Firewalla is a compact and simple device which plugs into your router and protects your connected home from a host of network and internet threats.
A firewall detects and blocks external access to your baby monitor, smart speaker or other connected devices, for instance.
Local network monitoring spots new devices as they connect, disables them as required, and warns you about devices exposed to the internet.
- Want to try Firewalla? Check out the website here
The Firewalla acts like a security suite for your entire network, blocking access to malicious links on all your devices, and using behavior monitoring to alert you to suspicious apps. Parental controls and forced safe searching keep your kids away from the worst of the web, while built-in ad-blocking speeds up browsing on all your devices.
Most surprising, enable Firewalla's VPN server and you can securely connect to your home network from anywhere in the world, and route to the internet from there. You get the same level of encryption you'd get from a commercial VPN, but without having to pay any subscription.
Despite all this power, Firewalla is easy to use, at least in a basic way. Its core features work largely automatically, without requiring any intervention at all, and straightforward Android and iOS apps help you manage everything else.
Firewalla is available in two forms, Red and Blue. Firewalla Red covers everything we've described and is priced at $109; Firewalla Blue has twice the RAM and a more powerful CPU, making it a better choice for high-speed internet, and costs $179.
That already competes well with similar products like Bitdefender Box 2 ($179.99), but there's another plus. While other network defenders usually ask you to pay regular subscription fees for their security software ($99 a year for Bitdefender), Firewalla's cost is a one-off.
Firewalla hasn't a lot of visual style - it's just a plastic box - but at a tiny 1.8 x 1.8 x 1.2 inches, that doesn't really matter. Tuck it behind your router (or any other convenient object) and you need never see it again.
Despite its small size, Firewalla is packing a surprising amount of digital power: a quad-core 1GHz 64-bit ARM CPU, 1GB DDR RAM and 16GB MicroSD storage, and Ethernet, micro USB and regular USB ports.
Open the box and you'll find the Firewalla, an Ethernet cable, a USB power cable and a two pin US-style power adapter. (If you're elsewhere in the world, you can use any regular travel adapter, or add a universal power adapter to your Firewalla order for another $10, or power the device via USB.)
There's no 'Quick Start Guide' in the box, just a small piece of paper pointing to the online installation guide. But that's unlikely to be an issue, as the initial setup is surprisingly easy.
Getting started is just a matter of connecting the Firewalla to a power source, then plugging it in to your ISP modem/ router (or any extra router or access point you've plugged into your first router.) The Firewalla isn't aiming to replace your router, so there's no great network expertise required - you can just plug it in to any free Ethernet port.
Once the Firewalla has booted fully, the installation guide warns that you may have to wait up to 5 minutes while it goes online, fetches and installs any updates. It took about half that time for us, though, while flashing LEDs let us know when the process was complete.
We installed and launched the Android app, it immediately detected the Firewalla, and told us to scan the QR code on its base. Doing that allowed the app and box to communicate, and the app was able to set up the box automatically with a single tap. (An alert warns this could take several minutes, but that turned out to be another overestimate, and we were ready to go in less than one.)
Launch Firewalla for the first time and it immediately secures your network with its Active Protect feature, automatically blocking the most dangerous connections (incoming attacks, outgoing attempts to access dangerous domains), raising alarms about suspect events, and keeping track of network activity.
The Firewalla app enables browsing these alarms, and choosing any actions to take in future. A couple of hours of web activity generated 15 alarms on our test system, including new devices connecting to the network, exposed ports on one device, and reports of 'Gaming Activity' and 'Video Activity' (accessing Steam, Netflix and YouTube.) Tapping Allow or Block for each action then told Firewalla how to treat these events in future, maybe preventing someone playing games on a specific device, or blocking an unknown device from accessing your network at all.
If you're not interested in a particular type of alarm - Gaming Activity, say - you can tell Firewalla to ignore it in future, helping you focus on the events you most care about.
Hands-on types can go further, extending Active Protect with their own rules. It's simple to block specific web content by type (gaming, social media, video sites, porn, P2P or gambling), prevent access to specific domains and IP addresses, or disable the internet entirely. Rules can vary by time (restrict internet access Monday - Friday) and be applied to specific devices, or everything.
Another more advanced option enables browsing Firewalla's history of your network activity, perhaps giving you a better idea of what's happening.
Tapping any device displays a graph showing data transferred over time, for instance. If someone was making heavy use of your internet connection at 3:00am, you'd see it here.
A Network Flows page goes further, displaying the domains the website has accessed, the times of each visit, and the data uploaded and downloaded from each. If you don't want to enforce a full-strength parental controls system, this could at least give you a general idea of how a particular device is being used.
Firewalla's monitoring records only the domains (not the web pages) to reduce any privacy impact, but if you're unhappy with the feature, or simply don't need it, you can turn off monitoring for some or all devices.
Firewalla's ad blocker is a simple DNS-based system, and although it blocks some types of ads, it can't compete with the big-name competition. The best ad blockers will remove most ads entirely, for instance; we found Firewalla often removed the core ad content, but left placeholders where they used to be (rectangles, lines, text captions.)
There's also a privacy plus, though. Firewalla doesn't inspect the content of a page or send your browsing history back to base, ensuring the company can't collect or sell your data.
Family Protect is a web filter which enables blocking pornographic and violent content. There's nothing particularly clever about this, Firewalla is simply redirecting your DNS requests to OpenDNS, and anyone trying to visit a filtered domain will get an OpenDNS 'this site is blocked' message. Still, it's a simple way to control browsing across your network, without having to install software.
If full web filtering is a little too much, you could enable safe searching for Bing, DuckDuckGo, Google and YouTube on your chosen devices. This automatically leaves out offensive content from your search results.
While these web filtering schemes work, they can give confusing results. When we turned on Safe Search for YouTube, for instance, trying to visit a previously bookmarked clip got us a warning that the video was restricted and advising us to sign in with a new Google account. If you don't realize this is a Firewalla issue, you could easily spend an age playing with your Google settings and trying to diagnose the problem.
Elsewhere, dynamic DNS support gives your home network a permanent address in the form of a Firewalla subdomain like "023klrf8ac.d.firewalla.com." This could come in handy if you need to access resources on your network from the internet, for example to run a website on your PC.
There's a less technical and more surprising option in Social Hour, a one-tap way to disable all social media access for an hour. That's not going to be useful to most Firewalla users, we suspect, but it just might appeal to exasperated parents who would like the family to put down their phones for mealtimes. Just this once. Please.
One of Firewalla's most interesting features is its built-in VPN server. Turn this on, and in theory at least, you can securely connect to your home network from anywhere in the world, access home devices, and use it as your private VPN server.
If you're visiting Australia from the US, for instance, you could use the VPN to access your home computer. Strong encryption keeps you safe, even on public wifi, and you could access websites which might otherwise be blocked. (US Netflix isn't normally accessible if you're in Australia, for example, but connect to your home network first and you'll have a US IP.)
Setting this up takes some work. The app will try to set up the required port forwarding rule in your router, but if that doesn't work, you'll have to do it yourself. You'll then need to set up a suitable VPN client, download and import an OpenVPN client.
Even that might not work. The app told us it had set up our router correctly, but we still had problems that required some manual tweakery.
Still, if you do run into difficulties, there's plenty of help available to get the service working. Overall, we think Firewalla's VPN server makes an appealing extra for expert users.
Firewalla may be small, but it packs a powerful security punch, automatically blocking a host of network dangers and giving you plenty of handy extras. Beware the VPN server and other advanced features, though - they can take some effort to set up properly.
- We've also highlighted the best VPN services of 2019