I have seen quite a few posts on here of Firewalla units being used with Alta Labs. If you use a Firewalla unit do you also use the catergorisation options in the APs such as IOT, Internet only etc. or do you just use VLAN Segregation etc.
Just interested to see how People have theirs set up and also wondering if you use both methods if there is a potential issue / s?
Thanks, Ian
I have a Firewalla Gold and used it with Aruba Instant On APs and switches. I had different VLANs for Iot, guest and private devices. When I replaced the APs with the Alta APs a few month ago, this setup no longer works.
I had problems with Google Nest (audio) devices, AirPrint, Elgato Keylight,Sonos… Discovery worked most of the time, but the inter vlan traffic did not.
Durring that time I switched to the Alta network types which worked great. I think that all Inter vlan traffic problems have been solved now. At least my Elgato Keylight is now back in the Iot vlan and works without any problems.
But I’m still using both variants. Devices that I want to be completely separated from the rest are going to the iot vlan. Guests, printers, Sonos and Google Audio are assigned to different network types via Alta Passes. This is simple and completely sufficient for my purposes. And I can easily give guests access to these devices.
I never faced problems with Alta Labs APs so far. I use pfSense as my router and Alta Labs ecosystem for Switches and APs.
I have multiple VLANs and I firewalled everything to have strict rules to be sure that only specific users/VLANs can talk to each other and only 1 way, not both ways.
VLANs:
I like to split devices with VLANs, that way I’m sure that my IoT is only on a specific VLAN and they don’t have access to other networks, etc. Guest vs Home vs IoT are 3 separate Wi-Fi SSIDs. I know I can use the same with different passwords, but I prefer having different SSIDs, Since I already configured everything before I installed Alta Labs APs.
Thanks for your feedback - so I assume you weren’t using any of the Network types available in the network box on devices connected via Wi-Fi as per the picture below and use Default or Standard / Small
The reason for the ask is partly out of curiosity to see what people with Firewalla units are doing (as mentioned previously I have seen a lot of the pictures people have posted of their setups have Firewalla Golds or Purple) and to see if People are in the main using standard VLAN segregation or if they are using the available classifications available as part of the Alta Labs solution.
I used to use OPNsense and all was good until a firmware issue about 6 months ago where I had issues with VLANs and as part of fault finding I flattened the network and worked with support to help resolve the issues I was encountering.
Thanks to the team as Alta these issues are behind me and having moved back to Firewalla from OPNsense (for various reasons) I was just wondering if to move back to a VLAN setup or continue classifying items via the Alta Labs Management Dashboard.
I only use the Default Standard/small network type so I can’t tell about the others. I prefer having granular rules on my firewall over a check box about the network type. This feature is very useful for someone who doesn’t have the full firewall features on their firewall/modem or to simplify access management.
I’m a security freak ahahah it is why I prefer having full control over my rules 
I use both. I have VLANs, but the VLANs are categorized using the Alta network types.
I use a Firewalla Gold with Alta Labs switches and APs. I tried using the wireless categories, but it created some problems for me. Setting up different VLANs and using the Standard category for each wireless network has worked well. I also have several wired devices on my network now, so I have to use VLANs to segment those.
