personal netspace

Notes ❯ Sun 2023-08-13 19:10

So I had a bit of a monkey-wrench thrown at me earlier this week. On Wednesday, my home firewall decided to (quite suddenly) die on me about 15 minutes before my wife (who, like me, works from home) was about to login to attend a business meeting. Isn't that always the way?

Now the thing is, I only just installed this new firewall about six weeks ago, so I was more than a little miffed that the thing went and gave up the ghost already. But luckily, I still had my old firewall in the closet with an only slightly older version of OPNsense and a slightly older config. I also had a backup of the current config that was only a week old. Recovery was a relatively quick and simple effort of digging out the old firewall, plugging it in, updating the firmware, and restoring my backup config. About 40 minutes or so, and at least ten minutes of that was dealing with a tangle of power cables.

At this point, you might guess that this post will be a rant about how crappy my new firewall was, and how the company sucks, and how you should never, ever buy their garbage product. But you'd be wrong. I come not to bury the vendor, but to praise them.

Six weeks ago, I bought a Protectli Vault. Specifically, the FW2B—a fanless, two-port mini-PC designed to run open source firewall platforms such as OPNsense and pfsense. I bought a barebones model from Amazon (because I already had compatible memory and mSATA disks on hand). And since I already ran OPNsense on my existing mini-PC firewall (a Shuttle DH310), the replacement involved simply installing my components into the FW2B, installing OPNsense, restoring my existing config, and swapping hardware. Less than an hour of work.

[Side note: the only real issue I had with the Shuttle box was the fan noise, which over the years has gotten louder, and a little grindy due to worn bearings. I could have probably just swapped the fan but it would have been more trouble, and the box is really overkill for my firewall needs. Plus, the FW2B uses less power and produces less waste heat, so there were other advantages to the replacement.]

Getting back to Wednesday's failure, once I had the old firewall in place I began to do some diagnostics on the FW2B and found that I had a complete failure of one of the two onboard NICs, as well as an intermittent problem where the device would occasionally lock up on boot. After I determined the problem wasn't being caused by either the memory or disk (i.e., my components), I opened a support ticket with Protectli to start an RMA and get a replacement for the failed device.

Here's where things get good. I submitted a ticket with all of the troubleshooting info I had gathered, a screenshot of my order on Amazon, the serial number of the device, and a request for hardware replacement. Now, keep in mind that I didn't buy this unit directly from Protectli's online store, and that I had no support contract of any kind. Given my prior experience with consumer electronics companies, I expected a few things:

  1. A long delay in response, if I got a response at all.
  2. A ton of questions, back and forth communication, and pointless instructions to perform troubleshooting I had already done and documented.
  3. A lot of hassle and runaround.

In fact, I pretty much considered the US$230 I'd spent on the device to be a loss, and I'd already written it off.

So you can imagine my surprise when less than 15 minutes later I received a response asking a single question:

What's your shipping address?

That's right. This company—who didn't know me from Adam—responded to my ticket in less time than it takes to get a pizza delivered. And without giving me the runaround or demanding any kind of payment information first, they bench-tested a replacement unit and shipped it out to me same day. In addition, the communications from the support engineer were not only professional, but were also personable, friendly, and conveyed in clear, understandable English. (Shout-out to Skip Star. You're awesome, dude.) I received a (AFAICT) NIB replacement unit yesterday (Saturday) along with a prepaid return label to send back the failed device at my convenience.

There are multibillion dollar enterprise technology companies from whom I have received much poorer RMA service (sup, Cisco... how you been?).

Look, hardware is a commodity. Sure, my device failed. It's an SBC made in China, like practically every other consumer electronics product on the market today. A non-zero failure rate is more or less expected. What matters to me is how the vendor handles those failures, and Protectli took care of me. So unless that company starts e.g., chucking kittens into a woodchipper live on Youtube, they just earned a customer for life. In fact, I already ordered a second firewall on Wednesday to keep as a shelf spare (knowing that hardware does fail, and if it's critical, you should have a backup). The device is sitting on my desk right now, awaiting OS load and a configuration restore.

I don't give endorsements often, but I can wholeheartedly say this: if you're in the market for a SOHO firewall, and specifically an OPNsense or pfsense device, you owe it to yourself to at least consider buying a Protectli Vault. The hardware may not be perfect (realistically, no hardware is), but at least the vendor will have your back if and when things go sideways. I'm very happy with my own firewall, and I have been nothing but impressed with the level of support I've received from the company behind it.