Firewalla Gold SE review: Superb network protection, no subscription required

At a glanceExpert's Rating
ProsNo subscription requiredGood appCan grow with you as you want to do moreConsExpensive, especially in the UKNo option to use a web portal instead of the appApp blocking can take a while to come into effectOur VerdictThe Firewalla Gold SE does an excellent job of protecting your network, letting you see what’s going on and giving you good control over what devices can and can’t do. It’s expensive, but good value considering you don’t need to pay an ongoing subscription.


Best Prices Today: Firewalla Gold SE






Retailer


Price





Firewalla


$449


View Deal



Price comparison from over 24,000 stores worldwide






Product


Price




Price comparison from Backmarket





Whether you’re a tech enthusiast or not, you’re probably unaware of most of the stuff that happens on your home network.  Is someone trying to hack into your security camera? Is someone downloading movies or games illegally? Maybe your kids have snuck a tablet into their room and are on TikTok when they’re supposed to be in bed.

Your router is almost certainly incapable of telling you the answers to these questions, so you’re none the wiser. I’m willing to bet that it doesn’t give you many (or any) easy ways to manage all the devices connected to its Wi-Fi, or let you control when your kids can and can’t use the internet – much less which apps they can use.

If you want this sort of insight and control, you need a Firewalla. The Gold SE is the latest device to emerge from the US-based company and is designed to be a more affordable option than the Gold (and Gold Plus) for those with fast broadband.

Features & design

2x 2.5Gbps ports

2x 1Gbps ports

No Wi-Fi

As the name implies, the Firewalla Gold SE is a firewall. Yes, your router already has a firewall but it’s probably not all that great. And aside from the fact that it won’t tell you what’s going on, you have to use an impenetrable browser-based user interface if you want to make any changes.

Firewalla’s mission is to “make cybersecurity simple, affordable, and powerful for everyone” and that’s exactly what the Gold SE does – and more. Although it’s a piece of hardware, the companion app is what makes it so easy to use and accessible. 

The hardware looks pretty cool – for a piece of networking kit – and unlike the Firewalla Purple I reviewed earlier this year, it has a metal case which lends it a more premium feel. That’s a good job, because it’s a lot more expensive.

Jim Martin / Foundry

On one side are four Ethernet ports: a pair of 2.5Gbps LAN and WAN, and a further pair of 1Gbps LAN ports. This saves on cost, as not everyone needs a trio of 2.5Gbps LAN ports. And if you do, then go and buy the Firewalla Gold Plus instead.

Even if you don’t have 2.5Gbps broadband right now, the way things are going it’s not far away and it’s well worth future-proofing your purchase if you already have full fibre (FTTP) of some description.

On the other side are a microSD slot, a USB port, an HDMI output and another USB port with a red security dongle plugged into it, which is for pairing and activation and should be left attached. Dust covers are inserted just to protect any ports you don’t use.

Jim Martin / Foundry

The microSD slot is for docker containers, which I’ll come to later, along with the HDMI output.

In the box you get a USB-C cable and a US power supply. You can use it in other countries with 230V with a simple adapter.

What does the Firewalla do?

Stops hackers and malware

Gives you insights into your network

Lets you block apps, websites and internet on specific devices

Lets you isolate devices from one another

Before explaining the Gold SE’s many features, it’s crucial to point out that none require a subscription. Once you’ve bought your Firewalla, it’s yours to use with no further expense.

Its primary job is to act as the gateway to your home network and stop anything untoward from accessing your devices.

Once you’ve bought your Firewalla, it’s yours to use with no further expense

It does this by analysing all the data coming in over your broadband connection, and also the stuff going out. It already knows what is a ‘bad thing’ and blocks those things from going any further. That means malware should be stopped before antivirus software on any of your devices even sees it.

The Firewalla also blocks ads (if you want it to) and looks at the behaviour of devices, then sends you an alert via the app so you know what’s going on.

It might be as innocuous as “watching video” or “playing games” but it might also be an “abnormal upload” that you can check out.

Jim Martin / Foundry

One of the main benefits of this protection is that the Gold SE can help to protect security cameras, smart displays and other devices that can’t run security software from being hacked.

The Gold SE can help to protect security cameras, smart displays and other devices that can’t run security software from being hacked

Like traditional security software, it can also block and warn you about dangerous websites, but without you having to install software or browser extensions on every device.

While a lot of the features apply to every device by default, the real power of the Firewalla is the fine control you have over exactly what it does. You can easily create rules to allow or block certain devices or groups of devices from doing certain things.

For example, you could group all your kids’ devices together and create a rule that blocks internet access from 9pm until 7am the following morning.

But if that’s not specific enough, you can create another rule that prevents a particular device from using the internet at another time. And because there’s no limit on the number of rules, you can allow or block internet access as many times during the day as you like to whichever devices you like.

One of the rules I’ve set up is to block internet access to the Fire TV Sticks and Echo Show 15 in my home so my kids can’t watch stuff after their phones and tablets block.

Of course, internet is only one of the things you can allow or block. There’s also IP addresses, domains (websites), specific ports, categories of website (gaming, social, porn, P2P, gambling) and apps.

Jim Martin / Foundry

Currently, the list of apps is quite short, but it does include most of the apps parents are likely to want to control including Tiktok, Snapchat, Instagram, YouTube, Roblox and Discord.

You can block other apps, but it takes a bit of investigative work to figure out which domains the app uses and block those.

One of the more advanced features is network segmentation. It’s nice being able to group devices and set rules, but the Gold SE can also keep devices from talking to each other. A common way this is used is to isolate all your IoT devices, such as cameras, smart speakers, smart appliances and others from your phones, tablets laptops and PCs.

This means that should anyone manage to hack into a poorly secured camera, they wouldn’t be able to access your PC, phone or any other device containing sensitive data.

Thanks to the three LAN ports on the Gold SE, you can connect devices to inexpensive unmanaged switches, which means you’re not limited to just one device on each port.

However, since most of the devices I’m talking about use Wi-Fi and not Ethernet, you’d need to connect a Wi-Fi access point to one of the LAN ports to create a separate Wi-Fi network from your main one.

And if you want to have more than three separate LANs, you’d need to use the Gold SE’s VLAN feature which is even more advanced and requires you to use more expensive managed switches.

Setup

It’s important to note that the Gold SE doesn’t have Wi-Fi itself: it isn’t a Wi-Fi router. You can buy Firewalla’s Wi-Fi SD add on, but that won’t turn it into a Wi-Fi router. Instead, it’s intended as a backup measure so you can use your phone as a hotspot and share its data connection to your whole home network if your main broadband goes down.

Typically, you would connect the Firewalla to your existing router using its WAN port, and then connect a Wi-Fi access point or mesh Wi-Fi system (set to bridge mode) to one of the LAN ports.

The Firewalla can’t monitor or control any other devices connected to your existing router, which is why it’s best to disable its Wi-Fi and use a mesh system or access point connected to the Firewalla.

It may sound complex, but Firewalla’s app walks you through the entire setup process and outlines the various ways you can add the Gold SE into your current setup. There’s also a very helpful getting started guide on Firewalla’s website.

Jim Martin / Foundry

In the ideal world, you would use it in router mode, and set your existing router to bridge mode. You can use the Firewalla in bridge mode instead to “transparently monitor your network” but you’ll lose most of the best features.

You can also select Simple or DHCP mode which is for when you want to keep your old hardware setup just as it is, but in reality, these are legacy modes which are likely to be phased out beginning in 2024. In their place is an Experimental Simple Mode (in beta at the time of review) which is compatible with more routers: the old Simple Mode required you to have one of a specific list of routers, otherwise it wouldn’t work.

Firewalla app

Once installed, you can use the Firewalla app to see what’s going on, get notifications and create rules or manually block devices from doing things.

Jim Martin / Foundry

Some people don’t like the fact that this is the only way to manage Firewalla devices, and would prefer a web portal instead. For most people that buy a Firewalla to use at home, the app does a perfectly good job.

As new devices are detected on the network, you’ll get notifications. Some of these will be easy to identify, but others might be called “Unkown”, which means you’ll have to do some detective work in order to give them the appropriate name.

Jim Martin / Foundry

Sometimes that means going into the settings on a device, such as a phone or tablet, and finding out its IP or MAC address and then searching for it in Firewalla’s list of devices. Fortunately, it’ll show partial matches, so you might only need to enter the final three digits of the IP address or the first few of a MAC address.

If a device is using MAC randomisation (as iPhones and iPads do) the app will give you step-by-step instructions for how to disable it, so you can monitor and block those devices properly.

By default, new devices are put into a Quarantine list and will only gain access to the internet (and other devices on the network) once you approve them. This is great for keeping control of what (and who) is connected to the network.

Jim Martin / Foundry

Some alarms (notifications) are set up by default, too. If a device uploads a lot of data, you’ll get a notification. But you can turn off notifications and simply check the Alarms list to see what’s happened recently.

As I have several security cameras that record to the cloud, that’s what I tend to in the list, and it’s this sort of insight that can be fascinating. I can see exactly how much data a camera uploaded, and to which region the video went.

You can also see a list of which devices have uploaded – or downloaded – the most data.

Jim Martin / Foundry

The home screen displays overall network performance, the speed of your broadband connection and network traffic over the past 24 hours, so it’s easy to spot if there have been any slowdowns or issues.

Jim Martin / Foundry

Scroll down further and you’ll find shortcuts to the main features which include things such as Smart Queue – which automatically prioritises time-critical traffic such as video streaming and video calls – and Family, which includes Family Protect (a pre-defined set of filters to block porn, violence and other inappropriate tings), Safe Search and Social Hour, which is a simple toggle that blocks social networking for an hour.

One of the best things about Firewalla is that if a feature isn’t doing exactly what you want it to, there are usually alternative methods that you can tweak to your liking.

If Family Protect isn’t filtering out the bad stuff, because it’s just using OpenDNS, then you can create rules that apply to your kids’ devices that are stricter. Similarly, the default ad blocking might not be strict enough, but you can customise it using a different target list by creating your own rule.

One rule you’ll probably want to set up immediately is to allow outbound connections to googleadservices.com, otherwise all Google shopping links will be blocked because they’re ‘ads’, which is frustrating.

Jim Martin / Foundry

The only issue here is that it won’t be obvious to a lot of people why those links are blocked, nor that’s it’s possible to do anything other than choose ‘Default’ or ‘Strict’ mode because those are the only options you see in the Ad Block settings.

This is the beauty of the Gold SE: a lot of its power is hidden away to make it easy to use, and it’ll grow with you as you start to want more from it

But, this is also the beauty of the Gold SE: a lot of its power is hidden away to make it easy to use, and it’ll grow with you as you start to want more from it.

This is why it’s easy to recommend buying a Firewalla even if your networking knowledge is fairly limited. The app will walk you through installing it and the default settings will provide excellent protection without you having to configure anything at all. It doesn’t matter that you’re using only a fraction of its power.

Many features can be turned on or off with a toggle switch, again, without you needing to know how they work. And it’s really not difficult to group devices and start making rules so certain features are enabled only for some devices.

A few features need more knowledge. If you wanted to use the Firewalla as a VPN server you’ll need to set that up, and the same goes for the previously mentioned VLANs.

One of the other cool features is support for docker containers. In essence, the Gold SE is a tiny computer which runs Linux (Ubuntu, to be precise). It has enough power to run extra ‘apps’ such as Pi-Hole or HomeBridge, but they’re sandboxed so can’t interfere with anything else.

You need to be careful if you do start experimenting with these, because configuring them incorrectly can lead to problems and potential security holes, but the point is that the Firewalla’s potential is huge.

If you want to play with these, you can hook up a keyboard and monitor to the USB and HDMI ports: that’s what they’re for. You’ll need to learn some Linux basics, but Firewalla’s tutorials walk you through it all step by step.

Getting back to blocking, there are shortcuts when you tap on any device – or group – that let you block YouTube, Tiktok, and Facebook as well as Gaming, Social, Video, Porn and Internet. It’s a great system because one tap blocks it for an hour, but a second tap applies the block permanently… until you tap it again, at which point the block is removed.

Jim Martin / Foundry

Because the Firewalla is doing the blocking at the network level, it’s not instantaneous and complete like it would be if you used parental control software. It’s still possible to watch videos which have already been cached on the device, as well as comments and other things in social feeds which are also cached. After that, though, any more scrolling or searching won’t work.

A feature being added soon is Users. This will let you assign devices to people and then see, for example, how much time your child has played Fortnite or watched YouTube or Netflix over the past week. Firewalla plans to add tracking for a lot more apps, too, as well as the ability to limit the amount of time spent using any particular app (across multiple devices), which will makes its parental controls considerably more useful.

If you like, you can pin specific devices or groups to the app’s home screen to make these shortcuts really accessible.

Beyond this, there’s a bunch of other stuff including a tool to test your Wi-Fi speed at different places in your home, another to scan for open ports, and yet another to scan for any open ports on devices connected to the network.

Price & availability

The Firewalla Gold SE costs $509 and is available only directly from Firewalla. It isn’t – yet – sold on Amazon, even though the Purple SE model is, in the US at least.

Jim Martin / Foundry

The Purple SE is another new model, which is much more affordable at $249, versus $369 for the regular Purple. The main difference is that the Purple supports broadband speeds up to 1Gbps, but the SE can cope with only 500Mbps – fine if you have no intention of getting faster internet.

Those are the official prices, but they were all discounted at the time of review, with $60 off the Gold SE bringing it down to $449, and making it much better value. You can add the Wi-Fi SD module to your order which saves $15 on the usual $59 price.

If you’re tempted by a Gold SE and you’re in the UK, you’ll have to add VAT, which makes the price around £485. The main issue is that the only shipping option (expedited) costs $49.99, and that makes for a grand total of about £535, which is pretty off-putting.

If you go for the Purple or Purple SE, there’s much cheaper standard shipping that costs $15.99.

Should I buy the Firewalla Gold SE?

Yes, if you have gigabit broadband or faster and need a device that can keep up with that speed. It’s also the right choice if you need multiple LAN ports for isolating groups of devices from each other.

If you have slower broadband and don’t necessarily need those LAN ports, the Firewalla Purple, and Purple SE are a cheaper alternatives that have essentially the same features and, like the Gold SE, doesn’t require any sort of subscription.

Either way, both devices are very easy to recommend to anyone that wants be able to see what’s happening on their home network and be in control of it.

This review originally appeared on techadvisor.com.

Networking