Security and privacy are at the heart of our concerns with technology now. With every breach, hack, and vulnerability, we discover how frail this digital footprint we’ve created is. To protect ourselves, we make sure our devices are always updated with the latest security patches, we try to avoid suspicious sites and apps, we keep our eyes open for phishing attempts in our inbox, but that still isn’t enough. If you have smart home gadgets or if you don’t control every device in your household, you need network-level protection. Some Wi-Fi routers offer this, but the feature is usually tied in a monthly subscription.
Firewalla aims to provide that network-level protection for a one-time fee ($109 or $179). You buy the tiny device, plug it in, and it monitors all traffic, whether it’s coming from wireless or Ethernet devices, and warns you when something seems out of order. It also adds a bunch of smart features to your network: parental protections, per-device rules, ad blocking, VPN server, among others. I’ve been using it for a month and it has become a valuable tool in my house.
Hardware, what’s in the box
Before you get started with Firewalla, you need to look at the list of compatible routers and mesh networks and make sure yours is supported. If that’s the case, you have to choose among two possible units: Red ($109) for internet connections that are slower than 100Mbit, and Blue ($179) for faster ones. Since my connection tops out at 16-20Mbit on a good day, I’m reviewing the Red, but all features should be the same across both options. Firewalla Blue can just handle a bigger load.
The tiny device is as simple as it gets. On the front, there’s Micro-USB for power and a MicroSD slot with a pre-inserted card, that acts as the brain of the device. The back has Ethernet and USB-A ports. Vents on the sides help it cool off, and a QR barcode on the top is needed to authenticate your Firewalla license.
In the box, you get the unit, an Ethernet cable, a wall charger and USB-A to Micro-USB cable, and a manual. You don’t need more.
Installation and setup
After plugging in the box for power, you need to connect it to your network over Ethernet. There are several possible scenarios here:
- If you have a modem/router all-in-one device, you just plug Firewalla in one of the LAN ports.
- If you have a separate modem and router, you plug Firewalla in one of the router’s LAN ports — it’ll monitor all wireless devices and even ones plugged into the router’s other LANs.
- If you have a modem and a mesh network, you need to plug Firewalla in the primary mesh device’s LAN ports — it’ll monitor anything connected to the primary or satellite mesh units, whether wirelessly or via LAN.
A few minutes of wait are necessary for Firewalla to boot up and initialize, so be a little patient. In the app, you’ll see a + sign to start the pairing process, which requires scanning the barcode on top of the unit. Then you’re taken through the initial setup, where you can choose between simple and DHCP modes. My Netgear Orbi is compatible with the simple mode, so I went with that.
The Firewalla app is chockfull of features and will take a bit of time to get used to, but once you know where everything is, it’s a pretty straightforward experience. Almost everything you set on the entire network can also be applied on a per-device basis, so keep that in mind as you read on.
On the homescreen, you’ll find your paired Firewalla units. Choose one and you’re presented with a summary of everything you need: a graph of total bandwidth usage from the last 30 days, 24 hours, or 60 minutes, shortcuts to access connected devices, alarms, rules, and all features (Ad Block, Family Protect, VPN Server, etc…).
30-day, 24-hour, and 60-minute usage on homescreen. The app has a dark theme for Android 10.
Beside customizing this screen to show more feature shortcuts, you can tap on the 24-hour graph (not the other two) to view a detailed network flow. It’s divided by hour, upload, download, chronological history, or apps. The latter is Firewalla’s own way of telling you what you used a device for (email, messaging, social, video, and so on); it’s not very precise as not all IP addresses are categorized, but it’s indicative enough.
Left: Customizing features. Middle: What’s happening now. Right: Reason for the 9pm 1.8GB peak.
This global view tells you when your network was used the most and through which IP. Tapping on any line reveals more details. You may need to do some sleuthing to figure out what an unknown IP address means, but as long as no alarm was raised by Firewalla about it, you likely don’t need to bother unless it’s something completely out of the ordinary like an inactive device uploading 200MB of data for no reason.
Firewalla doesn’t do a good job of letting your monitor which devices may be clogging your network right now. You can get that kind of information, but you’ll really need to dig around in the network flow as well as take into consideration that the Now tab consolidates everything from the top of the hour and often remains a couple of minutes behind. That aspect should be simplified.
If you’re not interested in immediate monitoring, you can still glean a lot of info from the general network tables or the per device ones. Every device also gets its own 30-day, 24-hour, and 60-minute graph, with control buttons, options to rename it, and check its MAC address.
Left: Device list ordered by download. Middle: Sorting options. Right: Device page.
This lets you track down what each device on your network is doing instead of viewing the global picture, and you can decide to act on certain domains and IP addresses straight away.
Left: Hourly downloads per device. Middle: “Apps” used. Right: Details of an IP connection.
Thanks to this, I was able to check what my smart home devices were doing all day. I discovered that my Nuki lock really only connects when it’s needed and never strays from the nuki.io servers. My Hue Hub also doesn’t do much if not called upon, same as my Somfy TaHoma smart blinds hub, and Cielo air conditioner remotes. It’s a relief to see that the devices I chose for my home aren’t spending their time talking to some unknown servers goodness knows where and uploading tons of data to them.
Left: Nuki’s usage is exemplary. Middle: Nuki IP addresses. Right: Hue Hub usage is clean too.
My SmartThings Hub, on the other hand seems to need a base 200KB/hour whether it’s doing something or not. Nothing alarming, but perhaps not necessary. The biggest culprits of background usage are my Google Homes and Lenovo Smart Display. Even when not used, the speakers can rack up to 10-15MB of uploads/downloads per day. The Lenovo, on the other hand turned out to be using 200MB/day even when we weren’t home because I’d set the ambient display’s photos to rotate every minute. I lowered the frequency and that got it down to around 50MB/day. Given my limited monthly allowance (a ridiculous 100GB), every saved MB counts and this means I have about 4GB more every month to use on something else.
Left: SmartThings Hub (30 days). Middle: Google Home (24hrs, unused). Right: Lenovo Smart Display (30 days).
Firewalla came in handy when both my husband and I were stuck at home for about a week because of the iffy situation in Lebanon. That meant we were both using our home connection for work and entertainment, but Firewalla helped us point out the biggest culprit sites after the first day and tone down our usage of them in the following days, thus avoiding large overcharges.
Passive monitoring – Alarms
Those who don’t want to be involved in baby-sitting their network can still benefit a lot from Firewalla. The device alerts you every time an unknown device connects to your network to avoid intrusions, tells you which open ports are left accessible, lets you know when VPN, video, gaming, or porn activity is detected, and keeps an eye on suspicious sites and uploads.
When we installed the Firewalla, my husband and I talked about which features we wanted to monitor and which were pointless. We don’t have kids so we don’t need to know about video, gaming, and porn usage, we also get frequent power cuts so notifications each time a device goes offline or online don’t make sense. Every household’s case is different, and you can control how you get alerted (notification on your phone or just alarms inside the app) and which devices to mute for each category. For example, you can watch as many videos as you want on your phone without triggering an alert, but the kid’s tablet sends a notification if they do.
Left: Alarm categories. Middle: Example of gaming alarm settings. Right: Actions after getting an alarm.
Over the month that we’ve used Firewalla, we’ve received a couple of suspicious site alerts (none from actively-visited websites, so most likely cookies or ads), but we got several abnormal upload alarms. In several occasions, these were expected behaviors: My Canary security cam uploading 12MB of data to its servers when it detected motion and recorded a video after midnight is normal, so I muted alarms for uploads to canary’s domain. On the other hand, any device using a P2P app will likely generate a ton of upload alarms and there’s no way to disable those on a device basis. It’s per IP or domain only, or you can entirely disable monitoring for the device, which means you give up on all the graphs. Neither is an ideal solution.
Firewalla’s upload alarms are too sensitive sometimes. A 1MB upload from my Google Home to Google’s servers isn’t something to be scared about, so I had to use my better judgment and avoid panicking each time I saw a notification. With time, I’ve lowered the number of unnecessary alerts by muting certain domains and IPs, but I’ve kept a few I’d like to know about even if I’m not going to act on them or block them.
Example of an abnormal upload alarm, details, and actions.
One of the main benefits of installing Firewalla was the ability to disable ads on the network-level for several of our devices. Instead of installing apps or browser extensions, one switch is flipped and you stop seeing ads in all your Android apps and all sites you browse. The downside is that you can’t set exceptions on a site-by-site basis, so Engadget.com doesn’t load at all for example, and some sites will refuse to show you content unless you disable the ad blocker momentarily to view them.
Left & Middle: Ad Block setting per device. Right: Android Police without ads. Not recommended 😉
For families, Firewalla offers three handy features: Family Protect, which acts like parental controls and blocks access to certain inappropriate sites; Safe Search, which filters out inoffensive content from results; and Social Hour, which disables all social network sites for an hour and stops distractions during family or dinner time.
Left: Family Protect setting. Middle: Visiting a porn site on a protected device. Right: Social Hour.
Left: Visiting Twitter during Social Hour. Middle & Right: Safe Search settings.
In situations where none of these global blocks apply, you still have the possibility to set up device rules: Pick the time of day and days of the week, choose which type of activity to block (games, social networks, P2P, porn, video, or gambling) or set up a specific domain, IP address, IP range, or remote port. Firewalla is also testing Geo-IP filtering to let you block all domains in a certain country.
Left: Blocking rules. Middle: One rule’s settings. Right: Choose what to block.
Left: Customize domains for each category of blocked sites. Middle & Right: When video is blocked.
Firewalla also includes plenty of other features that I won’t delve into. You can set up a VPN server to access your home network from anywhere, or try out the VPN client feature in beta which lets companies set up site to site access, or lets you route your entire traffic through a third-party VPN. There’s also a DNS Booster, IPv6 support, and some settings to control your Firewalla box.
What is missing
Having tested the monitoring and blocking features of Firewalla extensively, I find myself impressed by what’s available, but also missing a few features. The usage tables combine IP addresses hourly but not daily, so they don’t provide a better understanding of longer usage. They also don’t merge same IP address access from multiple devices, so there’s no easy way to know how much I’ve used YouTube from my phone and computer and Nvidia Shield combined. And I can’t set a billing cycle start date to see my usage for that specific month. The 30-day graph is only handy when I’m nearing the end of the month, not when I’m in the middle of it.
For rules, I’d like a bandwidth limit per device on an hourly or daily basis (i.e. this computer gets 1GB of usage per day, then it’s blocked) and if possible a way to limit streaming quality on some devices. Given my 100GB monthly limit, forcing 720p or 1080p video on all devices would be very helpful to avoid 4K video on sites that don’t provide a manual picker.
The ad blocker could also benefit from site-specific exclusions, though I doubt that’s possible or compatible with the way Firewalla currently blocks ads. Additionally, a minimum threshold for abnormal uploads would help filter out small and likely benign uploads, while a way to block alerts for a certain devices or activities (P2P) could reduce a lot of the useless alarms.
A few other minor changes like the ability to set a default sorting method for devices, and assigning icons for each one (phone, computer, smart light, thermostat, etc…) would make it easier to find the device you’re looking for in a long list.
Should you buy it?
Yes. Firewalla is a complete network monitor and a very decent cyber-security solution. In this tiny box lies a lot of power that lets you monitor each IP address pinged by each device on your network. Thanks to it, I know I can trust many of my gadgets, but I was also able to change some settings to avoid unnecessary overconsumption on others. In comparison, my Netgear Orbi just gives me a daily/weekly/monthly usage graph for all devices combined and doesn’t let me see which one may be sucking up my bandwidth should my consumption rise.
Firewalla’s alarms for suspicious behavior can be fear mongering if you don’t fully understand what your devices are supposed to do, so you have to approach them with wisdom, only enable alerts that you care about, and avoid panicking when an unknown server is accessed. More likely than not, it’s benign and you just need time to get used to each device’s quirky behaviors. But if you track down a really malicious upload or access, you can easily block that, and that’s another major benefit of owning this little device.
Add the ad blocker, full suite of family-friendly features, rules, and VPN server, and you have a simple but powerful all-in-one network tool. It’s like supercharging your home network with features that usually either require a custom router firmware or an expensive paid subscription.
Buy it if
- You want full control over your home network, especially for smart home devices and other gadgets.
- You keep going over your monthly allocation and don’t know which devices are causing the overconsumption.
- You have kids and want to stop them from accessing certain activities and sites.
Don’t buy it if
- Your router already provides some of these features for free and the rest aren’t worth more than $100.
- You’re comfortable using custom firmware on your router — you’ll likely find one that provides these features for free.
- You don’t have a compatible router.
Where to buy
Four months later
For the past four months, Firewalla has remained attached to my Netgear Orbi mesh as my all-in-one network solution. At a time when people are overusing their home connections, it helps me monitor which devices are the biggest culprits in my home, set up large bandwidth alarms and monthly allowances (new features, still in beta), turn off social sites during certain hours of the day, and effortlessly keep an active ad blocker on some of my devices. I recall a few instances where I tried a new app on my phone at home and thought it was awesome, then went to my pharmacy and realized it’s full of ads that I didn’t see at first. (As a result, I’m considering getting a Firewalla for my workplace too.)
It has also detected and instantly blocked a few instances of malicious sites — likely cookies or ads — trying to access our computers. I only saw that after the fact, so I didn’t have to intervene. Firewalla did it on its own.
However, it remains a little too alarmist about certain uploads and P2P sites, so I’ve learned to dismiss those alerts and only check them out once a week or so, to make sure there was nothing really odd. Otherwise, it’s still easy to mute certain types of notifications or IP addresses and reduce the number of times it pings me.
The best part about having it is that it keeps chugging along and doing its thing, without any active input from me most of the time. That’s why it’s still easy for me to recommend it, whether you want to protect and monitor your home network, institute a few rules for your kids while they’re at home the whole time, force yourself off Twitter and YouTube during work hours, use a VPN on several devices, or all of the above.