCPS-fixed,” and selecting the Firewalla device from a dropdown list. Once configured, all traffic is routed through Firewalla, bypassing the gateway’s router functions.

Also: Firewalla launches Purple: Its must-have network security device

One limitation is that Firewalla cannot monitor the built-in Wi-Fi of a residential gateway. Even in IP Passthrough mode, devices connected directly to the gateway’s Wi-Fi bypass Firewalla’s protection. To avoid this, dedicate a Wi-Fi access point behind Firewalla for all wireless connections. For smaller households or offices, a consumer-grade Wi-Fi router or mesh node in “bridge” mode (not NAT) also works well — I previously used a three-node Eero Pro 6 mesh setup with Firewalla Gold, which worked flawlessly.

The key is to avoid a double-NAT scenario. Firewalla should handle primary NAT, create your IP scope and segments, and act as your DHCP server.

Firewalla Gold’s Pro’s performance

Once configured in Router Mode or Transparent Bridge Mode, the Firewalla Gold Pro intercepts all traffic at the deep packet inspection level. Thanks to its powerful Intel 12th-generation processor and 8GB of RAM, this process occurs without any performance loss. In our tests on a 2 Gbps AT&T Fiber service, the fastest available to us, we successfully pushed the broadband connection to its 2 Gbps limit. Internal tests achieved Ethernet link speeds of 10 Gbps, with data transferring at that rate.

Significantly, we pushed WireGuard connections beyond 1 Gbps to a metropolitan-connected Linux host in a test cloud region, limited only by the target system’s broadband capacity.

The smartphone app provides a detailed view of historical WAN and WiFi performance and live throughput for every device on the network. The system also runs periodic tests to verify whether your provider delivers the advertised speeds.

Network protection overview

I’ve found that Firewalla’s security intelligence system, both on the device and in the cloud, is incredibly robust. The company tracks over 129 million security objects, including IP/domain histories and other critical data, and enables the device to effectively safeguard your network, constantly adapting to new threats as they emerge.

When it comes to protection, Firewalla’s approach is comprehensive. All data packets are meticulously filtered through multiple layers, including Block Lists, Ad Block Lists, and Static and Dynamic Block Lists, alongside IDS/IPS (Intrusion Detection/Prevention) and the Behavior Module. This multi-layered strategy gives you a continuous sense of security, knowing that known and emerging threats are being addressed.

One feature I particularly appreciate is the pre-configured Target Lists that come with each Firewalla device, like OISD and Log4j attackers, which automatically block malicious websites and IPs. Additionally, the ability to create custom target lists means I can tailor the protection to fit my specific needs, making the experience even more personalized.

Also: Firewalla hands-on: Easy to set up with plenty of features to help protect your home network

Firewalla also makes it easy to manage devices on the network. It automatically detects all devices and groups them by function (e.g., “Computers,” “IoT”), which simplifies applying rules across multiple devices. This is especially handy for devices with MAC randomization, like iPhones using private Wi-Fi addresses. Disabling this feature has improved visibility and made it easier to apply rules.

The IDS/IPS system is another critical layer of defense in my network. It detects and blocks unauthorized access attempts, like SSH intrusions or known exploits such as Heartbleed, which should give any network security professional at an SMB peace of mind.

Finally, the Behavior Module stands out as a vigilant guardian. It monitors network traffic for unusual patterns, such as a typically low-traffic device suddenly sending large amounts of data. When this happens, the module sends an alert, allowing you to address potential threats before they escalate. 

It’s this kind of proactive monitoring that has really reinforced my trust in Firewalla.

Configuration and management

One of the things I appreciate about Firewalla products is how user-friendly they are, especially for a small office and home office setup like mine. The initial configuration through the Firewalla smartphone app is straightforward, and for most tasks, it’s all I need. For more detailed management, the my.firewalla.com website provides a handy dashboard for viewing flows, configuring rules, and monitoring network activity.

In April 2023, Firewalla introduced the Managed Security Portal (MSP) subscription service, which offers even greater functionality. While the MSP service has various plans, the Free plan with 24-hour flow storage for a home office is probably sufficient. It covers basic network management well and offers enough visibility into network activity for my needs. More advanced home users and small businesses who require more extended visibility into their flow data might want to go with the 30-day flow plan, which is only $39 per year.

Also: Upgrading my network to 2.5Gbps with the fastest small business and residential firewall: Firewalla Gold Plus

For organizations with multiple Firewalla devices and branches, Firewalla’s MSP also offers different seat options depending on how much detail you need to monitor your devices. The No Flows Seat works fine for basic monitoring, but there are options for more in-depth analysis if you need it. MSP also provides VPN Mesh capabilities to link your branch networks over the internet using encrypted tunnels with WireGuard.

Even though MSP adds many new features, I still find that certain configurations, like VPN settings and live network monitoring, are best handled through the smartphone app. It’s a good balance between ease of use and advanced features.

ZDNET’s buying advice

The Firewalla Gold Pro is an exceptional choice if you need powerful, high-performance network protection without the complexity and cost typically associated with enterprise-grade firewalls. With its robust build quality, advanced features like deep packet inspection, and seamless configuration through an intuitive app, the Gold Pro delivers enterprise-level security and performance in a package accessible to small offices, home offices, and power users.

Whether you’re pushing the limits of your fiber connection, managing extensive VPNs, or securing a complex home network, the Firewalla Gold Pro excels in every category. The recent introduction of the MSP service adds even more flexibility and control, making it easier than ever to manage your network.

For anyone looking to future-proof their network with a versatile and user-friendly firewall solution, the Firewalla Gold Pro is a top contender, offering unparalleled value and performance.