Upgrade my network to 2.5 Gbps with the fastest residential and small business firewall – Firewalla Gold Plus
In February 2022, we analyzed some of the best DNS blockers and firewalls to protect your small business and home network. Among our list of recommended hardware firewall products that were easy to configure and provided the highest performance for a small business or residential broadband connection was firewalla family of products manufactured by a group of former Cisco engineers.
It should be noted that high-speed broadband does not require a high-speed firewall device. One could be “naked” without a firewall, by connecting directly to the service provider’s high-speed residential gateway and using their simple NAT-based firewall; however, that is not a configuration I would recommend in today’s threat actor-rich environment as a small business – anyone can be a target.
I like Firewalla because it’s easy to install, not particularly expensive, and has no ongoing fees. Unlike the DNS blocking solutions detailed in that article, this is a real built-in Linux IP-based rules firewall with advanced intrusion detection capabilities that can monitor every device on your home or small business network. . Their products are also very fast, which means you get wireline performance over the monitored connection; there’s no significant degradation like you might find with a purely software-based firewall solution, which should be a bare minimum when considering protecting your home and business broadband connection.
Firewalla Web UI (Dashboard View) Jason Perlow/ZDNET
Firewalla also has a great mobile app to manage it and receive alerts and a strong remote management web interface. You don’t need to be a network security genius to set rules and protect your network.
Still, while it’s easy to configure, it’s possible to do some very granular protections and permissions per device and set up block lists of different target groups and many other things. For the most part, the default settings, when applied to all devices on the network, are probably enough to protect most home users and small businesses.
At the time of writing the above article, Firewalla had four products, Red (100 Mbps), Blue (500 Mbps), Purple (1 Gbps), and Gold (Multigigabit).
Today it also features Purple SE (advanced protection below 1Gbps) and the Gold Plus — which looks a lot like the Gold, which has 4x1Gbps ports, but this device has 4×2.5Gbps ports. With channel bonding (LACP) and a compatible gateway device, you can connect the Firewalla Gold Plus over a broadband connection of more than 5 Gbps.
From a functionality and feature standpoint, Gold and Gold Plus are identical, but Gold Plus is more than twice as fast at landline speeds.
I recently installed Firewalla Gold Plus on my network. You may be wondering what type of home network and broadband you need to take full advantage of this device’s wire-speed packet inspection capabilities – a very fast one.
Thirst for speed means upgrades are needed
A few months ago I enrolled in AT&T Fiber 2gig+ service, consolidating fiber endpoint and router into a single device with a 5Gbps ethernet port for ultra-fast gaming PCs. However, I didn’t have a computer fast enough to take advantage of this connection until very recently, when I bought a Apple Mac Studio with a built in 2.5 Gbps ethernet network for my main workstation.
Firewalla Gold Plus with AT&T fiber gateway (left), Netgear MS108EUP (right) Jason Perlow/ZDNET
Mac Studio can use one of the three remaining ports on Firewalla (one must be dedicated to the broadband WAN interface), but what about all the WiFi stuff and all the other Ethernet-connected devices?
For that, we needed a 2.5 Gbps switch; in fact, we needed two due to the number of devices we have. For the communications room where the broadband connection was located, we chose Netgear MS108EUPa managed switch with 8 ports of 2.5 Gbps and support for 40W and 60W Power over Ethernet (PoE+) for devices such as remotely connected wireless access points.
For my office, we decided on the TP-LINK TL-SG108-M2, an unmanaged desktop switch with 8 2.5 Gbps Ethernet ports. Between these two switches, I had enough spare ports for all my other devices in my office and home that were wired (including a 24-port 1Gbps legacy switch).
To eliminate the possibility of bad connections, we also purchased new Category 6 Ethernet cables for all of our 2.5 Gbps connected devices, such as switch-to-switch connectivity. I cannot stress how important this is, as when I tried to reuse some of my old Category 5e cables on the faster 2.5 Gbps ports, I couldn’t get them to negotiate properly and spent hours diagnosing various network problems as a result. So if you’re going to spend more than $1000 on a new high-speed firewall and accompanying switches, buy some new Cat 6 cables as well.
Netgear WAX630e WiFi 6e Access Point Jason Perlow/ZDNET
As for the WiFi, while an upgrade from my existing Eero Pro 6 wasn’t necessary as it was getting 400-500 Mbps reliably, more than enough to handle any 4K video streaming task, I wanted to take advantage of PoE and also the 2.5 Gbps connectivity, so I purchased a Netgear WAX630E AXE7800 Enterprise-grade WiFi 6e Managed Access Point ($369), which would provide the fastest possible wireless connectivity to everything in the house and future-proof it for 6Ghz devices (presumably my next iPhone or iPad).
End-to-end WiFI speed test on Firewalla app with a connected 2.5Gbps access point and an iPhone 14 Pro Max Jason Perlow/ZDNET
If you’re looking for something a little less expensive with 2.5 Gbps connectivity but only 2.4 and 5 Ghz bands, as the old access point is probably overkill, I’d recommend the AX1800 ($150), AX3000 ($159), and AX3600 and AX6000. models depending on how wide the coverage you want, all have 2.5gbps Ethernet ports and work with PoE+. Some, like the AXE7800, also include a 1 Gbps Ethernet port for hanging a secondary switch or other Ethernet-connected device, helping to extend gigabit connectivity to other rooms for wired devices.
As with the switches, we ran Category 6 cabling into the new AP from the MS108EUP on one of its 60W ports to ensure a clean connection. We also configured our 5Ghz broadcast SSID network on the new access point for up to 160Mhz channel width so that modern customers like my iPhone 14 Pro Maxrecent Android devices and Macbook Advantages could use WiFi 6 connectivity.
Cruise at more than 2 Gbps
To get the Firewalla Gold Plus to work, we didn’t have to do a lot of different things than with the Gold. We start it, load the smartphone application, connect to the device via Bluetooth on our iPhone and set it to “router mode”. We also had to configure IP passthrough in the AT&T fiber residential gateway web interface to forward the entire packet to the Firewalla WAN port MAC address, which is an AT&T specific issue.
We also used the app to migrate previous rules we had set in the previous product, which were stored in the Firewalla cloud. But once we did that, everything was very smooth.
Speedtest.net performance with full ad blocking enabled with Firewalla Gold Plus Jason Perlow/ZDNET
Let’s start with wired performance using Mac Studio. Even with up to 35 to 50 percent of streams blocked using built-in rules and full ad blocking enabled and over a million objects filtered using Firewalla’s advanced threat protection, we got speeds of over 2 Gbps up and down using Speedtest. .net and Fast.com using local test servers.
WiFi 6 speeds using 2×2 80Mhz channel width via Firewalla Gold Plus using a Netgear WAX630e access point connected at 2.5gbps Jason Perlow/ZDNET
What about Wi-Fi? More than 650 Mbps on average in both directions, sometimes more than 700 Mbps or even 1 Gbps depending on the device; On our Qualcomm 888 based Android phone, we could get WiFi download up to 800Mbps or 900Mbps due to advanced wide channel support.
For whom?
We are impressed with the speeds of the Firewalla Gold Plus and AT&T’s 2 gbps fiber service. But who needs broadband that’s that fast? For most residential consumers and small businesses, a 1 Gbps connection is sufficient. Unless you have a dozen kids at home simultaneously streaming Netflix or 1080p Zoom calls, you probably don’t need 2Gbps fiber broadband service.
Hardcore PC gamers will want this for low-latency connections and for cloud-based VR apps, but that’s an edge case, at least until we’re all tethered to the Metaverse. But content creation professionals who need to upload and download large amounts of high-resolution photos and videos will appreciate it, as will anyone who needs reliable connectivity for 4K video streaming and better-than-expensive video conferencing solutions. provide Zoom.
I think a case can also be made for 2.5gbps network updates as it greatly improves the performance of WiFi networks through supported access points. It is also useful, as long as the PC workstation supports these higher speeds, for large file transfers over the LAN, especially when connected to NAS drives that support the faster Ethernet standards of switch backbones. 2.5, 5 and 10gbps.