Hoping someone can help me please.
My use case:
I have a primary home (site A) which will have media/ self hosted server and seperate holiday property (Site B) which has a backup NAS.
Thinking of getting the Firewalla Gold Pro for Site A and Gold Plus for Site B.
Would like to setup VPN between sites for offsite backup and ability to stream media.
Question:
Firewallas will be plugged into Internet Service Provider (ISP) modem/router.
After watching Firewalla vids/reading docs it talks about setting up port fwd on the ISP modem. Is this safe? ImAre there any other ways of setting up my use case. I am not overly tech savvy.
It is safe as the firewalla will be protecting everything behind it.
It would be better if you can put the ISP router in bridge mode or the firewalla in the DMZ, this way you don’t have to deal with ports on two devices, just manage the firewalla.
The assumption with port forwarding on ISP equipment is that it’s a combo device (gateway & router in one). It sounds like your gateway (ONT) and router are separate devices, so you can set firewalla in place of the existing router and only deal with port forwards on it. with site to site VPN, you may not need to forward any ports at all.
Sorry for the silly question in advance!
When you mention Bridge Mode, is that effectively removing the ISP router (and using FW as the router?
Or is it basically connecting the FW into ISP router and the “smarts of network management” like VLAN/DHCP etc be managed by FW.
My current ISP router is connected to the ONT on the wall via the WAN connection port.
There are 4 lan ports on the ISP modem of which:
- 1 goes to a 16 port switch (providing internet via cat6 to rj45 jack points around the house) and
- 2 are connected via rj45 to wireless APs
Thank you for the info. My ISP doesnt do fixed fixed IP addresses - hopefully thats not an issue with VPN (site to site or otherwise)
Do you have fios?
You can technically remove the router and have the Ethernet from ONT plug into the wan of the firewalla and connect your switch to a lan port on firewalla.
If you have tv service, you would need the isp router, but can plug its wan port into a port in the switch or firewalla.
Firewalla has built-in DDNS. As long as you have a public IP at the host site, site-to-site will work even if the client site is behind CGNAT.
No, I dont live in the US.
Not sure what ISP settings would need to be setup on the FW but their website mentions following settings if that helps (sorry this is like voodoo to me):
Operating mode: MDI/MDIX
PPP protocol: PPPoE
PPP username:
PPP password:
PPP auth type: PAP
PPP mode: Always on (dial on demand disabled)
Encapsulation: 802.1Q
PCP marking: 0
VID (or VLAN): 10
MTU: Auto or 1500
Looks like you have PPPoE, I’m not too familiar with it.
I would say do some searches here and on help.firewalla.com, also send a detailed email to [email protected] with info on your setup and who the ISP is, to get information on setup.
