De la mano de un ex ingeniero de Cisco preocupado por la seguridad doméstica tras sufrir el hackeo de una cámara vigila-bebes, acabó naciendo la empresa Firewalla.
Su idea es muy sencilla; concentrar en un único aparato todas las funciones de seguridad que puede requerir un entorno doméstico, a saber:
- Adblock para publicidad
- Control parental
- VPN
- DDN’s
- Listas de bloqueo
- Monitorización en tiempo real del tráfico
Y es precisamente el último punto, “Monitorización en tiempo real el tráfico” más el tipo de conexión permitida, Ethernet o Gigaethernet, lo que diferencia las distintas soluciones propuestas. A continuación os pego todas ellas extraídas de su propia página web:
Hardware and Performance Comparison
Blue Plus $199 | Purple $319 | Gold $478 | Red $139 | Blue $189 | |
---|---|---|---|---|---|
Packet Processing Speed | 500 Mb | 1 Gb | >3 Gb | 100 Mb | 500 Mb |
Memory | 2048 MB | 2048 MB | 4096 MB | 512 MB | 1024 MB |
Number of Ports | 1 | 2 | 4 | 1 | 1 |
Active Protect Entries | 20,000 | 20,000 | 40,000 | 1000 | 10,000 |
CPU | 64bit Quad Core ARM 1.2ghz | 64bit Six-Core ARM 1.6ghz – 2ghz | 64bit Quad-Core Intel 2.2ghz (AES NI) | 32bit Quad Core ARM 1ghz | 64bit Quad Core ARM 1ghz |
OpenVPN Server Speed | 70 Mb | 120 Mb | 120 Mb | 28 Mb | 70 Mb |
WireGuard Server Speed | 280 Mb | 500 Mb | 500 Mb | – | – |
Storage | 16 GB | 16 GB | 32 GB | 16 GB | 16 GB |
WiFi WISP (WAN) | – | Yes | – | – | – |
WiFi LAN | – | Yes | – | – | – |
Console Port | None | None | 1 | None | None |
Power (Watt) | ~7W | ~7W to 9W | ~10W to 12W | ~5W | ~5W |
Size | 5.4 x 5.4 x 3.4 cm | 9x6x3cm | 13 x 11 x 3.4 cm | 4.5 x 4.5 x 3 cm | 4.5 x 4.5 x 3 cm |
Weight | 2.15 oz / 61 g | 3.84 oz / 110g | 19.9 oz / 565 g | 1.52 oz / 43 g | 1.59 oz / 45 g |
Operating Temperature | 32°F to 95°F (with airflow) | 32°F to 95°F (with airflow) | 32°F to 122°F (with airflow) | 32°F to 95°F (with airflow) | 32°F to 95°F (with airflow) |
Software Features Comparison
Blue Plus | Purple | Gold | Red | Blue | |
---|---|---|---|---|---|
Core Features | |||||
Active Protect (up-to-date threat detection and prevention for the whole network) | ✔ | ✔ | ✔ | ✔ | ✔ |
Deep Insights | ✔ | ✔ | ✔ | ✔ | ✔ |
Ad Block | ✔ | ✔ | ✔ | ✔ | ✔ |
Family Protect, Safe Search, Family Time/Social Hour | ✔ | ✔ | ✔ | ✔ | ✔ |
Device Management | ✔ | ✔ | ✔ | ✔ | ✔ |
Device Groups | ✔ | ✔ | ✔ | ✔ | ✔ |
Manage Rules (Allow, Block, Domains, Categories) | ✔ | ✔ | ✔ | ✔ | ✔ |
Alarms | ✔ | ✔ | ✔ | ✔ | ✔ |
Content Filtering (adult, gaming, video, …) | ✔ | ✔ | ✔ | ✔ | ✔ |
Bandwidth and Monthly Data Plan Monitoring | ✔ | ✔ | ✔ | ✔ | ✔ |
VPN Server OpenVPN | ✔ | ✔ | ✔ | ✔ | ✔ |
VPN Server WireGuard | ✔ | ✔ | ✔ | ||
VPN Client | ✔ | ✔ | ✔ | ✔ | ✔ |
DNS over HTTPS | ✔ | ✔ | ✔ | ✔ | ✔ |
IPv6 | ✔ | ✔ | ✔ | ✔ | ✔ |
DDNS | ✔ | ✔ | ✔ | ✔ | ✔ |
Simple & DHCP Mode | ✔ | ✔ | ✔ | ✔ | ✔ |
Router Mode | ✔ | ✔ | |||
Transparent Bridge Mode | ✔ | ✔ | |||
Application-based Block | ✔ | ✔ | ✔ | ✔ | ✔ |
Advanced Features | |||||
Site to Site VPN | 1xconnection | 1xconnections | 10xconnections | Client only | 1x connection |
Geo-IP Filtering / Regional Blocking | 10 countries | 10 countries | no limit | 3 countries | |
Web Portal Access | ✔ | ✔ | ✔ | ✔ | |
Target List (Rules Grouping) | ✔ | ✔ | ✔ | ✔ | |
Blocking History | ✔ | ✔ | ✔ | ||
Custom or 3rd party software installation | ✔ | ✔ | ✔ | ✔ | ✔ |
Inline Firewall | ✔ | ✔ | |||
Simple Smart Queue | ✔ | ||||
Advanced Smart Queue + Rate Limit | ✔ | ✔ | |||
Content Prioritization | ✔ | ✔ | |||
New Device Quarantine | ✔ | ✔ | ✔ | ✔ | ✔ |
Docker Containers | ✔ | ✔ | ✔ | ||
SSH / Root Access | ✔ | ✔ | ✔ | ✔ | ✔ |
VPN Network Flows | ✔ | ✔ | ✔ | ||
Network Performance Monitoring | (beta) | ✔ | ✔ | ||
Router Features | |||||
Router | ✔ | ✔ | |||
WAN (PPPoE, Static IP, DHCP, Triple-Play, VLAN) | ✔ | ✔ | |||
Network segmentation (preset network types, inter-network traffic rules) | VLAN Only | ✔ | |||
VLAN | 5 Max | ✔ | |||
Inbound and outbound per segment Firewall | ✔ | ✔ | |||
Policy-Based Routing | ✔ | ✔ | |||
Policy-Based Routing – VPN | ✔ | ✔ | ✔ | ||
Multi-WAN Load Balancing + Failover | Wifi + Ethernet | ✔ | |||
Link Aggregation (802.3ad) | ✔ |
El aparato en sí es bastante compacto, tan sólo variando en cuanto al color -para diferenciar los distintos modelos, cantidad y tipo de bocas ethernet.
La idea básica consiste en conectar el aparato entre la ONT y el Router, exceptuando el modelo “Gold” que ya es un router neutro en sí mismo. Posteriormente se configura mediante el smartphone con su correspondiente app y todo listo para funcionar. El precio es realmente elevado si lo comparamos con soluciones basadas en Raspberry Pi o incluso routers neutros con prestaciones similares. Pero su ventaja competitiva radica básicamente en su simplicidad, tanto a la hora de conectar como a la hora de configurar.