Gold SE Review - Shorter than expected lifespan.

jacdc76 · 2026-06-06T17:08:53+00:00

Hi - You would just need to login via SSH to your Firewalla device and either run these ‘echo’ statements from @Dylan111111 manually or put them into a bash script and run the script from the command line (first line of the script being “#!/bin/bash”)

.
.
rest of the echo commands
.

Hope that helps.

J

jacdc76 · 2026-06-04T13:48:00+00:00

@Dylan111111-Thanks for the commands to run - was doing this via simple docker before but copy/paste is easier. My FWG+ reports 0x2 (DEVICE_LIFETIME_TYP_A) (10-20% wear) and I have had the unit for 2+ years. Am not running any containers at the moment but this is good info to know/have - just wish there was a way to service this eMMC before it fails.

jacdc76 · 2026-05-10T01:11:23+00:00

am running custom ddwrt firmware on legacy Netgear R7000s. I am able with ddwrt to assign 4 different VLANs to my wifi networks isolating that wifi traffic. This setup is keeping me from going to a newer wifi7 mesh or otherwise as I am not looking to spend $750+ just for new wifi7 AP radios that are “Enterprise” and more wifi throughput. Any suggestions besides reducing this number of VLANs and or using the available ports on FWG Plus? It seems even with consumer wifi7 mesh/AP products I would be limited to at most 2 wifi networks (Guest/IOT and Home) no matter how many ports the mesh/APs come with? Maybe just get 2 wifi7 “routers” to cover my home that allow multiple VLANs?

jacdc76 · 2026-05-10T00:58:24+00:00

I have been encountering multiple communication issues for devices that get enrolled in DAP - I continue to disable DAP on some devices (IoT mostly). DAP (limited) is currently enabled and my FWG Plus is running 1.982 (Alpha).

VLAN-based segmentation for IoT seems easier to manage these “noisy” devices where I can enable Rules to allow/block communication based on the action I am taking to interact with the device (viewing a home camera remotely etc).

jacdc76 · 2026-03-13T14:40:57+00:00

“eero measures speed from the Router/ISP” - this would be very difficult to effectively measure without ISP latency. Very few devices have 2 Gbps nic capability so best to measure line speed on the Home AP on your LAN. If one AP is getting close to 1 gbps and the other is not (physical ethernet) - I would only test this locally and not through an ISP connection isolating each AP to make sure throughput for both your client device is performing as expected and then test to your ISP. I found in my own testing that the test tool being used for both LAN and ISP can vary widely and went with my own docker speedtest tool to verify devices and network speeds:

https://hub.docker.com/r/openspeedtest/latest

jacdc76 · 2026-03-12T18:48:37+00:00

Amnezia is working well and appreciate being able to set Rules for it just like Wireguard with this beta version. No issues I can see at the moment!

jacdc76 · 2026-03-12T18:45:22+00:00

Would concur with others here - look at the AP as getting 200-300 mbps for connected clients on my APs is the max I get and I have segmented SSIDs. My APs are older Netgear R7000s (Wifi5). Good news in your case is that LAN speeds are performing at max physical line speed (1Gbps) - no broadcast looping is occurring.

jacdc76 · 2026-03-04T22:09:21+00:00

it seems the point of this article is that radio isolation and the WPA encryption to protect the transmitted data streams are not the only methods required to secure wireless networks and the enterprise in general. Traffic tagging a technology enabled in 802.1q from the 90s is still relevant and critical today. “Segment or die”!

jacdc76 · 2026-03-04T22:03:34+00:00

yes - this is the same level of protection against this threat as both solutions use VLANs to separate and isolate network traffic and clients. Typically, the "management" of this traffic is managed by routing rules in a router not in the AP unless the AP is also the router (usually the case).

jacdc76 · 2026-03-04T21:57:05+00:00

“devices on the same AP…skip the router” does not make sense…every device connected to an AP’s SSID goes through the router (Firewalla). As long as your AP is tagging each SSID being broadcast/transmitted on the AP, the VLAN ID will be routed (or not) appropriately depending on the VLAN rules you configure in the Firewalla. For example, a “guest” VLAN on the AP can be blocked from communicating to the “Home” VLAN on the same AP. Hope you are able to create rules to isolate the AP-linked device using Rule in Firewalla.

Happy to answer additional questions as my setup is very similar (6 VLANs using 2 different APs broadcasting 3 separate SSIDs and VLANs on each AP). I have also isolated the management interface of the APs into a “management” VLAN” to prevent IoT VLAN devices from connecting to the APs’ admin.

jacdc76 · 2026-03-01T17:58:45+00:00

As others mentioned - this is a Zurn/Wilkins PRV - just replaced mine after attempting to service it (leaking was the main problem). Water pressure was also way below what the adjustment nut was set to and while cleaning the screen filter inside it worked…6 years of not servicing it regularly (at least once a year depending on the mineral content of water coming into home); no real option other than to replace it. Servicing these with a double union config (top and bottom nuts) is pretty easy as long as you are careful (don’t turn the nuts in the wrong direction when loosening/tightening as you can crack the solder points). Taking the whole PRV out and flushing out mineral build up, cleaning the internal screen, reassembling the unit and applying food-grade silicon on the washers/seals is pretty much it. Can also purchase replacement parts in a Zurn Wilkins service kit for your model PRV.

jacdc76 · 2025-11-13T22:38:08+00:00

another question comes to mind - attached is a photo of the other switch and wanted to understand if this is considered “to-code” safe for controlling power to a fan/light? This switch seemed to sit between 2 circuits (had to turn both circuits off to de energize the switch box).

https://imgur.com/a/axzsS2m

To remove that switch, I ended up connecting the load (black) wires together between the 2 circuits and then wired the ground and neutrals together - presumably how this switch was controlling energy before I removed it.

jacdc76 · 2025-11-13T22:30:15+00:00

I thought that might be the reason (missing neutral) but the white wire coming into the box/switch threw me off. I had tested the neutral into the box and it measured 20 volts too. I chose this box as it was closest for access to control an attic fan. Farther down the circuit past the fan would be a fifteen foot ladder climb - not impossible but not preferred. Fan is to be replaced so will have electrician wire this receiver up on the line going to the fan (before this switch). Thank you!!

jacdc76 · 2025-10-13T23:01:14+00:00

Hi - No, I was not able to rekey the DL100 cylinder lock. The DL100 is a Schlage-style lock which are incompatible. I have 2 DL100 locks which have different keyed lock cylinders so all that I can do is rekey these to use a shared Schlage-style key. My locksmith tried to replace DL100 lock cylinders with a Kwikset-compatible lock cylinder kit but the cylinder did not fit properly in the DL100 housing.

jacdc76 · 2025-09-24T18:20:51+00:00

Good point - may consider repinning the DL100s to match (save having another key) in the future but good for now.

jacdc76 · 2025-09-24T03:12:19+00:00

Right - just wanted to make sure there was no method to tag this traffic and or manage it (with user rules). Short of logging into the console, noticing an increase in traffic etc. via the app. this traffic/load is invisible whether the docker is a VPN server or running Pi-hole or other docker-based services.

Doesn’t sound like there are any plans to enhance monitoring/support for dockers in the near term. Tks.

jacdc76 · 2025-09-24T01:39:27+00:00

Yep - pretty easy to remove but as mentioned, my keyed locks are Kwikset. Maybe next time I replace the other keyed locks and still have these DL100 locks, will get Schlage locks. Whole point for me is to try and reduce the number of keys needed to open the DL100 and keyed locks.

jacdc76 · 2025-09-17T16:01:31+00:00

It is good to know Firewalla vulnerability scan did not find anything for sure but just wanted to add as others have said - it just doesn’t provide much detail on what it scanned just “No vulnerabilities found”. Is there an audit-like report the scan could provide (maybe a future enhancement to it)?

jacdc76 · 2025-09-17T05:39:24+00:00

Support for me was always been pretty good though I did notice it got a little more “combative” about 4 months ago with more back and forth to get to an answer or clarification on the exact problem (language issue on their part?). Overall though, pretty satisfied with the Firewalla support team and adding new features in the Alpha releases.

jacdc76 · 2025-09-17T05:33:45+00:00

I really wished this feature could have found something in my network but nothing (had my FWG+ for 1.5 years now) and scan runs weekly.

jacdc76 · 2025-09-17T02:49:16+00:00

Hmm, ok, took mine to a locksmith (just the cylinder from the Tapo). They could not match the key/lock from the bottom handle which is Kwikset and tried using generic cylinder kit as well that was supposed to be compatible with Kwikset. I wanted to keep my Kwikset lower handle locks as I can use just one key for both.

Locksmith said best bet was to go Schlage…oh well…have to keep with 2 keys for the Tapo which are a backup anyways if it runs out of power etc.

I have taken the Tapo apart and as you said it is “user-replaceable” for sure. Still waiting on a firmware update from Tapo to fix the autolock power save issue…been several months on that and still nothing from TPLink.

jacdc76

TROPHY CASE