Hello, thanks your training. But my lab after 3:01, my FTD is lose https(I think it is normal), show manager on FTD, always pending status. And FMC has not any log. My FMC version is 7.2.8, and FTD is 6.6.1

I got one of these and i would like to use the usb for a server to access it from away from the network like on the road or on a different network still no luck

why you have added a static route since you have a default one using the same gateway, in my case i do not have same GW and it does not work

My interfaces are down and I can’t get them back up

Best guide I've used. Straight to the point, concise but useful explanations. Great job.

Thanks . Working perfectly.

The way they operate is initial boot is Wind River Linux ------- > Then it loads the FXOS "Hypervisor/os" which then loads LINA (ASA code) which then loads the FTD (small linux distro and snort engine) Which is in parallel to ASA. All layer 4 traffic gets punted to the FTD(Snort engine) then back down to LINA and either it was dropped or it gets forwarded to the next interface. You finally have another product running in the same box called (FDM - Firepower Device manager) which replaces ASDM. There are tons of moving parts internally and lots of potential for trouble. You can order it with just ASA installed or convert from FDM/LINA to ASA.

Life tip. Order this part #FPR1010-ASA-K9 This is the model with ASA Running natively which makes it a drop in replacement to the 5506-x. You get your 2 Anyconnect premium peer licenses (which is no longer included if you get the NGFW part) Firepower Threat Defense is a major mess and its ASA and Snort with Tomcat and other stuff crunched together and its a mess.

Very informative, thank you!

I would like to setup my TP-LINK AC-750 (TL-WR902AC) before my next cruise. I would like to change the names of the 2.4 and 5GHz network SSIDs, so that the name broadcast is unique to MY router.

Hey thanks for your video. I have an ipad with LTE. I want to connect a nest camera in a remote location where i do not have an internet connection. Is it possible to use this router to connect the camera to the ipad that is connected to the internet via mobile data using hotspot mode? Ive tried and when i get to quick setup it cannot see my mobile hotspot. i assume this is because the wifi on the ipad is connected to the router. Is what i am trying to do even possible? Tech support cannot seem to figure it out.

My isp speeds are 1350 down and 250 up. If I use this will I get close to actual speeds? My Asus barely does half. Thinking about using it as an AP instead.

I installed mine today and I love it

You can do active/active. I have a LTE 1101 router that is actively peered to a ASR cluster at SiteA and SiteB at the same time. On the spoke I define two separate tunnels. Crypto ikev2 client is the HSRP address at each site of the carrier facing interface, client connect specifies which tunnel to use.

I’ve been looking for this exact type of format video, especially for Cisco setup in a home environment with detail. Pretty much nonexistent. Thanks for this!

I agree man I hate these hackers my neighbor is hacking my network but my firewalla red in dhcp mode can’t stop it the year I bought it was 2021 it became EOL 2022.

👍

We can't use gigabit wire while traveling, so what should we do in the hotel?

You could have kept your original router and put Firewalla into bridge mode between it and your internal switch. If you are running multiple subnets on your internal network, then create additional bridges on the Firewalla. My home network is set up this way and my Firewalla sees all traffic on my internal subnets. Bridge mode acts as a man-in-the-middle so doesn't NAT traffic.

Thank you!

Promo-SM ✅

if i have three routers at home and connect firewalla with WAN then connect those routers to it, will it be able to see all traffic from those routers? will it matter if they are set to router mode/AP mode?

Yeah, the Firewalla must be the security gateway, core, aggregation and access level all-in-one and be configured in a router-on-a-stick topology for any vlans configured on connected layer 2 access switches. This means that all inter-vlan routing must occur on the Firewalla for it to be able to apply rules to control traffic within the local network and to the internet. If you have a need to run layer 3 routing to the access layer in a multi-layer network the Firewalla won't be a good choice. The whole router-on-a-stick design required by the Firewalla means that it cannot function on high performance 10G networks. If a home runs some 10G interconnects between a couple of switches and something like a NAS the Firewalla is going to be a point of congestion.

I'm looking at one of these for a family member for the keep it simple aspect, they're not tech savy etc. Me I'm in the trade, so will continue to run Cisco CBS switches at home with whatever firewall I'm exploring. Been running Sophos XG for a while, but spending time with pfsense and opnsense at present.

23:14 There is also Mikrotik, which gives more control and doesn't need subscriptions and DLCs. RB5009 can be found for ~$170 and outperforms any of these devices - I think more affordable for a homelab than Cisco + cost of their DLCs.

Hi, have you tried to configure one of the interfaces (inside) as a switch port trunk and associate it with multiple VLANs? I am having an issue wherein, it will work when newly configured but will stop working after reboot. I made sure that all changes are deployed. I needed to change the interface to routed and then change it back to switchport trunk to make it work but again will stop working after reboot.

"This one is, of course, China". LMAO

google "firewalla vulnerabilities" Yikes! Not interested in something like this as my edge router/firewall

Is Ubiquity manufactured in china (flashed firmware, etc..)?

Great video - outstanding work compared to others I watched. What I don't like about Firewalla is their devices are manufactured in China. I believe the firmware is also flashed in China (asked their support to find out). Supply chain attacks are a big problem. I do not think they reflash them or offer coreboot in the USA to save money. For me, I always buy hardware with coreboot bios and toss on ipfire or pfsense. I also run pi-hole on a raspberry pi and configured to block 3 million bad urls that updates these know bad lists weekly. I just don't want to install a FIREWALL to protect my network from being hacked from the same folks who bought it. China hacks the heck out of the USA. Hi Mr. Burglar, I know you keep trying to break into my network, but hey, you are cheaper costs so can you build my home security system so i can use it to protect against burglars including you guys? Just doesn't make sense at all to me. But Cisco/Juniper/etc.. all has their stuff manuafactured in china then everyone scratches their head and tries to figure out how china got into their networks. If they were fully manufactured in the USA though, I would buy it! Seems like a great solution, but way to many backdoors hitting the news lately and just to risky. Yes, everything is made in china (iphone chips, etc..), but, for a edge router, I want that one single device NOT flashed by the chinese.

How to factory reset the firepower 1010? My system connects to the internet and after a few minutes, it drops connection and none of the services work.

Thank you for the video, it is very informative. just wanted to ask, what will happen to the license like AnyConnet or security plus license if it is activated in ASA and then we switch to Firepower. will it still be active?

I took down my OPNSense firewall/router device & got this. I have had no issues to date and the simplicity & visibility is just great. My home network has UniFi APs, a UniFi switch & quite a few devices including IOT.

Question, what happens if 90 days evaluation ends?. can we still use as nat devices

Could be the best firewall in the world, I will never buy a firewall with subscription services, but thanks for the video at least now I know that. Staying with Pfsense on my own hardware.

hi, which interface that i should connect to download the image?

Great video.

I don't hate hackers. I'd be out of a job if they didn't exist.

Hi nTRaaS - very informative video - thank you. Question: Do you know if a license is needed in order to have "VLAN Trunk Ports" enabled on a FPR 1010?

Why use Firewalla when you can run your network through Cloudflare? I mean I get it because of latency but still for me in EU it doesnt add any latency at all and it all runs smooth so yeah..... Nothing against firewalla but id rather use Fortigate then 😉 Cheers

Any VPN were turned off too right?

Dude, you are jumping all over the place which makes it hard to follow.

I need this: thank you.

Great video! No in-depth videos on firewalla like yours. I am upgrading from the Firewalla Blue plus that I connected in simple mode, to the Purple that I want to connect in router mode. I have a TP-Link Ax21 router that I'll switch to an access point. My question is when I connect the Firewalla Purple LAN side to the now TP Link access point do I connect it to the LAN or WAN of the TP Link. Much appreciate your videos! Stay well! Tony

This really is a replacement for the likes of pfsense opnaense etc. it’s strength is being a firewall and QOS. Use it as the gateway. That’s what it has been designed for.

This is good, thank you. Some feedback: spent too much time exploring "Blocked Connections" and where they're coming from (ie around 7:26) So much of this traffic happens it is really not interesting unless you trigger the scenario where you WANTED traffic to get in but it was blocked (and you had to resolve that issue) Meant to be encouraging. :-) There are not a lot of very technical reviews on Firewalla so please keep going. Cheers

Thanks for the video -- just installed my Firewalla gold -- super easy and good GUI.

Thank you for this. It is incredibly hard to find good Firewalla reviews and deep dives like this on RU-vid. Please keep covering these devices, you gained a Sub from me!

Ty for the video and appreciate the feedback. IT and Cyber inclined - I want simplicity. Not only that but ease of use not only for me but my better half. I do this for a living and I enjoy it but time at home doing other things is more of a priority now. Things change in life. Just like you, I will take down my pfsense box and give this a shot. I can't knock it much until I give it a shot.

First you should have blocked your WAN info. Its not so much about getting past your firewalla its more from the cyber side. Pretty easy to mask the public facing IP and make it look like you have done all sorts of stuff. Second all of those "attempts" you see at 4:45 are sniffers trying to see what you have open. This is all textbook 101 stuff