Firewalla is dedicated to making accessible cybersecurity solutions that are simple, affordable, and powerful. Our smart firewalls enable you to shield your business, manage kids' and employees' online activity, safely access the Internet while traveling, securely work from home, and more.
Does offloading the NAT to the router make sense?
Just bought a firewalla purple, I'm a fairly advanced user / quite technical. I was wondering if NAT is putting a decent amount of load on the CPU of the device and if it made sense to put the Firewalla in routing mode so that the firewalla just sends the traffic to a gateway on a different subnet.
Example:
192.168.1.1 AT&T BGW320 Gateway (decent CPU)
192.168.1.2 Firewalla WAN interface
192.168.74.1/24 firewalla LAN network
So I'd configure a static route in the AT&T Gateway, 192.168.74.0/24 -> 192.168.1.2
And I'd disable NAT in the firewalla, and set the default gateway for the firewalla to be 192.168.1.1
Now when a device on my home network, like 192.168.74.10 sends traffic to 192.168.74.1, the firewalla would then send it on to 192.168.1.1 and that's where the NAT occurs and then sends it out to the internet.
The benefit to this design is that the firewalla is still handling all the internal network traffic, which group can access which content, etc. but it's no longer wasting CPU on NAT. Leaving it plenty of CPU for smart queue/aqm, IPS/IDS, monitoring, etc.
Would this work better? I have a 1gbps/1gbps fiber connection at home and want to use a lot of the advanced features of the Firewalla Purple but I see these features as CPU intensive and I'm wondering if I'll end up killing my overall throughput if I enable/utilize too many features.
I wouldn't recommend prematurely optimizing, it will make things more complex with potentially no benefits.
My approach would be to turn everything you want on and benchmark throughput then try the nat configuration you have Here and benchmark again to see if it improves anything. For benchmarking make sure you test it multiple times over a decent length of time and take the average for more accurate values.
My guess is that it probably won't matter, they designed the purple and gold to function as a router and firewall. So you should be able to have everything running without performance issues.
No... NAT is not a huge consumer of resources imo.
The less complexity, the better... develop a baseline and see what happens before making changes.