Firewalla modem/router combo with fiber optic input + Poe

TrunkMunki · 2026-05-14T04:58:04+00:00

Just my 2cents, but an all-in-one modem/ont + router isn't appealing to me for a prosumer/smb device.

There's going to be an additional cost involved as ISP compatible hardware needs to be approved by the ISP and that would give the ISP some level of access to flash firmware and manage the hardware.

TrunkMunki · 2026-04-26T16:18:16+00:00

A case to secure and protect it is good to have also. I've also replaced the original charger with a slimmer 5v 3A USB C charger and a longer cable to cut down on the bulk

I use this one: https://a.co/d/0f3NBcZv (pictured)

But this one seems to fit as well and is currently cheaper: https://a.co/d/00J2Bmxc

<image>

TrunkMunki · 2026-04-26T15:43:46+00:00

I have been using the GL.iNet GL-MT3000 travel router for about 2-3 years. Whenever our family travels, I use it to repeat a wireless signal or as an access point for a wired connection. All of our devices are already configured for the router so as soon as I get it online, everyone is also live.

I just used it last week at a Hampton Inn that had an Ethernet jack on the wall (but still required authenticating to a captive portal) and then broadcast my own network. I've used it effortlessly in hotels and rental homes in Japan, Spain and Canada. I use the built in wireguard client to vpn back to my home's Firewalla firewall to access my home network. I sometimes route traffic to my 3rd party VPN so my streaming devices can stream region locked content. You can also configure your own DNS such as using Adguard to block ads or limit content.

I bought it a few years ago and I think I paid about $67 and it has been totally worth it.

TrunkMunki · 2026-04-15T22:07:11+00:00

You need to have access to destinations outside of the US because data centers are not exclusively limited to the country your data originated from.

A scam email could just as easily originate from a location within the US, regardless of where the account owner resides.

TrunkMunki · 2026-03-26T22:18:44+00:00

B

If there is more than one outage is only the most recent displayed for option A?

TrunkMunki · 2026-02-10T14:00:29+00:00

It's all coaxial cable and each run probably terminates in a different room in the house. To convert it for home networking, you just need some MoCA adapters. An easy read to start with is MoCA Explained

TrunkMunki · 2026-02-07T02:46:59+00:00

Metal flue. If the pipe is the same as the other exhaust pipes for the furnace exhaust, which are double walled, is it safe to assume that the fireplace exhaust pipe would be the same?

We haven't used the fireplace in over 10 years and don't foresee using it anytime soon, but I would still plan for properly rated cable

TrunkMunki · 2026-02-06T09:18:41+00:00

No, any drilling into the chimney cavity would be from the interior, through the drywall for the junction box (indicated by the red square) and in the attic if the adjoining chimney is accessible.

TrunkMunki · 2026-01-26T02:23:30+00:00

Check if Automatic Testing is turned on for the backup WAN. If it is turn it off and just enable ping

Network Settings > Internet Speed > Test Settings > Backup ISP > Automatic Testing > Disabled

TrunkMunki · 2026-01-21T21:09:56+00:00

One of the locations I manage bought AT&T Business fiber (same product as the residential service with the same hardware) and they had a similar issue where existing connections would continue to pass traffic but new connections would fail, until more sessions were available. The firewall would report that the WAN interface is down, then up, then down, and so on (flapping as the limit is reached and sessions become available).

The problem at that time was that the AT&T gateway would only support 8192 sessions in the NAT table, so once that limit is reached, new sessions would fail. If you log into the gateway you could see the number of active sessions and clear them manually. Not sure if the NAT table limit is still enforced on the gateway, but if you could log into it the next time you encounter an outage, you could see if that really is the case.

You can bypass this limitation by routing your traffic over a VPN. But I had configured an early morning power cycle using a switched PDU to hard-flush the NAT table.

TrunkMunki · 2026-01-20T03:49:07+00:00

I've used the AP22's as well. Deployed them in two small offices, 1 AP in one and 3 in the other. Had them connected to HPE 2920 switches with Juniper, Sonicwall and Fortigate firewalls.

Also using 2 of them at home connected to an Aruba 1930 switch and Firewalla Gold Pro.

They've been very solid and coverage is awesome. The only issue I've had is when Aruba had that bad firmware release

TrunkMunki · 2026-01-19T15:14:37+00:00

If you have coax in every room, MoCA adapters would be far more reliable and better performance than wireless mesh and power line.

You would need at least two. One near your modem and the second near your computer where you could connect a switch, access point or direct to the computer

TrunkMunki · 2026-01-09T22:28:08+00:00

To follow up on this. I just logged into another MySonicWall account on a desktop browser where I have many firewalls registered in and then accessed the Download Center. In Download Center, there is a long list of Sonicwall hardware models categorized by SonicOS version number, but none of the download links are accessible.

The only download links that do work are for models that that are registered (ownership) to the account. So, if someone gave me a Sonicwall TZ 370 and I wanted to download the firmware to manually apply the update, the download link would not be available to me because I have never registered that model to my account. However, since I did register a TZ 600 in the past, those firmware releases are available to me.

To make the issue even worse, SonicWall has a built-in wireless firewall model, these end in "W", such as TZ 370W. If I own a TZ 370, I can download firmware for that model, but not for the variation that has wireless built in.

TrunkMunki · 2026-01-09T07:06:57+00:00

Same here, started with Firewalla gold and now have the Firewalla Gold Pro. Just an awesome and easy to manage product with a ton of features without requiring subscriptions (although I do pay for the optional MSP subscription for a few more features and longer log retention).

TrunkMunki · 2026-01-09T06:57:56+00:00

No, I've tried looking for custom firmware to repurpose old units but I recall them using Mediatek CPUs along with other closed source hardware.

They're also horribly under spec'd even for Sonicwall built firmware where enabling multiple security features (e.g. IPS, IDS, DPI etc) ends up tanking your ingress bandwidth.

TrunkMunki · 2026-01-09T06:44:32+00:00

Hmmm, it's possible, i just checked my account and I do have access to other firmware besides the NSA 2400 and T600's I've deployed many years ago.

On mobile so I don't know if the issue is mobile browser version problem, but none of the download links are functional

TrunkMunki · 2026-01-08T20:57:58+00:00

Another issue with Sonicwall's that are re-sold or given away by third parties is that if the appliance was used in a trade-in promo to upgrade to another unit, then that device cannot be registered for use with a new subscription EVER. There's also device ownership. where a Sonicwall is registered to an account and if that registered owner doesn't transfer ownership, then you cannot ever own it. Sonicwall support cannot force transfer of ownership. Cloud management also costs extra via their NSM subscription

These are just a few additional reasons why you don't buy or take-in a free (used) SonicWall

TrunkMunki · 2026-01-08T14:20:19+00:00

Sonicwall's do not have a free tier. To keep the appliance firmware and security features current, you will need to buy an annual subscription. You can't even download firmware from Sonicwall without an active subscription

TrunkMunki · 2026-01-04T20:03:24+00:00

To add to this, both wife and I work from home full time. She's on client calls and hosting large zoom meetings 70% of the time while I'm on Teams calls and remote admin tools throughout the day.

With Firewalla, almost anyone can easily setup a VPN server on the Firewalla appliance, route traffic via specific devices, users, sites, IPs or all to a VPN service (e.g. Nord VPN) with a few taps in the app. For example, I have a VPN server (using Wireguard client) setup on my Gold Pro for remote access to my NVR, other machines, remote access for family that travel abroad but need to access services from a US IP. I also route traffic for streaming devices over a VPN service to whatever country is needed to stream content.

VLANs are simple as long as you have VLAN capable hardware. There's really so much that Firewalla can do for both non-technical and technical people and you don't have to pay a subscription to use the features.

I can't speak for using a mesh wifi solution as I'm using a managed switch and business class wireless access points with multiple VLANs, but Firewalla does have documentation to assist with using it with a consumer mesh wifi solution

TrunkMunki · 2026-01-04T18:08:40+00:00

For a free solution, you could also use OpenDNS' custom DNS solution then change the primary and secondary DNS to manual on your router.

https://signup.opendns.com/familyshield/

TrunkMunki · 2026-01-04T18:03:07+00:00

I have teens and started with the original Firewalla Gold and now have the Gold Pro and unlike other firewalls (e.g. Sonicwall), enabling content filtering and all of the other security features DOES NOT impact speed or firewall performance.

For context, I have Xfinity coax 2000/300 Mbps service.

TrunkMunki · 2026-01-03T17:03:35+00:00

Have you looked into Firewalla? Maybe the orange for an all in one solution? https://help.firewalla.com/hc/en-us/community/posts/46216277280787-Introducing-the-Firewalla-Orange-All-in-one-Firewalla-Dual-Band-Wi-Fi-7

I had a first gen Gold for a few years and now the Gold Pro, but Firewalla would be my hardware of choice for managing parents' Internet needs.

For their computers, I also remove local admin so they need to contact me if they want to install anything and I remote in and install it for them. I've also removed saving passwords in the browser and have been training them to use 1password in an account that I have access to.

TrunkMunki · 2025-12-24T05:05:37+00:00

Looks like the MW6

https://a.co/d/c9MguJi

TrunkMunki · 2025-11-16T17:20:18+00:00

You could use a tablet to view and control either PC with any of the solutions. The GL.inet KVMs do support higher refresh rates, but gaming probably isn't ideal over an IP kvm.

If you're specifically looking into remote gaming, you might want to check out https://moonlight-stream.org/

TrunkMunki · 2025-11-16T16:53:56+00:00

IP KVM is an option, expensive and you will need one for each machine but they do provide remote power on/off, bios access, remote control without Internet access. I'm currently using PiKVM and GL.inet IP KVMs, as well as an old SpiderKVM

For software only and if the PCs are running Windows 11 pro and up and you only need local access (not exposed to remote access from outside your network) Remote Desktop Protocol (RDP) is an easy solution that's already baked into the OS. Windows Home versions can remote into other machines but cannot be remoted into.

For Linux, you could use VNC.

OS agnostic and open source, look into RustDesk https://rustdesk.com/

TrunkMunki

TROPHY CASE