I saw that CPU Usage and Memory dashboard widgets are available on the dashboard "for single box MSPs" with MSP 2.10.0.
Looking at the MSP 2.10.0 dashboard on my single FW Gold Pro I'm not seeing the widgets?
I've been running a Gold Pro since release and the one thing that's always bugged me is not being able to see my network segmentation visually. How VLANs connect, which rules gate traffic between them, and what's actually happening at a glance.
The MSP site and the app are great for managing things, but when I'm troubleshooting why my wife's work laptop can't reach a site, or trying to figure out which IP to assign a new service, I end up cross-referencing three different screens.
So I forked Homelable and vibe coded this tool (Sunder) that pulls from the Firewalla API (MSP & Local) and turns it into an interactive canvas. It's self-hosted, runs alongside your box on any Docker host or lxc.
Here's a live demo with sample data (no Firewalla needed): sunder.vibotic.app
What you can do in the demo:
Everything auto-discovers from your Firewalla (VLANs, devices, rules, APs, target lists). No manual configuration.
Still early and actively building. Would love feedback from other Firewalla users on what's useful and what's missing. The demo has sample data that roughly mirrors a segmented homelab setup, so poke around.
I just put this together to really meet my needs and share for anyone else that may be similar.
Also, if vibe coded apps are against sub reddit policy, apologies in advance.
I use cable internet as my primary WAN and have a cellular gateway as a backup. The last two days I have intermittent cable outages and the initial failover works fine.
The problem is when the outage is intermittent it becomes a flapping mess. Can you add a timeout option to prevent this? I would set mine so it only attempts to fallback to primary once a hour.
What is the best way to anticipate/predict the End of Life of a Firewalla (i.e. Gold SE)?
I have a server that Firewalla has marked as "Ineligible" for Active Protect because the host uses my internal AD server as its DNS resolver instead of Firewalla. The AD server forwards external lookups to Firewalla, so DNS still ultimately flows through Firewalla — but the client points at AD so it can resolve internal records.
The issue: even though Active Protect shows "Status: Ineligible" on the device page with no toggle, it is still actively blocking outbound flows from this host. Every blocked flow's detail page says "Feature Matched: Device Active Protect." Destinations being blocked include:
github.com and *.githubusercontent.com*.pool.ntp.org (NTP time sync)1.1.1.1:443None of these are threats. Confirmed via tcpdump on the host that the SYN goes out clean and a spoofed RST comes back ~1.8ms later, which matches Firewalla's flow-blocking method.
This has been going on chronically — the History tab shows blocks at regular intervals across the entire day. I only noticed because the server started emailing me about failed automated tasks that depend on these destinations.
Questions:
Setup: Firewalla Gold, firmware 1.982.
Happy to share screenshots or packet captures if helpful.
I have a Plus and Orange. 95% of the time I open the app it’s to do something with the Plus? Is there a setting I’m overlooking to have the app default to showing me the Plus instead of the screen that shows the plus and orange and I have to choose one?
I’m in the process of moving away from the Eero ecosystem for a number of reasons and have decided to pull the trigger on a Firewalla setup. I’ll most likely need two AP’s but I can’t decided between the orange and the gold SE. Whichever one I go with will be replacing my Verizon FiOs router and I would appreciate any and all thoughts. I also would love any suggestions on a good switch to use with my setup.
With Firewalla AI, MSP Active Protect can help filter Alarms in MSP, review Security Alarms, and automatically archive low-risk alarms. Firewalla AI can also mark high-risk alarms as critical and bring them to your attention.
MSP 2.10.2 is in production! Check out the full details here: https://help.firewalla.com/hc/en-us/articles/49811464349075-MSP-Release-2-10-New-Single-Box-View-Email-Notifications-Merge-with-My-Firewalla-more
As the Firewalla hardware family grows, we wanted to combine all network configuration features in one place. Creating "Topology" to show you physical connections and moving the Wi-Fi inside the Network button. (Some users also didn't want to see the "Wi-Fi" button on the main screen if they didn't have AP7s.)
If you're interested in the Firewalla Switch, make sure to sign up here: https://forms.gle/PAeFv4M5yLgfB95z8
I just upgraded my Frontier service to 2gig, same price as what I pay now for 1gig.
I use double failover WAN with Frontier fiber (1g/1g) and Spectrum cable (1g/40m), and both WAN's are connecting at 2.5gig wire speed.
That leaves me with two LAN ports available, and one is currently connected to my Ubnt gig POE switch.
Upgrading my switchgear to 10g is not in my budget.
I am wondering if I can utilize the 2gig internet with e.g. a 2 port LAG config from Firewalla LAN to the Ubnt switch? I understand that won't give a single connection 2gig, but it would support multiple connections in aggregate utilizing 2gig.
Is that possible, any other options?
I bought my Firewalla gold plus when I started to build my home network. It was during Covid and i didn’t even know what I was doing. I ran cat6 through the whole house. Bought some Unifi switches and started tinkering. I made the right choice in Firewalla and truly love it. My skill and network has expanded since then and i now have a full blown home lab with mostly 2.5 or 10g networking through the house and a 2.5 fiber connection. Yes way more than i need but it’s part practical but mostly hobby. I have several optiplex “servers” a couple synology NAS and more iot devices that i can name.….
I saw a post earlier today that was talking about potentially Firewalla as a software option rather than just existing as a hardware-software combo. And I had a terrifying thought. What happens if my Firewalla quits on me? I imagine the failure is relatively low and I have had zero problems in the six years that it’s been up and running…. But it’s a real concern for me now. I have Vlans, hardware segmentation, and i run WireGuard on it for when i am traveling. It is all set up and running well, but in the unlikely event that it goes down, I honestly have no idea how I would get it back up and running. My whole house. Including light switches door locks, alarm, system cameras, plex server (the whole homelab) etc.. rely on 2 pieces of hardware my Firewalla G+ and my UniFi cloud key.
I almost sprang for a gold pro today…. I was thinking about upgrading from the plus to a pro, not because it’s necessary now, but some future proofing, and so that I could use the gold plus as a backup in case there was an issue with the pro. I’m sure this is all way overkill, and the chances of failure are probably so small. I’m probably overthinking it, but the thought of waiting for a new box to ship out trying to figure out how to reconfigure it and get everything up and running all the while the Mrs. and the kiddos are losing their mind because they can’t watch TV play. They’re on online games, or turn the lights on and off.
Can anyone share their backup strategy or thoughts? How badly am I overthinking this and what it makes sense to have the backup or something else that I can do in the event that there is an issue or just purchase one and wait for it to arrive?
And before anyone tells me the gold pro is way way WAY overkill…. It likely is, but why not future proof a bit and have better hardware for a cost that i can justify over several years of use.
Anybody figure out an optimal solution to protect an AP7C from humidity (and potential other weather)? I’d like to put one on my back patio ceiling (pre-wired by builder), but worried about long term effect of Tampa Florida humidity…especially during tropical weather. Anybody figure out a weather proof box…preferably low-profile that could be between ceiling and fan blades? The pre-wire is about 6’ from any edge of the patio, and protected by approx 16” of overhang (6’ away). Not sure how to protect it…and if I can just open it up…and spray the board with something to make it moisture proof. (I don’t have a 3D printer; but would be willing to pay someone if “this is the way”.)
I’m planning to use a Firewalla in transparent bridge mode alongside a UniFi UCG-Fiber.
My main question is specifically about Suricata. As I understand it, Suricata support is currently only available on the Firewalla Gold Pro, not the lower models. I don’t really need the Gold Pro for other hardware-related reasons.
So, for someone who already has UniFi IDS/IPS which to my knowledge is Suricata based, is the Gold Pro’s Suricata support a meaningful upgrade over the lower Firewalla models, or would it mostly duplicate what UniFi is already doing?
Also, aside from Suricata, is there any “must-have” Firewalla feature I would miss by going with a lower model instead of the Gold Pro in this kind of setup?
Thanks!
In a recent poll, we were surprised by how many of you wanted a software-only Firewalla. Before we commit, we need your help to shape what our Firewalla Software might look like.
Please answer our survey here: https://forms.gle/znJ1RbdSAo3r6QuL6
For more discussions: https://help.firewalla.com/hc/en-us/community/posts/51813529117715-Firewalla-Software-Bring-Your-Own-Hardware
Currently renovating my home. Likely won’t be done for another 6 months. I plan to use the Pro in new setup. Should I buy the current one now due to the AI RAM/SoC situation, or wait until I’m actually ready to deploy it?
Will have a 10Gbps ISP.
(Or is there likely to be a new Pro rev in the coming year?)
I've purchased 2 gold se and 2ap7s. I loved the concept and how they worked. But my AP7 has been a thorn. After close to 2 weeks it would drop WiFi. Then run a reboot recycle back on endlessly. Then get back online after 6+ hours. I’d then forget about it. But, this happed weekly. Now I’ve gotten them involved after testing all their suggestions…new Ethernet cable, new wall power. They want it shipped back via warranty. Now I’m out of a router and literally will go to Best Buy because Firewalla doesn’t understand what not having internet feels like, or waiting for more than a week fix feels like. I feel like they really don’t care about my first impressions and are penny pinching. My products are 1 and 2 months old. I was a fan. Please keep me a Firewalla fan.
Edit to post: my ap7 is broke…gold se I think works ok. Hard to know as the ap7 doesn’t give WiFi now.
tldr; new iPhone connected to my network AP with full internet access (Airplane mode on) but not showing in the Firewalla app at all.
I've had a pretty steady Firewall Gold setup with my Omada network. Uptime around 6 months until this weekend when I rest everything because of this oddity.
Friend came over with a new iPhone so we sat down to jump through the hoops of getting them on the network and out of quarantine. The usual iOS thing where I shared the Wifi AP password when prompted and then opened the Firewalla app to take the device out of the expected quarantine, but it never showed up.
We checked the Wifi settings and made sure the MAC address was fixed. I tried searching in the app for the MAC, the share name, and even the IP. His device was not showing up anywhere, in any group. Checking the Omada app I could see that his client was indeed connected and to which AP. I confirmed the IP was coming from the Firewalla as the only DHCP server and gateway IP for the network. We turned on Airplane mode and still he had full internet access with no sign of the device in the Firewalla app at all. Even after several app restarts and refreshes.
What in the world; How could this device be on the network and have access without actually showing up or being quarantined?
I have a had my AP7 ceiling mount since the unit was first launched and today something strange happened. Today, the led on the unit was flashing red. My other two desktop units were operating in normal state according to the app. When I went to check on the ceiling unit, to the touch it was extremely hot. My unit is not in the attic, or anywhere else that is exposed to extreme heat, it is mounted to the ceiling on the second floor. My question, what is the standard operating temperature in a room temp house and is it possible I have damaged/defective unit?
This afternoon two of my three AP7Cs went offline. Most clients reconnected to the third functional AP7. All three AP7C’s are connected to a PoE++ switch that is then connected to the Firewalla gold. This setup has worked flawlessly since the fall of last year. I immediately thought of overheating as a potential culprit but given the fact that two units, one in a cold basement and the other in a warmer upstairs both had issues at the same time, I felt it was unlikely a thermal issue. I checked the app to see if any firmware was pushed and saw nothing since April 16th.
I ultimately powered my whole networking rack down, powered everything up and seemed to still have some AP7 issues (all AP7s complained they couldn’t get an IP).
I then took the opportunity to update the PoE switch firmware, rebooted the Firewalla and PoE switch again and things came back up and all AP7s reconnected.
An hour or so later at least one if not two AP7s were down. I then began reseating all the PoE cables from the AP7s to the PoE switch ports, leaving several minutes to pass for one to remain offline since it seemed to be rebooting and/or not allowing client devices to connect (the led state would switch from red to blue frequently at the end, when earlier it was a solid blue when not working).
I was surprised there were no alerts from my Firewalla that two of my three APs were offline today. The only way I found out there was a problem was due to the fact that an Apple TV is pinned to only one AP and that AP was down.
Here are my questions after troubleshooting the problem:
Is monitoring of the APs for availability/uptime, similar to the WAN monitoring on the software roadmap (with app alerts)?
Are there any logs on the Firewalla gold that I can access somewhere in the app or by using SSH to the Firewalla to determine why my AP7s went offline?
Are there any shell commands to pull thermal readouts for the AP7s? If not, will this be added to the app in the future? What is the accepted Fahrenheit range when measured by the AP7C device? The most problematic one I had today is significantly hotter than the others on the non Firewalla logo side so I am curious to check temperature readings. It has always been warmer than the others since it was installed last fall.
Thanks for your time reviewing my questions!
I have a Firewalla Gold SE. It has the following ethernet connections:
Port 1 connects to my Access Point
Port 2 connects to my Roku
Port 3 no connection
Port 4 connects to my XFinity Modem
When I go to the Firewalla App and select “Network” and then select the “Roku” network, it shows 2 devices connected to this network. The two devices are my Roku and my Firewalla. So my Firewalla is showing as a device on my Roku ethernet network .. but I think this makes no sense as it is not part of that network
Update: I received this answer from tech support: “This is an expected behavior. Firewalla itself may appears as a device under a LAN. It shouldn't cause you any issues.”
So your Firewalla will show up randomly as part of one of your LANS
