Web filtering uses OpenDNS and can’t be customised
Requires some networking knowledge to setup and use
The Firewalla Purple is a great gadget for anyone who cares about security and wants to protect and control devices on their home network. It provides great insight into the inner workings of your network and the fact it doesn’t require a subscription is refreshing.
If you’ve ever been frustrated by the lack of features and settings on your ISP-supplied router, a Firewalla could be what you need. It’s a small box that could replace your router completely and offers the security of a smart firewall, in-depth parental controls, extra privacy and plenty more.
To be clear, the Firewalla Purple isn’t really a Wi-Fi router: it’s designed to be used alongside a mesh Wi-Fi system, an access point or your existing router’s Wi-Fi.
It’s a lot like the now-defunct Bitdefender Box and Norton Secure Core routers which were aimed at the more tech-savvy gadget enthusiast who wants to see and control what happens on their network.
Although it may seem expensive, there are no monthly or annual fees to pay – something that could have put people off Norton and Bitdefender’s routers (and still does with quite a few current routers and mesh Wi-Fi systems). It means that the Firewalla Purple is much better value than it initially appears to be.
The Firewalla Purple is also for anyone worried about the security of smart home devices because it lets you see exactly what they’re up to as well as being able to keep them all on a separate network from your phones, computers and other devices.
Features & modes
2x Gigabit Ethernet ports
You might assume from its tiny dimensions that the Firewalla Purple isn’t very capable, but you’d be wrong. Very wrong.
Jim Martin / Foundry
It’s an impressive box of tricks that gives you a lot of insight into what’s actually going on with all your devices and a good deal of control over their access to your network and the internet.
In fact, there are features here that most home users simply won’t know what to do with them all, but if you’re prepared to learn about VLANs and other networking techniques, you can get a lot out of it.
The box itself has a pair of Gigabit Ethernet ports, one for WAN and one for LAN. There are various options for how you’d connect it to your existing router, modem and mesh Wi-Fi but it works best if you set it up in router mode and connect the WAN port to your modem and the LAN port to your mesh Wi-Fi or your existing router (but set that to bridge mode).
Jim Martin / Foundry
However, if that’s not possible – or you don’t have a mesh Wi-Fi system – you can set the Firewalla to Transparent Bridge Mode or Simple / DHCP mode. You’ll lose some features though, such as VPN, smart queue and policy-based routing if you go for Bridge mode.
Installing the Firewalla takes mere minutes, and it comes with an Ethernet cable, USB-C cable and power supply – everything you need. But if you’re ordering from outside the USA, you’ll need to buy the Universal Power Adapter or supply your own that delivers at least 7-9W.
There’s a USB 2.0 port, but that’s currently not used for anything. On the front is a microSD slot, but while you can use this to add features to the Firewalla using Docker containers, that’s not something many home users are likely to understand or want to do.
The built-in Wi-Fi is intended to be a backup in case your main Wi-Fi goes down, and supports only a small number of devices at fairly close range. Enabling it requires a trip to the help section of Firewalla’s website because it’s far from obvious that you need to create a new network, choosing Wi-Fi and then picking an SSID and password.
This Wi-Fi is also useful if you wanted to take the Purple travelling and use it in a hotel room, for example.
Firewalla doesn’t make only the ‘Purple’. Its most popular model is the Gold, which has four Gigabit ports and is capable of inspecting network traffic at over 3Gbps, where the Purple is limited to 1Gbps. But there are lots of other models, including the cheaper Purple SE and Blue Plus and the brand new – at the time of this review – Gold SE which is a slightly cut-down Gold Plus with two, as opposed to four, 2.5Gbps ports.
However, the Purple will be the sweet spot for most people because it’s a lot cheaper than the Gold, yet still has virtually all the features home users would want. Go any cheaper and you start to lose valuable features such as routing, Wi-Fi and others. If you’re concerned that you need more LAN ports, simply buy a cheap, unmanaged Gigabit switch.
Firewalla app and notifications
iOS and Android
Mostly easy to use
You need a phone and the Firewalla app to configure the device, which starts by scanning a QR code on its underside as a security measure to prove it’s yours.
The app is fairly easy to use, but you’ll need at least a basic understanding of networking and which mode to use from the get-go.
Once set up, you’ll begin to get a barrage of notifications in the app about the discovery of new devices and what they’re up to.
Jim Martin / Foundry
This will quickly get annoying, because default “alarms” include that a certain device is watching video, playing games or has an “abnormal upload”. You’ll need to decide which “alarms” you want to know about, configure what constitutes an abnormal upload, or put up with your phone pinging hundreds of times a day.
To begin with, though, it’s amazing being able to see that your security camera just uploaded 400MB of data to a server in the Netherlands or that your child is playing Roblox when they’re supposed to be doing their homework. Shortcuts let you block internet access – or pause the alarm for an hour.
On the app’s home screen you get an overview your network: how many devices are connected, how much data has been uploaded and downloaded in the last hour or 24 hours and a live graph of current upload and downloads.
Jim Martin / Foundry
A bar at the top shows your network performance. Mine was permanently green for the whole time I tested the Firewalla, a good thing, but if there are any problems it will show other colours. You can tap it to get more details, such as the total outage time, amount of packet loss and max. latency.
At this point I discovered a few problems. First, none of my Amazon Echos were working and neither were many of my smart lights. Despite the fact that they were still connecting to the same Wi-Fi network, they’d lost their internet connections.
It turned out this was easily fixed by power cycling each one, and likely down to the fact that the Firewalla was using a different IP address range to the router it replaced. Some devices could handle this change without a reboot, while the others simply couldn’t.
The bigger issue was that my BT TV internet channels stopped working. BT is cagey about exactly how a router needs to be set up for these and says customers must use their Smart Hub 2 in order to watch them, refusing to support any other hardware.
Despite a lengthy conversation with someone from Firewalla’s tech support team, I wasn’t able to get them working without the Smart Hub 2 on the network. And because it doesn’t have an option to set it to bridge mode, this meant compromising and not running the Purple in router mode.
However, in most cases, you should be able to ditch your ISP router and replace it with the Purple. Just remember that if you do that, you’ll need a mesh Wi-Fi system or another way of providing Wi-Fi in your home.
Devices & rules
Rules allow full control over individual devices or groups
Good for controlling kids’ devices
As with routers and mesh systems that show you which devices are on your network, it will be a struggle to work out what’s what from the manufacturer, device name, IP address and MAC address, especially if – like me – you have a lot of devices. Firewalla recommends waiting a couple of hours, though, because the information can improve over time.
Jim Martin / Foundry
I found it was possible to identify some devices, but it really depends upon the kit you own and if you have multiples of anything. I have quite a few Amazon Echo speakers and Fire TVs which all appear identical to each other (they’re not called ‘Echo Dot 5’ and ‘Fire TV Stick 4K’), and the same is true for Philips Hue and other smart lights.
Knowing what’s what is only important if you want to control internet access, though, so it’s not necessary to name each light.
It is important to do that if you wanted to group together all the devices each of your kids has access to, for example. You could then build a group of their phone, tablet, laptop and smart TV and create rules for when they’re allowed to use them.
If you can’t identify a device from the Firewalla app, you’d need to find its MAC address and then find it in the app which, thankfully, you can do by searching for the first few characters.
Another way to easily identify devices is by switching them all off before you install the Firewalla Purple and then turning them on one by one and naming them once they’re discovered.
It’s brilliant to be able to block apps, either to specific devices or groups of devices. There are shortcuts to block YouTube, TikTok and Facebook, but there are more in the App Control list such as Roblox, Instagram and Snapchat.
You can block apps not in the list by finding their ‘flows’. Flows are one of the key ways the Firewalla works. Essentially it’s a series of communications between two devices (such as an iPad and the Netflix server), and you can usually identify which app a flow relates to using the urls you see in the list as they tend to contain the company’s name.
It’s also how the Firewalla is able to alert you that “Jason’s iPad is playing Roblox” or “Kitchen TV is watching Netflix”.
You’ll see the total number of daily flows on the home screen, as well as how many have been blocked (because this is, after all, a firewall).
Rules are another key concept for Firewalla. You can create them manually, but others are created automatically when you enable features. For example, there’s Family Protect (web filtering to block harmful or inappropriate websites) and Safe Search (to prevent the same things appearing in search results).
When you enable these, you must choose which devices and / or groups they apply to. Selecting devices and saving that list creates a rule, one which is easy to edit or disable later on.
Jim Martin / Foundry
Tapping on an individual device brings up a screen with shortcuts to quickly block activities such as social media, video, gaming and porn. As mentioned, you can also block internet entirely, although remember that all of these apply only to the device’s Wi-Fi connection.
A child – or anyone – with a phone could easily circumvent the restrictions by turning off Wi-Fi and using mobile data instead. And that’s why it’s still worth using parental controls on the device itself, such as Apple’s Screen Time or Google’s Family Link.
The other reason those apps are better is because Firewalla’s Family Protect web filtering simply uses the freely available OpenDNS FamilyShield service which you could configure on any old router. The filtering isn’t configurable at all, so this is one feature that’s disappointing.
Jim Martin / Foundry
Scroll further and you’ll see information about the device: its friendly name (which you can edit), its IP address, MAC address and whether it’s online or not. You can choose to get alerts when it comes online, as well as when it goes offline.
Both can be useful depending upon the device. The latter can give you a heads up that there’s a problem with a security camera, and the former could tell you that someone has arrived home because their phone has reconnected to Wi-Fi.
Beyond this you can do things such as blocking specific domains (and domains with wildcards, IP addresses (and subnets), block things based on locations and regions, block specific ports. And on top of that, you can schedule everything and add exceptions to your blocking rules. Phew.
Smart Queus – QoS
The Firewalls can do a lot more. There’s a handy Wi-Fi speed test that lets you see what speed you’re getting in different rooms, or in your garden, and an internet speed test that measures the upload and download speeds your broadband is giving you.
Jim Martin / Foundry
If you have a metered connection, such as if you’re using the Firewalla on holiday or a business trip and hotspotting from your phone, you can set alarms to warn you when data usage hits a certain figure.
Another feature is ad blocking. This works by blocking at a DNS level instead of looking for adverts on webpages or in apps. As with several other features, you have to enable this and choose which devices it applies to.
And like web filtering, it’s not a perfect system. I found that some ads still made it to my screens while others didn’t. I also found that it – or one of the family safety features – caused a problem where I couldn’t tap on any link in Google shopping results: the Firewalla simply blocked them all.
Firewalla explains that this is likely to be the case on its website: “Firewalla’s Ad Block is a lot weaker than many of the desktop versions of Ad Block. Yes, we acknowledge that. Here is the reason: in order to block ads more effectively, an ad blocker needs to access your data stream and manipulate unencrypted data. Firewalla by design will never ever look at your data, and will only look at metadata. That’s why Firewalla will only block certain types of ads, not all. Because of this, Firewalla can not block YouTube ads. We still efficiently block ads from well-known ad sites.”
It’s also why there’s the option to set the ad blocker to default or strict. Default won’t block as many ads, but also causes the fewest problems. Strict does the opposite, and is really designed for the sort of people who can handle fixing it when things break because of it.
Smart Queue is a QoS feature that allows you to prioritise certain activities, apps or network flows so that, for example, downloading Call of Duty doesn’t prevent you from playing an online game at the same time.
Quarantine won’t grant internet access to any new device until you say it can.
The Firewalla Purple also provides cyber security for your devices. Active Protect is one security feature which is on by default and “blocks all high risk network activities”. I never noticed this kicking in, but I did leave it in Default rather than Strict mode.
It will also block websites known to be malicious by default, but it will also block others if it detects any known malware on them.
Jim Martin / Foundry
Don’t consider this a replacement for antivirus software on your PC and phone as it doesn’t prevent malware from being downloaded, especially if you choose to allow access to that site.
It’s worth mentioning, too, that the rest of your household won’t see any alerts or warnings on their devices: they are only sent to phone(s) which have the Firewalla app.
Plus, like the Bitdefender Box and other security routers, the Firewalla will help to protect all devices on your network from attacks even if they can’t run antivirus software, such as your security cameras, video doorbell and smart speakers.
Even now, I’ve barely scratched the surface of what the Firewalla Purple is capable of. However, most of the other features are probably beyond most home users’ comprehension. And it’s important to note that although there is a VPN, it’s not what you might assume.
It’s designed to allow you to use it from outside your home network. For example, if you’re sat in an airport abroad on free public Wi-Fi, you can use this to connect to the internet via your Firewalla and get the same security and protection you would as if you were using your phone at home.
If you did want to configure the VPN so devices on your home network connect via a VPN server (to unblock Netflix, say) you’d still need a subscription to NordVPN or another provider.
If you’re not in the US, you’ll still have to order it from Firewalla’s website and import it to your country.
For those in the UK the base price is about £290, but you’d need to add £10 for shipping, 20% VAT and any import fees, making the real price around £375.
These prices are, of course, less than what you’d pay for a Gold – $485 or roughly £485 including all import fees.
Since Bitdefender and Norton no longer sell their security routers, there really aren’t any obvious rivals aimed at consumers – at least nothing that offers the features available in the Firewalla Purple with no ongoing subscription.
There’s no denying that the Firewalla Purple isn’t for everyone. It’s more user-friendly than, say, an enterprise firewall, and has a great app. But it is a complicated device with advanced features that even technophiles might find baffling.
If you’re only going to use a fraction of what the Purple is capable of doing, then it’s hard to recommend spending the money: a decent mesh Wi-Fi system should have a good few of the Purple’s features, and some even package them into an even friendlier app (Eero’s comes to mind).
The beauty here is that there’s so much more power on offer if you’re prepared to, for example, learn to set up VLANs so only certain devices can talk to each other, or the internet.
Plus, unlike Eero and others, Firewalla doesn’t demand you pay a subscription to use its features: you pay handsomely for the device, but it’s then yours to use and keep.
Ultimately, if you want visibility into what’s happening on your network, you want the sort of control over your devices (or your kids’ devices) that ordinary routers simply don’t give you and you want the extra protection that the Purple provides from malware and hackers (and ad blocking, too) it’s easy to recommend. Let’s just hope it becomes more widely available so it’s better value outside the US.