I’m bored on a Sunday morning and thought I would share.
Of late, my Mesh Pro Wifi was making me worry. It probably should have made me worry sooner but … better late than never.
I had been thinking about a whole house firewall for awhile which is another thing I’m probably really late to the game on, now that I see what is possible.
I installed a Firewall Gold SE to be the “Router/Firewall” for the house. I as previously mentioned, I had a 3-AP setup with the Mesh Pro Wifi.
Here’s how it looks:
One update… I did 1 more wiring change…
Cable Modem (1 Gb) ← > 1Gb Firewalla/Firewall 2.5 Gb ↔ 2.5 Gb Switch ↔ 2.5 Gb Wyze Mesh Pro Wifi (x2).
My 3rd uses the air. This is the correct way. MUCH faster. The AP came on-line in 60 seconds once plugged in.
** in this example, Mesh Pro WiFi is in “Bridge” mode. This means the AP’s don’t hand out IP’s, they simply facilitate the WIFI connection for devices. Which Wyze does VERY well I think.
Below is an example of the the last 24 hours of my 26 cameras and the traffic they generate. I can also see that when cameras are generating events and uploading, they are sending about 4-5 Mbs Up in a stream. I need more data to know what “normal” patterns are.
The Firewalla has shown me that all the cameras, lights, lock, vacuum and etc… ONLY talk to US and Canadian servers. With 90% of the traffic to US servers.
I have some pretty strict rules setup on the Firewalla and have applied OpenVPN to the Camera Group within the Firewalla so all the cameras are using Private Internet Access VPN’s connection.
I’m sort of stress testing having all the “hatches batten down” to see what works, sort of works, or outright doesn’t.
With all knobs set to 11 (I think), using VPN on all 26 cameras… I am not seeing any perceivable hit to the opening of cameras, events captured or lag. This is purely anecdotal.. I’m not doing this in any scientific way.
Previous to this firewall installation, my cameras had NO performance issues. I know the forums love to beat up on the cameras and their signals but I simply disagree.
A Mesh Wifi network that has proper coverage, tuned correctly so that it’s not hindering traffic with policy/firewall/IDS type detections, has enough nodes for all the devices (I have 90), and has the proper network speeds for that load, will work with no issues. That is my check down list for network troubleshooting.
This chart says I averaged 1.60 GB of traffic/hour (up or down) for the last 24 hours. 38.6 GB total. Kind of like a 1080p movie is streaming at all times???
I would highly recommend a Firewalla to anyone that is looking for a whole-house Firewall solution. It works pretty awesome out of the box but the advanced features will take some learning to a newby. I’m happy to answer questions. Their website explains all the steps to do things in detail though. It makes even more sense when you can press buttons and read their article.
I have found some chatty things on my network (I’m looking at you Samsung TV). You can setup rules to put something in a device group that is NOT allowed to Upload to the Internet and is NOT allowed to see anything on the local network. A true time-out room.
As most firewalls, you can put things in all kinds of buckets to sequester them off, apply different policies (like VPN or no VPN, Ad-Block, Violence, Adult, etc blocking)… even Region blocking to block a specific country, and basically just keep them from talking to other devices. It’s not quite a VLAN but close to it.
Their AP’s are compatible with VqLan??(I think that’s what it is called) and your VLan to make that all happen if you have a managed switch.
I’m pretty happy with the setup now. Takes the security responsibility away from Wyze since they aren’t updating the Router and have truely abandoned it. But I can still use them for connectivity until I can switch them out. I like that I can watch traffic in real-time at any level… whole network, group, device. Firewall dashboard is available in browser too.
The data is presented very clearly and easy to understand. The app on the phone is the same. A+ in my book. I’m getting older and easily impressed though.
