True, the issue was: On the ASA you had two separate systems: ASA base and an FTD. Thinking back to how Cisco used to do IPS they just went the same way. The ASA license comes with the NFGW order.

True, but the ASA software/license comes with NGFW order. It's a few more steps but it's a good learning.

Ahh...I got it! I had to go through the setup for the Hotspot and after I picked my home network, I was able to rename (and reset the password) for the 2.4 and 5GHz bands.

A neighbor hacking you is an act of war, someone might be inclined to disrupt their signal with a HERF cannon or similar deterrent.

I have above gig speed on my network so would putting the Firewalla Blue Plus in bridge mode between the router and hardwired devices would that slow my speed down or only if it is used as the gateway?

Honestly…unless you want the ability to troubleshoot their issues locally, you can’t manage if no internet, then might not be necessary. If there is an internet issue, the Bluetooth troubleshooting is painful. I’ve always been a fan of buy to check out, implement and learn, so hey if you/them want to have some cool features and dashboards I’d say go for it. How do you like the Sophos XG? Im in a 50% Cisco 50% Palo shop so I pretty much stick with those at home. Anyone in IT I’d never recommend any firewall that they don’t use at work, but if they use those then cool. JMO; if you want to be seen as the expert at work, use that at home…

Take a look at Cisco vulnerabilities sometimes….

China, Vietnam, Taiwan….Pretty much everything is made in china at some point these days. You may find some one offs, like Samsung, but iPhone, Google pixel, Dell servers, computers, Cisco servers … etc. It’s an interesting thing though isn’t it, we use china to keep manufacturing costs low but now we’re all worried about “what are they doing.”

If you can get to cli: configure manager delete. You still having issues?

I haven’t tested this personally, typically Cisco allows for use after expiration, they’ve talked about creating a “if it’s not licensed, stop the service” but who knows if they’ll actually do it…

I agree 100% Cisco/Juniper/Palo are typically used by organization/government because that's how they work. Keep in mind, if you want to be a network engineer/security engineer in a job then using this in your infrastructure is a great idea.

@@ntraas1584 Thats why they keep getting hacked, if you really want a secure system you have to go Open source.

You don’t need any specific license to run subinterfaces (trunk ports), BUT you need to have a base license to use the firewall longer than the trial period…

@@ntraas1584 Got it - thank you for the follow-up.

Hey thanks for the message! I hadn’t heard of cloudflare, it looks to be an interesting option to look more deeply into. Firewalla is a good option for home use, honestly a techie probably would go with something else but for the average consumer it’s a move in the right direction.

Firewalla adds lots of things that Cloudflare does not. For example, I need gigabit-level smart queue QoS.

I’m guessing your TP is a non enterprise? Meaning no vlans? Simply enough you’re going to just create a network for the lan interface, not a vlan port, and just connect the TP to the purple. As I don’t know the software for your TP I’m guessing here: plug the Firewalla lan port into a lan port on the TP and done. If the TP only has a routed wan port it may not accomplish what you want but will still connect to the internet. If the TP has a routed internet port only, or otherwise, there may be a setting in the TP to turn it to access point mode and this your wan link will become a lan link.

Otherwise just browse through the TP configuration and try different settings to see what works.

@@ntraas1584 Correct no vlans. Wasn't aware once TP link router turned into access point then the Wan port just becomes another LAN port. Good to know . Thanks again for your in-depth videos on Firewalla

I do tend to go on tangents…thanks for the message!

It actually IS about getting past the Firewalla, the whole reason I brought it up is to show that how many attempts you, as a random person, will get. Port scanners are not sniffers. The other point: if you see port 22, 23, 8080, etc that’s a person or organization around the world looking for open ports for whatever reason. You get a Firewalla for visibility and it acts just like any other stateful firewall. If people don’t see what threats are out there then they will never know, trying to argue semantics about cyber isn’t the point. A commercial grade Firewalla that allows you to get insights into what’s happening and looking at threat prevention, I want my external IP and have a honey pot, if someone breaks in I’ll be able to show that to anyone out there.

Well…if someone actually breaks in I’ll have a good video to make and it’ll ruin Firewalla…

Very cool, it looks like it was implemented on version 1.46. Thank you!

I have not tried bridge mode but I have the purple I need to setup so I’ll check that out and let you know. For ubiquiti I’m wondering what you mean by coexisting. In router mode it simply provides a NAT to the outside, bridge mode will still do monitoring, etc. according to Firewalla: In bridge mode, blocking features, protection features, and the ad blocked will work the same way as in router mode. I wouldn’t use routed mode with ubiquiti unless you have a real need, but they both do static routing.

@@ntraas1584 I just ordered the Purple to test it out in Bridge mode with my Ubiquiti network.

@@troyjohnson1003 nice! I just took mine out of the box. One thing though: patience is key, it can seem like it takes forever at times.

@@troyjohnson1003 that what I'm looking to do as well in bridge mode

As a vpn server it allows you to connect to your home from a remote location; the vpn client allows you to create a site to site, remote access vpn, and the previous 3rd party option.

Very interesting question. For whole home VPN security features you would need to buy a VPN service connection. Firewalla (and keep in mind some models can do this some cannot, might need to verify) check out this firewalla article: https: //help.firewalla.com/hc/en-us/articles/360023379953-VPN-Client. I can’t paste links, so just remove the space after https:. It seems expressesvpn, surfshark, and nordvpn are all possible. By creating a 3rd party vpn using either openvpn or WireGuard you can create the whole home vpn. Keep in mind I have not tired doing this, but may be worth another video!

All great points! The built in VPNs can be a little glitchy at times but when they work they work like a charm. It’s an interesting thing though, that this little device can do and show so much that bigger, Enterprise firewalls, fail to show so elegantly (see the firepower appliance without forwarding logs…). Though with that same thought firewalla really is home and small business. I would definitely recommend this to a business to use if they don’t require more advanced routing and internet features. What’s really the point of IPS if it’s only inside out right? I’m wondering if firewalla will show if an infected machine is sending out data or if everything is listed as “abnormal upload” because the false positives have been numerous.

@@ntraas1584 So far everything seems "abnormal uploads" even legit ones. I have a Firewalla Purple on my mom's Linux PC (I switched her to Linux.. lol!) and I got alerted of an "abnormal upload". I found out though that this was caused by the facebook messenger app. This happens whenever she does video chat with my aunts that are located from other countries. I since muted this traffic so it doesn't alert me anymore. You really have to address the notification alerts as soon as you can or they will pile up quick. Most of the time, one rule can address multiple alerts so you won't have to create one rule per alert. Firewalla would give you a "malicious website" alert if you visit well-known cracks/warez/malicous sites. It won't block you however from accessing them unless you create a rule for it afterwards. On my Firewalla at home, I currently have like 100k+ flows and 61k blocked in just the last 24 hours. I run a crypto miner though and I have a lot of cameras and other smart gadgets connected to the network. I have most of them segmented and the cameras and other stuff that has no business with my local network blocked from connecting to it. I even region blocked china/india/russia/etc. from connecting to my cameras.. 'Coz yea... some of my cameras are made in China and I see China IPs trying to connect to it. As long as I can access my cameras locally and over the Internet, I'm good... everything else is blocked from accessing it. I even saw a suspicious IP that was trying to connect to my NAS. Somehow that IP found out the outside port I'm using on that NAS. Good thing Firewalla alerted me to it. Ever since I changed the port and the user/password credentials (using a password manager), I haven't been alerted again. Maybe it's still trying to poke the old port.. lol