Expert’s Rating
Pros
- No subscription required
- Good app
- Can grow with you as you want to do more
Cons
- Expensive, especially in the UK
- No option to use a web portal instead of the app
- App blocking can take a while to come into effect
Our Verdict
The Firewalla Gold SE does an excellent job of protecting your network, letting you see what’s going on and giving you good control over what devices can and can’t do. It’s expensive, but good value considering you don’t need to pay an ongoing subscription.
Price When Reviewed
$509
Best Prices Today: Firewalla Gold SE
Whether you’re a tech enthusiast or not, you’re probably unaware of most of the stuff that happens on your home network. Is someone trying to hack into your security camera? Is someone downloading movies or games illegally? Maybe your kids have snuck a tablet into their room and are on TikTok when they’re supposed to be in bed.
Your router is almost certainly incapable of telling you the answers to these questions, so you’re none the wiser. I’m willing to bet that it doesn’t give you many (or any) easy ways to manage all the devices connected to its Wi-Fi, or let you control when your kids can and can’t use the internet – much less which apps they can use.
If you want this sort of insight and control, you need a Firewalla. The Gold SE is the latest device to emerge from the US-based company and is designed to be a more affordable option than the Gold (and Gold Plus) for those with fast broadband.
Features & design
- 2x 2.5Gbps ports
- 2x 1Gbps ports
- No Wi-Fi
As the name implies, the Firewalla Gold SE is a firewall. Yes, your router already has a firewall but it’s probably not all that great. And aside from the fact that it won’t tell you what’s going on, you have to use an impenetrable browser-based user interface if you want to make any changes.
Firewalla’s mission is to “make cybersecurity simple, affordable, and powerful for everyone” and that’s exactly what the Gold SE does – and more. Although it’s a piece of hardware, the companion app is what makes it so easy to use and accessible.
The hardware looks pretty cool – for a piece of networking kit – and unlike the Firewalla Purple I reviewed earlier this year, it has a metal case which lends it a more premium feel. That’s a good job, because it’s a lot more expensive.
Jim Martin / Foundry
On one side are four Ethernet ports: a pair of 2.5Gbps LAN and WAN, and a further pair of 1Gbps LAN ports. This saves on cost, as not everyone needs a trio of 2.5Gbps LAN ports. And if you do, then go and buy the Firewalla Gold Plus instead.
Even if you don’t have 2.5Gbps broadband right now, the way things are going it’s not far away and it’s well worth future-proofing your purchase if you already have full fibre (FTTP) of some description.
On the other side are a microSD slot, a USB port, an HDMI output and another USB port with a red security dongle plugged into it, which is for pairing and activation and should be left attached. Dust covers are inserted just to protect any ports you don’t use.
Jim Martin / Foundry
The microSD slot is for docker containers, which I’ll come to later, along with the HDMI output.
In the box you get a USB-C cable and a US power supply. You can use it in other countries with 230V with a simple adapter.
What does the Firewalla do?
- Stops hackers and malware
- Gives you insights into your network
- Lets you block apps, websites and internet on specific devices
- Lets you isolate devices from one another
Before explaining the Gold SE’s many features, it’s crucial to point out that none require a subscription. Once you’ve bought your Firewalla, it’s yours to use with no further expense.
Its primary job is to act as the gateway to your home network and stop anything untoward from accessing your devices.
It does this by analysing all the data coming in over your broadband connection, and also the stuff going out. It already knows what is a ‘bad thing’ and blocks those things from going any further. That means malware should be stopped before antivirus software on any of your devices even sees it.
The Firewalla also blocks ads (if you want it to) and looks at the behaviour of devices, then sends you an alert via the app so you know what’s going on.
It might be as innocuous as “watching video” or “playing games” but it might also be an “abnormal upload” that you can check out.
Jim Martin / Foundry
One of the main benefits of this protection is that the Gold SE can help to protect security cameras, smart displays and other devices that can’t run security software from being hacked.
Like traditional security software, it can also block and warn you about dangerous websites, but without you having to install software or browser extensions on every device.
While a lot of the features apply to every device by default, the real power of the Firewalla is the fine control you have over exactly what it does. You can easily create rules to allow or block certain devices or groups of devices from doing certain things.
For example, you could group all your kids’ devices together and create a rule that blocks internet access from 9pm until 7am the following morning.
But if that’s not specific enough, you can create another rule that prevents a particular device from using the internet at another time. And because there’s no limit on the number of rules, you can allow or block internet access as many times during the day as you like to whichever devices you like.
One of the rules I’ve set up is to block internet access to the Fire TV Sticks and Echo Show 15 in my home so my kids can’t watch stuff after their phones and tablets block.
Of course, internet is only one of the things you can allow or block. There’s also IP addresses, domains (websites), specific ports, categories of website (gaming, social, porn, P2P, gambling) and apps.
Jim Martin / Foundry
Currently, the list of apps is quite short, but it does include most of the apps parents are likely to want to control including Tiktok, Snapchat, Instagram, YouTube, Roblox and Discord.
You can block other apps, but it takes a bit of investigative work to figure out which domains the app uses and block those.
One of the more advanced features is network segmentation. It’s nice being able to group devices and set rules, but the Gold SE can also keep devices from talking to each other. A common way this is used is to isolate all your IoT devices, such as cameras, smart speakers, smart appliances and others from your phones, tablets laptops and PCs.
This means that should anyone manage to hack into a poorly secured camera, they wouldn’t be able to access your PC, phone or any other device containing sensitive data.
Thanks to the three LAN ports on the Gold SE, you can connect devices to inexpensive unmanaged switches, which means you’re not limited to just one device on each port.
However, since most of the devices I’m talking about use Wi-Fi and not Ethernet, you’d need to connect a Wi-Fi access point to one of the LAN ports to create a separate Wi-Fi network from your main one.
And if you want to have more than three separate LANs, you’d need to use the Gold SE’s VLAN feature which is even more advanced and requires you to use more expensive managed switches.
Setup
It’s important to note that the Gold SE doesn’t have Wi-Fi itself: it isn’t a Wi-Fi router. You can buy Firewalla’s Wi-Fi SD add on, but that won’t turn it into a Wi-Fi router. Instead, it’s intended as a backup measure so you can use your phone as a hotspot and share its data connection to your whole home network if your main broadband goes down.
Typically, you would connect the Firewalla to your existing router using its WAN port, and then connect a Wi-Fi access point or mesh Wi-Fi system (set to bridge mode) to one of the LAN ports.
The Firewalla can’t monitor or control any other devices connected to your existing router, which is why it’s best to disable its Wi-Fi and use a mesh system or access point connected to the Firewalla.
It may sound complex, but Firewalla’s app walks you through the entire setup process and outlines the various ways you can add the Gold SE into your current setup. There’s also a very helpful getting started guide on Firewalla’s website.
Jim Martin / Foundry
In the ideal world, you would use it in router mode, and set your existing router to bridge mode. You can use the Firewalla in bridge mode instead to “transparently monitor your network” but you’ll lose most of the best features.
You can also select Simple or DHCP mode which is for when you want to keep your old hardware setup just as it is, but in reality, these are legacy modes which are likely to be phased out beginning in 2024. In their place is an Experimental Simple Mode (in beta at the time of review) which is compatible with more routers: the old Simple Mode required you to have one of a specific list of routers, otherwise it wouldn’t work.
Firewalla app
Once installed, you can use the Firewalla app to see what’s going on, get notifications and create rules or manually block devices from doing things.
Jim Martin / Foundry
Some people don’t like the fact that this is the only way to manage Firewalla devices, and would prefer a web portal instead. For most people that buy a Firewalla to use at home, the app does a perfectly good job.
As new devices are detected on the network, you’ll get notifications. Some of these will be easy to identify, but others might be called “Unkown”, which means you’ll have to do some detective work in order to give them the appropriate name.
Jim Martin / Foundry
Sometimes that means going into the settings on a device, such as a phone or tablet, and finding out its IP or MAC address and then searching for it in Firewalla’s list of devices. Fortunately, it’ll show partial matches, so you might only need to enter the final three digits of the IP address or the first few of a MAC address.
If a device is using MAC randomisation (as iPhones and iPads do) the app will give you step-by-step instructions for how to disable it, so you can monitor and block those devices properly.
By default, new devices are put into a Quarantine list and will only gain access to the internet (and other devices on the network) once you approve them. This is great for keeping control of what (and who) is connected to the network.
Jim Martin / Foundry
Some alarms (notifications) are set up by default, too. If a device uploads a lot of data, you’ll get a notification. But you can turn off notifications and simply check the Alarms list to see what’s happened recently.
As I have several security cameras that record to the cloud, that’s what I tend to in the list, and it’s this sort of insight that can be fascinating. I can see exactly how much data a camera uploaded, and to which region the video went.
You can also see a list of which devices have uploaded – or downloaded – the most data.
Jim Martin / Foundry
The home screen displays overall network performance, the speed of your broadband connection and network traffic over the past 24 hours, so it’s easy to spot if there have been any slowdowns or issues.
Jim Martin / Foundry
Scroll down further and you’ll find shortcuts to the main features which include things such as Smart Queue – which automatically prioritises time-critical traffic such as video streaming and video calls – and Family, which includes Family Protect (a pre-defined set of filters to block porn, violence and other inappropriate tings), Safe Search and Social Hour, which is a simple toggle that blocks social networking for an hour.
One of the best things about Firewalla is that if a feature isn’t doing exactly what you want it to, there are usually alternative methods that you can tweak to your liking.
If Family Protect isn’t filtering out the bad stuff, because it’s just using OpenDNS, then you can create rules that apply to your kids’ devices that are stricter. Similarly, the default ad blocking might not be strict enough, but you can customise it using a different target list by creating your own rule.
One rule you’ll probably want to set up immediately is to allow outbound connections to…