Firewalla

stargazer

Occasional Visitor
Anyone use Firewalla inline with Asus router as firewall and/or bridge?
 

Tech Junky

Very Senior Member
I was just reading https://techcrunch.com/2022/02/01/firewalla-launches-its-purple-gigabit-home-firewall/ and it sounds interesting for someone that doesn't want to make their own FW or use iptables/nftables/ufw to lock things down.

Seems to be a learning FW w/ an app to deploy easier into a home network. I like the price points compared to some other solutions that drain the wallet. Using the tables method on a PC or PI though is considerably cheaper depending on the speed you're trying to secure.

For me @ 1gbps+ though it's cheaper to manage with tables and get line speed performance out of my ISP connection. I already built the custom PC as a router and other functions. For someone one not deep into building their own gear though this seems to fill the gap for plug it in and add rules relatively easy. It seems like there's some additional features you can enable if you want to dig deeper outside of the GUI.

Considering how heavily this particular forum is on Asus products this would ease the load placed on the limited resources and gain more productivity from those boxes.

1643833697338.png


I'd like to see them combine the WISP / WIFI into the Gold model for a top tier product for backup reasons using a tethered connection when the primary goes down. Or if you're traveling to have it connect to a guest network and provide protection.

I'm a bit surprised they aren't pushing beyond 500mbps on the WG though as it should be able to handle more than that. My custom PC/Router can hit speeds above 1gbps but, then again I can't power it off a USB-C PD cable either @ ~400W.

Looking further down the page at the features the Gold / Purple seem to have things covered pretty well leaping from home to SMB for more options.

Seems there's a package option to be added in Linux / PI


On linux though using iptables I can simplify the rules to a 15-20 entries to lockdown things.
 

ducky124

Occasional Visitor
I looked into it last weekend. Unfortunately for me, it will not work in Simple Mode due to the model ASUS Router I have. I do not want to use it in DHCP mode since it will cause double NAT. I have been wondering if this is hardware based, or if using Merlin might solve that issue.
Furthermore, I also have a Mesh setup, and I read on their website the users have reported issue with Asus Mesh. Like the OP I would like to hear from someone that has actually used it, not just read an article
 

Paul Smedley

Occasional Visitor
The purple is in router mode.

I have an AX68U connected to the Firewalla LAN port in AP mode, and 2x AX55's connected to the AX68U via ethernet as AIMesh nodes
 

coxhaus

Part of the Furniture
I would not want double NAT. If you turn off the firewall and only run 1 firewall then no double NAT. Different networks are fine.
 

stargazer

Occasional Visitor
The purple is in router mode.

I have an AX68U connected to the Firewalla LAN port in AP mode, and 2x AX55's connected to the AX68U via ethernet as AIMesh nodes
Did you have to turn off firewall on Asus AP as well as AIProtection (Trend Micro)? How about VPN Director and openVPN clients?
 

Wisiwyg

Senior Member
what do I run it on?
or opnSense. A separate x86 device, preferably with 3x ethernet - 1 in, 1 out, 1 for console monitoring. On another note, there has been some discussion and instructions on running Suricata on new'ish quad core Asus routers if you're looking for all-inclusive device. IIRC throughput maxes around 300mb. Search for threads in this board.

pfSense or opnSense on separate hardware is a good solution if you are up for the technical requirements for firewall rule development, ongoing monitoring and update (not a long term set and forget) and want to set it up either as the network DHCP server as it wants with Asus router as an AP with mesh nodes as above, or an invisible filtering bridge where it invisibly monitors all incoming and outgoing traffic (packets) and retain your Asus router as DHCP server.
 

AntonK

Very Senior Member
I have a Purple here with 3x ASUS Routers in mesh behind it. Ask away with any questions.
Hi Paul.

I've just installed the Purple in router mode, and my network is up and working in all respects. But, I cannot connect to my router's GUI now that it's in AP mode. This is probably amateur hour stuff, but I'm not a techie and have never had a router in AP mode before. I could always browse to the GUI when it was in router mode.

I tried the Asus Device Discovery tool, and the results below are what it's telling me, but I don't know how to use those results to connect to the AX-86U's GUI.Router Screenshot.jpg

Any help appreciated.
 

Paul Smedley

Occasional Visitor
Hey Anton,
I see the Asus tool has your IP for the router as 192.168.83.78 - that IP range have you configured the firewalla to allocate to LAN1?

How have you configured the Asus router to get it's IP? On the LAN tab I selected 'Get LAN IP Automatically?' so that it get's it's IP via DHCP from the Firewalla - I then reserved the IP I wanted it to have.

Cheers,

Paul
 

Tech9

Part of the Furniture
Any help appreciated.

If you switched your AX86U from Router to AP Mode without touching anything else, the default configuration is Automatic IP. Reboot the router and run the Device Discovery tool once again. The router in AP Mode will take an IP from Firewalla's DHCP server. Use this IP to access the router's GUI.
 

AntonK

Very Senior Member
Hey Anton,
I see the Asus tool has your IP for the router as 192.168.83.78 - that IP range have you configured the firewalla to allocate to LAN1?

How have you configured the Asus router to get it's IP? On the LAN tab I selected 'Get LAN IP Automatically?' so that it get's it's IP via DHCP from the Firewalla - I then reserved the IP I wanted it to have.

Cheers,

Paul
Thanks Paul!

My LAN1 IP settings are as attached.

I can't get to my ASUS router to configure things.

AntonIP Settings.jpg
 

AntonK

Very Senior Member
If you switched your AX86U from Router to AP Mode without touching anything else, the default configuration is Automatic IP. Reboot the router and run the Device Discovery tool once again. The router in AP Mode will take an IP from Firewalla's DHCP server. Use this IP to access the router's GUI.
Yes, that's how I switched modes. I'll try as you suggest. Thanks!
 
Similar threads
Thread starter Title Forum Replies Date
M Asus RT-AX88U and Firewalla Asuswrt-Merlin 0

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top