When I contacted GlobalScale (several months ago) and asked if the WAN and LAN ports were bridged, they replied that they are.
BUT!
It seems it’s possible to configure the Topaz switch by software and that uboot can disable/enable the ports.
As far as I can see on the schematic, each Gbit port is connected individually to the Topaz switch and there’s no real difference on the ports; one may be labelled “WAN” but I’m pretty sure that you in theory could pick any of the ports for “WAN” (even two or all 3).
Thus in order to build a router/firewall, you definitely want to have the WAN and LAN separated (eg. by switching off the WAN in uboot until the router software turns it on).
-It’s not 100% secure, but at least the ports are separated quickly after a reboot and it’s not likely that much traffic will get through during that time.
However, should uboot fail before disabling the WAN, then there would be a serious security problem.
An alternative I’m much interested in, is to add a separate Gbit Ethernet port (for the WAN) via USB3.0. This particular device has been tested with Armbian (see the download page for details on builds it works with).
I’ve also seen a similar interface from ugreen, which includes a USB3.0 hub – just a few dollars extra and using the same IC, so I think it’s a fairly safe bet. I cannot promise that it would work, but my guess is that it’s likely it will.
