Firewalla Purple Review: Network Magic

If you’ve ever been frustrated by the lack of features and settings on your ISP-supplied router, a Firewalla could be what you need. It’s a small box that could replace your router completely and offers the security of a smart firewall, in-depth parental controls, extra privacy and plenty more.

To be clear, the Firewalla Purple isn’t really a Wi-Fi router: it’s designed to be used alongside a mesh Wi-Fi system, an access point or your existing router’s Wi-Fi.

It’s a lot like the now-defunct Bitdefender Box and Norton Secure Core routers which were aimed at the more tech-savvy gadget enthusiast who wants to see and control what happens on their network.

Although it may seem expensive, there are no monthly or annual fees to pay – something that could have put people off Norton and Bitdefender’s routers (and still does with quite a few current routers and mesh Wi-Fi systems). It means that the Firewalla Purple is much better value than it initially appears to be.

The Firewalla Purple is also for anyone worried about the security of smart home devices because it lets you see exactly what they’re up to as well as being able to keep them all on a separate network from your phones, computers and other devices.

You might assume from its tiny dimensions that the Firewalla Purple isn’t very capable, but you’d be wrong. Very wrong.

Features & modes

• 2x Gigabit Ethernet ports
• Short-range Wi-Fi
• Portable

You might assume from its tiny dimensions that the Firewalla Purple isn’t very capable, but you’d be wrong. Very wrong.

It’s an impressive box of tricks that gives you a lot of insight into what’s actually going on with all your devices and a good deal of control over their access to your network and the internet.

In fact, there are features here that most home users simply won’t know what to do with them all, but if you’re prepared to learn about VLANs and other networking techniques, you can get a lot out of it.

The box itself has a pair of Gigabit Ethernet ports, one for WAN and one for LAN. There are various options for how you’d connect it to your existing router, modem and mesh Wi-Fi but it works best if you set it up in router mode and connect the WAN port to your modem and the LAN port to your mesh Wi-Fi or your existing router (but set that to bridge mode).

However, if that’s not possible – or you don’t have a mesh Wi-Fi system – you can set the Firewalla to Transparent Bridge Mode or Simple / DHCP mode. You’ll lose some features though, such as VPN, smart queue and policy-based routing if you go for Bridge mode.

Installing the Firewalla takes mere minutes, and it comes with an Ethernet cable, USB-C cable and power supply – everything you need. But if you’re ordering from outside the USA, you’ll need to buy the Universal Power Adapter or supply your own that delivers at least 7-9W.

There’s a USB 2.0 port, but that’s currently not used for anything. On the front is a microSD slot, but while you can use this to add features to the Firewalla using Docker containers, that’s not something many home users are likely to understand or want to do.

The built-in Wi-Fi is intended to be a backup in case your main Wi-Fi goes down, and supports only a small number of devices at fairly close range. Enabling it requires a trip to the help section of Firewalla’s website because it’s far from obvious that you need to create a new network, choosing Wi-Fi and then picking an SSID and password.

This Wi-Fi is also useful if you wanted to take the Purple travelling and use it in a hotel room, for example.

Firewalla doesn’t make only the ‘Purple’. Its most popular model is the Gold, which has four Gigabit ports and is capable of inspecting network traffic at over 3Gbps, where the Purple is limited to 1Gbps. But there are lots of other models, including the cheaper Purple SE and Blue Plus and the brand new – at the time of this review – Gold SE which is a slightly cut-down Gold Plus with two, as opposed to four, 2.5Gbps ports.

However, the Purple will be the sweet spot for most people because it’s a lot cheaper than the Gold, yet still has virtually all the features home users would want. Go any cheaper and you start to lose valuable features such as routing, Wi-Fi and others. If you’re concerned that you need more LAN ports, simply buy a cheap, unmanaged Gigabit switch.

Firewalla app and notifications

• iOS and Android
• Web portal
• Mostly easy to use

You need a phone and the Firewalla app to configure the device, which starts by scanning a QR code on its underside as a security measure to prove it’s yours.

The app is fairly easy to use, but you’ll need at least a basic understanding of networking and which mode to use from the get-go.

Once set up, you’ll begin to get a barrage of notifications in the app about the discovery of new devices and what they’re up to.

This will quickly get annoying, because default “alarms” include that a certain device is watching video, playing games or has an “abnormal upload”. You’ll need to decide which “alarms” you want to know about, configure what constitutes an abnormal upload, or put up with your phone pinging hundreds of times a day.

To begin with, though, it’s amazing being able to see that your security camera just uploaded 400MB of data to a server in the Netherlands or that your child is playing Roblox when they’re supposed to be doing their homework. Shortcuts let you block internet access – or pause the alarm for an hour.

On the app’s home screen you get an overview your network: how many devices are connected, how much data has been uploaded and downloaded in the last hour or 24 hours and a live graph of current upload and downloads.

A bar at the top shows your network performance. Mine was permanently green for the whole time I tested the Firewalla, a good thing, but if there are any problems it will show other colours. You can tap it to get more details, such as the total outage time, amount of packet loss and max. latency.

At this point I discovered a few problems. First, none of my Amazon Echos were working and neither were many of my smart lights. Despite the fact that they were still connecting to the same Wi-Fi network, they’d lost their internet connections.

It turned out this was easily fixed by power cycling each one, and likely down to the fact that the Firewalla was using a different IP address range to the router it replaced. Some devices could handle this change without a reboot, while the others simply couldn’t.

The bigger issue was that my BT TV internet channels stopped working. BT is cagey about exactly how a router needs to be set up for these and says customers must use their Smart Hub 2 in order to watch them, refusing to support any other hardware.

Despite a lengthy conversation with someone from Firewalla’s tech support team, I wasn’t able to get them working without the Smart Hub 2 on the network. And because it doesn’t have an option to set it to bridge mode, this meant compromising and not running the Purple in router mode.

However, in most cases, you should be able to ditch your ISP router and replace it with the Purple. Just remember that if you do that, you’ll need a mesh Wi-Fi system or another way of providing Wi-Fi in your home.

Devices & rules

• Rules allow full control over individual devices or groups
• Good for controlling kids’ devices

As with routers and mesh systems that show you which devices are on your network, it will be a struggle to work out what’s what from the manufacturer, device name, IP address and MAC address, especially if – like me – you have a lot of devices. Firewalla recommends waiting a couple of hours, though, because the information can improve over time.

I found it was possible to identify some devices, but it really depends upon the kit you own and if you have multiples of anything. I have quite a few Amazon Echo speakers and Fire TVs which all appear identical to each other (they’re not called ‘Echo Dot 5’ and ‘Fire TV Stick 4K’), and the same is true for Philips Hue and other smart lights.

Knowing what’s what is only important if you want to control internet access, though, so it’s not necessary to name each light.

It is important to do that if you wanted to group together all the devices each of your kids has access to, for example. You could then build a group of their phone, tablet, laptop and smart TV and create rules for when they’re allowed to use them.

It’s brilliant to be able to block apps, either to specific devices or groups of devices

If you can’t identify a device from the Firewalla app, you’d need to find its MAC address and then find it in the app which, thankfully, you can do by searching for the first few characters.

Another way to easily identify devices is by switching them all off before you install the Firewalla Purple and then turning them on one by one and naming them once they’re discovered.

It’s brilliant to be able to block apps, either to specific devices or groups of devices. There are shortcuts to block YouTube, TikTok and Facebook, but there are more in the App Control list such as Roblox, Instagram and Snapchat.

You can block apps not in the list by finding their ‘flows’. Flows are one of the key ways the Firewalla works. Essentially it’s a series of communications between two devices (such as an iPad and the Netflix server), and you can usually identify which app a flow relates to using the urls you see in the list as they tend to contain the company’s name.

It’s also how the Firewalla is able to alert you that “Jason’s iPad is playing Roblox” or “Kitchen TV is watching Netflix”.

You’ll see the total number of daily flows on the home screen, as well as how many have been blocked (because this is, after all, a firewall).

Rules are another key concept for Firewalla. You can create them manually, but others are created automatically when you enable features. For example, there’s Family Protect (web filtering to block harmful or inappropriate websites) and Safe Search (to prevent the same things appearing in search results).

When you enable these, you must choose which devices and / or groups they apply to. Selecting devices and saving that list creates a rule, one which is easy to edit or disable later on.

Tapping on an individual device brings up a screen with shortcuts to quickly block activities such as social media, video, gaming and porn. As mentioned, you can also block internet entirely, although remember that all of these apply only to the device’s Wi-Fi connection.

A child – or anyone – with a phone could easily circumvent the restrictions by turning off Wi-Fi and using mobile data instead. And that’s why it’s still worth using parental controls on the device itself, such as Apple’s Screen Time or Google’s Family Link.

The other reason those apps are better is because Firewalla’s Family Protect web filtering simply uses the freely available OpenDNS FamilyShield service which you could configure on any old router. The filtering isn’t configurable at all, so this is one feature that’s disappointing.

Scroll further and you’ll see information about the device: its friendly name (which you can edit), its IP address, MAC address and whether it’s online or not. You can choose to get alerts when it comes online, as well as when it goes offline.

Both can be useful depending upon the device. The latter can give you a heads up that there’s a problem with a security camera, and the former could tell you that someone has arrived home because their phone has reconnected to Wi-Fi.

Beyond this you can do things such as blocking specific domains (and domains with wildcards, IP addresses (and subnets), block things based on locations and regions, block specific ports. And on top of that, you can schedule…