Another great video! Glad I waited till the end to see how to mute large uploads on my cameras! Over 2 years with Firewalla and never new I could mute them. Looking forward to your next video!
wold love to see a video on router mode, and what specifically that mode can give you over the UDM Pro. Also how it integrates into APs, device discovery (if adding a new switch etc) - can you manage ports on unifi switches? how does plan assignment work there? etc etc...would love that.
Thank you so much for your excellent work! Could you please clarify why we need to add an external firewall when the UDM Pro/SE already includes a firewall with IDS/IPS capabilities?
You don’t need to add this. But this device gives you better control of your internal devices, like creating parental controls or being notified if your children try to go to adult websites. This is not necessary, but it adds a really nice element of control to a UDM network They both are doing intrusion detection intrusion prevention, so you don’t really gain a whole lot in that area. What you really gain is being able to take a deeper dive into where your traffic is going and having control of your devices a little better. For example, setting time limits as to when your children can get on UA-cam or something like that. ..
Does this video cover the Firewalla Purple setup/config or is the purple setup different. My need would be for home use and the purple can tether to my phone if the internet circuit goes down.
This covers setting up firewalla with transparent bride mode, which will work on the purple as well... This also covers how to use your phone and turn on internet outage notifications.
The firewalla will need to be in router mode for the Unifi docker (from what I have read.) Bridge mode is more for adding to an existing network where you have a router already.
Just ordered gold SE, pending for delivery. existing travel router combo as mentioned in your previous video [ great overview btw] was purple + unifi Express Will be looking forward to more comments
Well, my ISP Gateway from Verizon is in Bridge mode, however that isn't really relevant to the setup here since the Firewalla is behind my Unifi Gateway which is in Router mode. I am setup like this ISP (bride mode) --> UDM Pro (Router) --> Firewalla (trans bridge mode) --> Switch. With this setup the firewalla will see all the traffic that goes to the internet as well as all the traffic from my LAN to the router. Hope that helps!
I'm also wondering, in the bridge mode you suggested, what happens to the firewall rules already applied on the UDM? Do we keep them, change them, get rid of them?
I bought the Firewalla Gold with the 2.5 GB Ports. I may have gone overboard or just future proofing my network. I don’t use and UI products but it took me forever to figure out how to name all the devices and setting up my router. My bottle neck is my TP-Link 6E mesh WiFi.
I am going to return the purple Firewalla because I cannot get it to work with my dream machine. I set my network up as you have it in your tutorial videos, I followed the app instructions and it does not work. Are you planning on making a video about the latest firewall update from unifi?
If you wanna email me, I can work with you a little bit on trying to get your firewall working. I don’t mind trying to give you a little bit of personalized help before you return it…. Tim@ethernetblueprint.com
Yes this would work with the purple and I t would work between the modem and the UDM if you only wanted to monitor the WAN/Internet traffic. If you want the control of devices like I show in the video, it would be between your UDM and your switch.
Question: I just installed my Firewalla Gold. Can I / Should I turn off the Intrusion Detection and Prevention on My UDM Pro Router? Any recommendations?
You sure could. You may be able to see more info about the IPS from the Firewalla. If you don't find that to be true, you can always turn it back on... I think I am going to turn it off in my UDM to see what happens.
Cox in my neighborhood does it... For a 1Gb plan, it is like $115/month and that comes with 1.5TB of data. If you want unlimited data, you have to pay like $60 additional. It is EFFING crazy!
Got the Firewalla gold pro, having issues with the VPN and port forwarding rules. I have a UDM pro, would be great to see a VPN video on connecting using transparency mode.
Your VPNs and port forwarding rules will still terminate at the UDM Pro. While Firewalla can do VPN connections in transparent mode, it doesn’t mean you should. VPN behind a firewall and port forwarding to make that work can be problematic. You might want to look at Tailscale as a better alternative.
Hi thanks for sharing the fantastic videos as always. I have a silly question. Is there any option in Firewalla to block the content on the devices like unifi switches and access poiints instead doing on individual devices so then who ever is connected to the access points or the wired connection (switch) and try to open inapropriate webiste the content will be blocked. Many thanks
There really isn't any "content" on a switch or AP. Those are just devices that pass along the content. Now, you can turn on "family friendly" content in your Unifi controller that would be at the network level. I have video on this as well that may help you decide your best approach: ua-cam.com/video/ka425oysJ4g/v-deo.html
@ yes but how can i add all the devices that are connected to the Access Point or the switch? If I connect the switch to the firewalla and then connect the AP’s to that switch is going to block the content?
@@ethernetblueprint thanks for your prompt response. Do we need to block lets say adult content individually or it will apply for all the possible websites with that kind of content?
I am yet to find an adult website that it doesn't block... You won't have to add any individually unless you find an obscure one that isn't blocked by default.
I’m At 13 minutes in so far, my main question is…are there any pros to using firewalls with a unifi gateway that the gateway can’t do for home and SBM?
IMO, it really boils down to how much data do you want to see. Unifi can show you some graphs that tell you how much of your total traffic is going to Netflix. for example, but you can't dive any deeper than that... There are also limited options for notifications with Unifi... Firewalla on the other hand can give you much more information about your traffic. From a Firewall Rule/IDS/IPS stand point, they are fairly similar. My next video, I am going to setup my Firewalla Gold in Router mode and setup the Unifi Controller in a Docker on it... Then im going use it to do my Firewall rules just like I have done with Unifi... I'm not saying that Unifi sucks and you need Firewalla. This video was more from a parenting standpoint and allowing you better control of you kids devices...
Firewalla, great consumer and soho network stuff but it’s a shame you have to pay full price + VAT tax + customs tariff to get one from Europe due no distribution points or partner resellers. This premium has no justification to open your wallet for Firewalla. It’s has no sense in 2025.
If I don’t have unify yet, does it makes sense to go with unify + firewalla or should I just use firewalla in router mode, and get their new firewalla ap7?
with your unifi gateway you can do the same with IDS and IPS, the only thing i don't like is the build in ad blocker, maybe the firewalla is getting other listings, i run a adguard home service on linux as a DNS server so that filters ads
Pros and Cons to both. The big differentiator between the two is Unifi does not send out notifications specifically for Parental moments (like a child visiting an adult site) + Firewalla can show you quite a bit more information about your network traffic. Unifi gives you some nice graphs that tell you the percentages of traffic, but if you wanted to dive down and see the flow, Unifi doesn't do that well. Firewalla is going to show you more data about your network and allow you to customize your notifications better IMO. I will be doing a video soon about Router mode in Firewalla and will compare to Unifi directly... I havent' used their AP7 so I don't know how it will perform, but it is looking like a pretty nice AP device. (It would require you to have a firewalla gold router as well)
The 8 RJ45 ports together are just gigabit, and they are limited by a 1gb backplane to the rest of the system. The SFP+ ports are 10gb capable, and the modules he is using can run at 10/5/2.5/1 so he is taking advantage of the 2.5gb bandwidth. If he ran it on the existing ports between the UDM and the switch he would bottleneck is network down to 1gb. He is already technically bottlenecking down to 2gb because of the inspection throughput of his Gold SE, but that is still twice as much as using a gigabit port would do.
@LordSaliss Yeah I’m aware they’re 1G Ethernet ports. I guess that would potentially work if he enabled flow control, but the sfp+ ports on the UDM don’t support 2.5G auto-negotiation. They only support 10G/1G. So the module is tricking the UDM into thinking it’s a 10G interface on the other side when in reality it’s 2.5. I haven’t tried that specifically on the UDM so I don’t know how performance would be impacted. Could be better could be worse. But if he’s sending anything more than 2.5G he would for sure need to enable flow control to compensate.
Actually with a Ubiquiti or 10Gtek Multi-gig SFP+ it will negotiate correctly. I have this setup and my UDM reports 2.5G on the SFP port. I think I’m using port 10
@@techgeeknm what you are seeing is the UDM thinking you have a 10G connection then. They do not claim to support 2.5G or 5G negotiation on their SFP+ ports on the UDM’s.
Yes... a good option for blocking content. Correct me if I am wrong, but this type of protection does not notify you if a child trys to access a site. You would need to do an audit of the logs to get that info???
@@ethernetblueprint I believe I can setup notification’s in NextDNS on specific alerting, however I’ve mostly been using it as addition content filtering and hiding DNS requests from Cox.
I guess I don’t know. I don’t make the prices. But there’s no monthly fee like there is with a lot of other boxes like this so maybe that plays into it
@ethernetblueprint I guess that was more of a rhetorical question. I get that it's a good Hardware, but for Consumer level home stuff it's pretty pricey but I know there are benefits
Another great video! Glad I waited till the end to see how to mute large uploads on my cameras! Over 2 years with Firewalla and never new I could mute them. Looking forward to your next video!
Thank you. There will be more. Glad you got the notification muted.. LOL
Amazing video. thank you. Clearly explained and no time wasting. Thank you
Thanks for watching. Appreciated your kindness.
Thanks for the demo and info, this is great. Have a great day
Thanks for watching!
Yessir, been looking forward to this one!
Thank you very much for watching!
wold love to see a video on router mode, and what specifically that mode can give you over the UDM Pro. Also how it integrates into APs, device discovery (if adding a new switch etc) - can you manage ports on unifi switches? how does plan assignment work there? etc etc...would love that.
That’s coming in one of my next videos. Just trying to organize how to present it.
Just in time!! The firewalla I ordered arrived today. 😂
Damnit 😂
Nice! I hope you find it helpful!
great video, would love to see you do a video on setting up firewalla as a router with vlans, firewall rules and possibly VPNs.
That will be my next video...working on it now!
This is great protection device for sure, but how can we keep this protection when the kids are outside the home network?
Personally, I use Bark on my kiddos cell phones for that. This is NO help if they are off the network.
Thank you so much for your excellent work! Could you please clarify why we need to add an external firewall when the UDM Pro/SE already includes a firewall with IDS/IPS capabilities?
You don’t need to add this. But this device gives you better control of your internal devices, like creating parental controls or being notified if your children try to go to adult websites. This is not necessary, but it adds a really nice element of control to a UDM network
They both are doing intrusion detection intrusion prevention, so you don’t really gain a whole lot in that area. What you really gain is being able to take a deeper dive into where your traffic is going and having control of your devices a little better. For example, setting time limits as to when your children can get on UA-cam or something like that. ..
Does this video cover the Firewalla Purple setup/config or is the purple setup different.
My need would be for home use and the purple can tether to my phone if the internet circuit goes down.
This covers setting up firewalla with transparent bride mode, which will work on the purple as well... This also covers how to use your phone and turn on internet outage notifications.
Superb thanks. Keep up the great work, your channel is my first go to for all things Unifi and now Firewalla.
Wow. That is quite the compliment. Thanks!
When would you go UDM Pro + Firewalla in bridge and when with Firewalla in router mode + Unify cloud in a docker container running on Firewalla?
The firewalla will need to be in router mode for the Unifi docker (from what I have read.) Bridge mode is more for adding to an existing network where you have a router already.
Thanks 🙏
Thanks for watching!
Just ordered gold SE, pending for delivery.
existing travel router combo as mentioned in your previous video [ great overview btw] was purple + unifi Express
Will be looking forward to more comments
Awesome... And thanks for watching!
Hi! Can you make a video of how to setup IoT VLAN rules with the new Zone Based Firewall?
Lots of request for this... I absolutely will. I just upgraded last night and will work towards that very soon!
Hey super good video,In the first settings you set firenwalla in bridge mode My question is is your isp also in bridge mode or just your firewalla
Well, my ISP Gateway from Verizon is in Bridge mode, however that isn't really relevant to the setup here since the Firewalla is behind my Unifi Gateway which is in Router mode. I am setup like this ISP (bride mode) --> UDM Pro (Router) --> Firewalla (trans bridge mode) --> Switch. With this setup the firewalla will see all the traffic that goes to the internet as well as all the traffic from my LAN to the router. Hope that helps!
I'm also wondering, in the bridge mode you suggested, what happens to the firewall rules already applied on the UDM? Do we keep them, change them, get rid of them?
You keep them. The UDM runs as normal.
I bought the Firewalla Gold with the 2.5 GB Ports. I may have gone overboard or just future proofing my network. I don’t use and UI products but it took me forever to figure out how to name all the devices and setting up my router. My bottle neck is my TP-Link 6E mesh WiFi.
That is a tedious process, but nice once you have it done!
I am going to return the purple Firewalla because I cannot get it to work with my dream machine. I set my network up as you have it in your tutorial videos, I followed the app instructions and it does not work.
Are you planning on making a video about the latest firewall update from unifi?
If you wanna email me, I can work with you a little bit on trying to get your firewall working. I don’t mind trying to give you a little bit of personalized help before you return it…. Tim@ethernetblueprint.com
@ thanks. I decided to return it.
GOing to watch this, I think i need to try one of these Firewalla units !
They are pretty nice devices. Thanks for watching!
@@ethernetblueprint I see that ! Might have to get one now !
Hi.
Exellent video. I hace a quesrion. It works with UDM and Purple? Tne seruo should be. Modem -> Firewalla -> UDM?
Thanks in advanced.
Yes this would work with the purple and I t would work between the modem and the UDM if you only wanted to monitor the WAN/Internet traffic. If you want the control of devices like I show in the video, it would be between your UDM and your switch.
Question: I just installed my Firewalla Gold. Can I / Should I turn off the Intrusion Detection and Prevention on My UDM Pro Router? Any recommendations?
You sure could. You may be able to see more info about the IPS from the Firewalla. If you don't find that to be true, you can always turn it back on... I think I am going to turn it off in my UDM to see what happens.
I feel bad for people living in a area where you have a data plan for wired connections 😢
Cox in my neighborhood does it... For a 1Gb plan, it is like $115/month and that comes with 1.5TB of data. If you want unlimited data, you have to pay like $60 additional. It is EFFING crazy!
Got the Firewalla gold pro, having issues with the VPN and port forwarding rules. I have a UDM pro, would be great to see a VPN video on connecting using transparency mode.
Your VPNs and port forwarding rules will still terminate at the UDM Pro. While Firewalla can do VPN connections in transparent mode, it doesn’t mean you should. VPN behind a firewall and port forwarding to make that work can be problematic. You might want to look at Tailscale as a better alternative.
I tend to agree with the other commenter. Port Forwarding and VPN would be more of a task for the UDM Pro... not the Firewalla in this case.
if the firewalla allowed the installation of the UISP application from Ubiquiti, it would be fantastic.
UISP does have a docker install so maybe that is out there too. I will see what I can find.
Hi thanks for
sharing the fantastic videos as always. I have a silly question. Is there any option in Firewalla to block the content on the devices like unifi switches and access poiints instead doing on individual devices so then who ever is connected to the access points or the wired connection (switch) and try to open inapropriate webiste the content will be blocked. Many thanks
There really isn't any "content" on a switch or AP. Those are just devices that pass along the content. Now, you can turn on "family friendly" content in your Unifi controller that would be at the network level. I have video on this as well that may help you decide your best approach: ua-cam.com/video/ka425oysJ4g/v-deo.html
@ yes but how can i add all the devices that are connected to the Access Point or the switch? If I connect the switch to the firewalla and then connect the AP’s to that switch is going to block the content?
Yes, you can add all the devices connected to the switch or AP to your protected group. Absolutely.
@@ethernetblueprint thanks for your prompt response. Do we need to block lets say adult content individually or it will apply for all the possible websites with that kind of content?
I am yet to find an adult website that it doesn't block... You won't have to add any individually unless you find an obscure one that isn't blocked by default.
I’m At 13 minutes in so far, my main question is…are there any pros to using firewalls with a unifi gateway that the gateway can’t do for home and SBM?
IMO, it really boils down to how much data do you want to see. Unifi can show you some graphs that tell you how much of your total traffic is going to Netflix. for example, but you can't dive any deeper than that... There are also limited options for notifications with Unifi... Firewalla on the other hand can give you much more information about your traffic. From a Firewall Rule/IDS/IPS stand point, they are fairly similar. My next video, I am going to setup my Firewalla Gold in Router mode and setup the Unifi Controller in a Docker on it... Then im going use it to do my Firewall rules just like I have done with Unifi...
I'm not saying that Unifi sucks and you need Firewalla. This video was more from a parenting standpoint and allowing you better control of you kids devices...
@ethernetblueprint with firewalla in bridge mode any filtering? or is it just dpi kinda graph and notification?
Yes, you can filter and have control with it in bridge mode... full blocking capabilities and graphs/notifications.
Firewalla, great consumer and soho network stuff but it’s a shame you have to pay full price + VAT tax + customs tariff to get one from Europe due no distribution points or partner resellers. This premium has no justification to open your wallet for Firewalla. It’s has no sense in 2025.
I hear this a lot with EU customers... I'm sorry that this is the way!
If I don’t have unify yet, does it makes sense to go with unify + firewalla or should I just use firewalla in router mode, and get their new firewalla ap7?
with your unifi gateway you can do the same with IDS and IPS, the only thing i don't like is the build in ad blocker, maybe the firewalla is getting other listings, i run a adguard home service on linux as a DNS server so that filters ads
Pros and Cons to both. The big differentiator between the two is Unifi does not send out notifications specifically for Parental moments (like a child visiting an adult site) + Firewalla can show you quite a bit more information about your network traffic. Unifi gives you some nice graphs that tell you the percentages of traffic, but if you wanted to dive down and see the flow, Unifi doesn't do that well. Firewalla is going to show you more data about your network and allow you to customize your notifications better IMO. I will be doing a video soon about Router mode in Firewalla and will compare to Unifi directly...
I havent' used their AP7 so I don't know how it will perform, but it is looking like a pretty nice AP device. (It would require you to have a firewalla gold router as well)
Curious, why spend the $60+ on the sfp+ to rj45 adapter when you have open rj45 ports on your UDM available?
The 8 RJ45 ports together are just gigabit, and they are limited by a 1gb backplane to the rest of the system.
The SFP+ ports are 10gb capable, and the modules he is using can run at 10/5/2.5/1 so he is taking advantage of the 2.5gb bandwidth. If he ran it on the existing ports between the UDM and the switch he would bottleneck is network down to 1gb. He is already technically bottlenecking down to 2gb because of the inspection throughput of his Gold SE, but that is still twice as much as using a gigabit port would do.
@LordSaliss Yeah I’m aware they’re 1G Ethernet ports. I guess that would potentially work if he enabled flow control, but the sfp+ ports on the UDM don’t support 2.5G auto-negotiation. They only support 10G/1G. So the module is tricking the UDM into thinking it’s a 10G interface on the other side when in reality it’s 2.5. I haven’t tried that specifically on the UDM so I don’t know how performance would be impacted. Could be better could be worse. But if he’s sending anything more than 2.5G he would for sure need to enable flow control to compensate.
Actually with a Ubiquiti or 10Gtek Multi-gig SFP+ it will negotiate correctly. I have this setup and my UDM reports 2.5G on the SFP port. I think I’m using port 10
@@techgeeknm what you are seeing is the UDM thinking you have a 10G connection then. They do not claim to support 2.5G or 5G negotiation on their SFP+ ports on the UDM’s.
Yes. I could have done that, but was looking to take advantage of the 2.5Gb networking on the Firewalla and my Router/Switch. Completely optional.
Try Open DNS Family Shield.
I layer NextDNS with my Firewalla for DNS over HTTPS external requests. It works well for additional protection.
Yes... a good option for blocking content. Correct me if I am wrong, but this type of protection does not notify you if a child trys to access a site. You would need to do an audit of the logs to get that info???
@@ethernetblueprint I believe I can setup notification’s in NextDNS on specific alerting, however I’ve mostly been using it as addition content filtering and hiding DNS requests from Cox.
@@ethernetblueprint Unifi keeps your logs. You can set notifications though through Unifi.
Why so expensive?
I guess I don’t know. I don’t make the prices. But there’s no monthly fee like there is with a lot of other boxes like this so maybe that plays into it
@ethernetblueprint I guess that was more of a rhetorical question. I get that it's a good Hardware, but for Consumer level home stuff it's pretty pricey but I know there are benefits
I get what you are saying... And I agree. All of this stuff can get pretty pricey...