So I had a bit of a monkey-wrench thrown at me earlier this week. On Wednesday,
my home firewall decided to (quite suddenly) die on me about 15 minutes
before my wife (who, like me, works from home) was about to login to attend a
business meeting. Isn't that always the way?
Now the thing is, I only just installed this new firewall about six weeks
ago, so I was more than a little miffed that the thing went and gave up the
ghost already. But luckily, I still had my old firewall in the closet with an
only slightly older version of OPNsense and a
slightly older config. I also had a backup of the current config that was only
a week old. Recovery was a relatively quick and simple effort of digging out
the old firewall, plugging it in, updating the firmware, and restoring my backup
config. About 40 minutes or so, and at least ten minutes of that was dealing with
a tangle of power cables.
At this point, you might guess that this post will be a rant about how crappy
my new firewall was, and how the company sucks, and how you should never, ever
buy their garbage product. But you'd be wrong. I come not to bury the vendor,
but to praise them.
Six weeks ago, I bought a Protectli
Vault. Specifically, the FW2B—a
fanless, two-port mini-PC designed to run open source firewall platforms
such as OPNsense and pfsense. I bought
a barebones model from Amazon (because I already had compatible memory and mSATA
disks on hand). And since I already ran OPNsense on my existing mini-PC firewall
(a Shuttle DH310), the
replacement involved simply installing my components into the FW2B, installing
OPNsense, restoring my existing config, and swapping hardware. Less than an hour
[Side note: the only real issue I had with the Shuttle box was the fan noise,
which over the years has gotten louder, and a little grindy due to worn bearings.
I could have probably just swapped the fan but it would have been more trouble,
and the box is really overkill for my firewall needs. Plus, the FW2B uses less
power and produces less waste heat, so there were other advantages to the
Getting back to Wednesday's failure, once I had the old firewall in place I
began to do some diagnostics on the FW2B and found that I had a complete failure
of one of the two onboard NICs, as well as an intermittent problem where the
device would occasionally lock up on boot. After I determined the problem wasn't
being caused by either the memory or disk (i.e., my components), I opened a
support ticket with Protectli to start an RMA and get a replacement for the failed device.
Here's where things get good. I submitted a ticket with all of the troubleshooting
info I had gathered, a screenshot of my order on Amazon, the serial number of
the device, and a request for hardware replacement. Now, keep in mind that I
didn't buy this unit directly from Protectli's online store, and that I had no
support contract of any kind. Given my prior experience with consumer electronics
companies, I expected a few things:
- A long delay in response, if I got a response at all.
- A ton of questions, back and forth communication, and pointless instructions
to perform troubleshooting I had already done and documented.
- A lot of hassle and runaround.
In fact, I pretty much considered the US$230 I'd spent on the device to be a
loss, and I'd already written it off.
So you can imagine my surprise when less than 15 minutes later
I received a response asking a single question:
What's your shipping address?
That's right. This company—who didn't know me from Adam—responded to my
ticket in less time than it takes to get a pizza delivered. And without giving me
the runaround or demanding any kind of payment information first, they bench-tested
a replacement unit and shipped it out to me same day.
In addition, the communications from the support engineer
were not only professional, but were also personable, friendly, and
conveyed in clear, understandable English. (Shout-out to Skip Star. You're awesome, dude.)
I received a (AFAICT) NIB replacement unit yesterday (Saturday)
along with a prepaid return label to send back the failed device at my
There are multibillion dollar enterprise technology companies from whom I
have received much poorer RMA service (sup, Cisco...
how you been?).
Look, hardware is a commodity. Sure, my device failed. It's an SBC made in
China, like practically every other consumer electronics product on the market
today. A non-zero failure rate is more or less expected. What matters to me is
how the vendor handles those failures, and Protectli took care of me. So unless
that company starts e.g., chucking kittens into a woodchipper live on Youtube,
they just earned a customer for life. In fact, I already
ordered a second firewall on Wednesday to keep as a shelf spare (knowing that
hardware does fail, and if it's critical, you should have a backup). The device
is sitting on my desk right now, awaiting OS load and a configuration restore.
I don't give endorsements often, but I can wholeheartedly say this: if you're
in the market for a SOHO firewall, and specifically an OPNsense or pfsense device,
you owe it to yourself to at least consider buying a Protectli Vault. The hardware
may not be perfect (realistically, no hardware is), but at least the vendor will
have your back if and when things go sideways. I'm very happy with my own firewall,
and I have been nothing but impressed with the level of support I've received
from the company behind it.