CUJO vs. The FIREFX Network Guardian: What You Need To Know

Over the last few weeks, several of our dealers have been asking us to lay out a direct comparison of the CUJO security appliance vs. our Network Guardian. In the Army, we have an acronym I love to use. "Give me the BLUF" (Bottom Line Up Front). When time is of the essence, this is really the best way to communicate important ideas and information. We know you do not have much time to waste, so here is the BLUF on the CUJO vs. FIREFX Network Guardian in a head to head comparison.

In this comparison we will reference CUJO's stated specs and two independant CUJO product reviews which we will link to for your benefiet.

First off, we will show a side by side comparison of specifications and features.


Direct comparison of CUJO and FIREFX Network Guardian hardware

Direct comparison of CUJO and FIREFX Network Guardian hardware


So as you can see, the Network Guardian has twice the number of processor cores at twice the speed of the CUJO. Also, with four times the RAM which is why we performed at over double the tested throughput at full protection. The Network Guardian also has double the Ethernet ports available, allowing for separating traffic through VLANs for greater security. In the Army we have another saying we use when we are in the field... "Two is one and one is none", or in Texas we would also say the "Bigger is better". We design all of our products with this in mind, over-engineering for today so our product will continue to perform under the demands of tomorrow.

In addition tot these hardware drawbacks, CUJO requires a seperate firewall/router to be installed in front of it as described in the Small Net Builder review.

"In home networks with only a single network device, usually a Wi-Fi router connected to the Internet, this can be challenging. The CUJO firewall does not connect directly to the Internet; it needs a router in front of it."


Cujo Feature Compare.JPG

That's nice, but what does all this mean to me? Here is a breakdown of the feature differences.

  1. Protects more than 50 devices: While 50 devices seems like a lot today, we need to be building a network for the future. As clients continue to add BYOD (Bring Your Own Device) products to our networks, and more devices become TCP/IP compliant/dependent, that number of 50 will become an issue. Because of our superior hardware standards, the network Guardian can easily support numbers of devices in the high hundreds to low thousands.
  2. VPN Server: Bottom line, you need a VPN server for you to remote access all of your client sites and your clients need it to access all of thier sites/applications securely. The days of port forwarding devices through the firewall must end. The Network Guardian comes with a pre-configured VPN server complete with two factor authentication and user accounts. Just change your user password, export a certificate, and begin secured connections!
  3. Parental controls: Through VLAN separation, the Network Guardian allows for secure parental control (i.e. blocking content and scheduling access times). During setup, our remote technicians can log in and help you configure this as desired.
  4. IPSEC tunneling: The FIREFX Network Guardian is a real, enterprise grade firewall/router capable of advanced configurations such as IPSEC static tunneling between sites (i.e. office and home)
  5. Remote access dealer support: As part of your support, FIREFX network engineers act as your digital concierge assisting in tire one support and basic configurations during and after setup.
  6. GeoBlocking: The FIREFX Network Guardian blocks all unsolicited connection attempts from outside the US by default. Dropping these packets without inspecting them based on their origination greatly reduces load on the firewall and limits DOS attack effectiveness on your networks.
  7. Customizable ProAV Command & Control rule sets: In our industry, we have a lot of automated traffic that the typical home network does not see. Much of this traffic can be misconstrued as malicious traffic and is often blocked by a typical IDPS (Intrusion Detection Prevention System). The FIREFX Network Guardian comes with a custom set of ProAV rules and can be modified for new custom rules as needed by the integrator or with the assistance of our digital concierge support.
  8. Anti-Virus & Anti-Malware: While cloud-based anti-virus and ant-malware is a good edition to network security, it is not the end all and be all. As the Tech Radar review states "Despite some overblown claims on the CUJO website, the device can't replace your antivirus, and you'll probably need to keep the same security software you're using now." We could not agree more. As for devices that do not run anti-virus or anti-malware software such as printers, TVs, light bulbs, etc. We have built a special "protected" IoT VLAN just for them which is designed to prevent the malicious code from ever infecting them.
  9. VLAN separation with IDPS protection: The FIREFX Network Guardian uses Enterprise level security based in VLAN separation with IDPS protection both through the firewall and behind it. We know from experience that most hacks originate behind the firewall on a compromised PC, tablet, or smartphone. By separating and protecting that traffic from all of your security, control, environmental, media, and lighting systems, you can confidently contain any security breaches that may happen to those end user deices.
  10. Separate WiFi VLAN protection schemes: By offering multiple WiFi SSIDs associated with protected VLANS, you can split your IoT devices from your home users, restricted guest users, and protected kids' wireless traffic. The network Guardian comes pre-configured with an IoT VLAN, guest, home user, and kids protected VLN pre-configured.
  11. 24/7 status remote monitoring: FIREFX can monitor the status of all active firewall remotely and does so as part of our standard support package. This can assist you in your troubleshooting any issues in the field.
  12. Recurring revenue plan for dealers: FIREFX helps dealers set up a recurring revenue plan around network security which is a real pain point and value add to both the customer and the dealer.
  13. Generous margins on MSRP: The Network Guardian is a professional grade enterprise class product designed specifically for the ProAV market. We offer generous margins on wholesale for a quality product with excellent support.
  14. MSRP pricing not made public: You won't find FIREFX products listed on Amazon, New Egg, CDW or other dealer sites. This prevents end users from shopping your cost.
  15. Designed and supported by military trained cyber-security experts and ProAV techs: The Network Guardian is the only network security appliance designed by people from the ProAV marketplace with military cyber-security training. The result is a professional security appliance tailored to the environments you work in. 
  16. Pre-configured for rapid and easy setup: We know that time=money in business. That is why we pre-configure the Network Guardian to work right out of the box. Pre-configured features such as multiple VLANs, an active IDPS system, secure DNS, GeoBlocking, Firewall rules, DHCP servers, and a VPN server are among our many pre-configured settings.

To be fair, the CUJO is a very good idea. But in reality, network security is not as simple as plugging in a device and walking away. The CUJO appliance is probably good for a technical DIY install on a small network. For the ProAV market, the CUJO is not a good fit.

Here are the links to the two independent reviews of CUJO.

Small Net Builder

Tech Radar

Interested in becoming a dealer and finding out more? Follow this link now!

FIREFX Dealer Quick Application

Two additional CEDIA CEU "IoT Network Security" Classes offered in March

FIREFX is offering a course scheduled in Vancouver, BC on Thursday the 23rd of March and have added an additional on-line class on Wednesday the 29th of March.

These courses are being offered this month by US Army trained Network Engineers from FIREFX. These engineers are graduates of the US Army Cyber-College, are "Security +" Certified, and have a great deal of experience securing Top Secret networks and utilizing proven tools, tactics & techniques to deploy Enterprise network security in a variety of environments. Join them as they explore the challenges presented by IoT devices in the smart home and business environments and solutions to counter these challenges.

 On Wednesday, 3/19/17 FIREFX will host a free online course (CEUP661 “Basics of Securing IoT Networks for the Home and Business” worth .75 CEUs. The class starts at 1:30 PM CST and you can email to request a seat.

 Seating is limited for this on-line course to 25 seats.

On Thursday, 3/23/17, the same free class will be offered in person in Vancouver, BC at the Westin Wall Centre for the Stampede “Big Book of AV Tour” at 1:30PM PST.


 Seating is limited for this event to 35 seats.

 No further courses are currently scheduled this month.

About This Course

 Basic Security: This is a basic security course. You will not be an IoT security expert at the completion of this course. What you will be able to do upon passing this course is the following.

  • Define what an IoT device is
  • Identify security threats introduced to networks by IoT devices
  • Understand the anatomy of a network hack
  • Identify potential exploitable vulnerabilities in network designs
  • Identify best practices for securing networks with IoT devices, including
    • Geo-Blocking
    • VLAN Separation
    • Intrusion Detection/Prevention System (IDPS)
    • Distributed Denial Of Service (DDOS) Protection
    • Proper VPN Use

This course is approximately 1.5 hours long and includes an open Q&A session and written exam. Successful completion of the course and passing in the exam (70%) will earn you a certificate and .75 CEUs.

On-Line INSTRUCTOR: Josh Van Gulden – Cyber-Security Architect FIREFX (CW3 RET TXARNG)