Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Articles in this section

See more

How Does Firewalla Intercept Traffic? Which Firewalla Mode Should I Use?

Avatar
Support
  • Updated
Follow

Firewalla is a networking device that sits between your connected devices and the main router. By sitting in between, Firewalla is able to see and control all traffic going through your network.

  • Firewalla does not monitor your local traffic (LAN to LAN) unless you get the Firewalla AP7. If you're using network segmentation, Firewalla can filter traffic between your LAN networks.

Firewalla Gold (SE/Plus/Pro), Firewalla Purple (SE), and Firewalla Orange work best in Router Mode (replacing your existing router). If you can not replace your existing router, Bridge Mode will also work.

There are two different monitoring modes that Firewalla supports to intercept network traffic. Your box's monitoring mode can be changed by tapping More on your box's main page -> Mode.

NewMonitoring.png

There are advantages and disadvantages to each mode. Please see the chart at the end of this article for a full comparison.

 

Firewalla Router Mode

Here, Firewalla can act as your router/firewall/IPS/IDS inline to your network traffic. There are no compatibility issues in this mode.

Router mode is unique to Gold and Purple series boxes to work inline to your network traffic

  • When in router mode, Firewalla will also be able to segment network traffic using the extra ports and/or VLANs.
  • Router mode requires Firewalla to be between two network elements, such as a modem and a wifi access point. 

Pros:

  • Physically inline between LAN and WAN networks; High performance, gigabit rates.
  • Routing and security functions are handled by Firewalla, leaving Wi-Fi routers to focus only on wifi.
  • Gold, Purple, and Orange operate best in this mode.

Cons:

  • If you only have one single device as your modem + router + access point, it will not work for you. This mode requires Firewalla to be between two network elements, such as a modem and a Wi-Fi access point.

Learn more about the Firewalla Router Mode.

 

 

Firewalla Transparent Bridge Mode 

Here, Firewalla can be placed in between your router and access points/switch and act as your firewall/IPS/IDS inline to your network traffic. There are no compatibility issues in this mode.

Firewalla Gold and Purple series boxes placed between your router and access points to act as your firewalla/IPS/IDS inline to your network traffic

Pros:

  • Physically inline between your existing router and switch (or access point)
  • Preserve existing network assignments from your router
  • LAN devices are not aware of the bridge
  • A good transition mode without removing the existing router

Cons:

  • Features such as "Route", "Smart Queue", and "VPN Client" will not work.
  • This mode is very specific to certain network topologies.
  • Supported on Gold, Purple, and Orange.

Learn more about the transparent bridge mode here.

 

LEGACY MODES, No Longer Supported

  • Simple Mode +legacy.png: plug-and-play mode, no need to change the wiring.
  • DHCP Mode +legacy.png: plug-and-play mode, only need to disable your upstream router's DHCP server.

Please note that support for Simple Mode may be reduced soon due to increasing compatibility issues with Android 14. We highly recommend using Bridge or Router Mode.

 

Firewalla Simple Mode +legacy.png

To make life easier for consumers and, at the same time, make our solution affordable, we use the behavior of ARP protocol (ARP spoofing) to route traffic virtually from connected devices to the Firewalla box.

Firewalla simple mode uses the ARP protocol to route traffic virtually

Once started, Firewalla will tell each of the connected devices that it is the router and tell everyone, "Please send all network traffic to me". This will virtually divert all live traffic to Firewalla to be monitored and managed.

Technically, this method is called ARP spoofing, a creative way to do man-in-the-middle. In our case, the "good" man is Firewalla, and we have modified a few things to make this work better at home. (This method was inspired by another product on the market, and we take no credit for inventing this.)

Since the ARP protocol is supported differently on different routers, this mode may not be compatible with all routers. Please take a look at our compatibility guide. If your router is not compatible, no worries, we have you covered with other modes. 

Pros:

  • Simple to install, simple to use (that's why we call it Simple Mode).
  • If anything goes wrong with Firewalla, your network will still be there.
  • No need to rewire or configure anything, true plug-and-play

Cons:

  • Not compatible with all routers.
  • In certain situations, packets may "leak" outside of Firewalla.

 

Firewalla DHCP Mode +legacy.png

 

Firewalla DHCP mode creates another network over the existing network

For Firewalla Red, Blue, Blue Plus, in the DHCP Mode, Firewalla creates another network over the existing network. So if you have a network on your main router, you will also see an overlay network from Firewalla.

This overlay network is created by Firewalla, and it is statically overlayed on top of your home network's physical layer. You can statically point your devices to this overlay network, or disable/modify the existing DHCP service on your main router and have the Firewalla serve DHCP requests.

To find out about your Firewalla's overlay network on the Firewalla app, tap Box Settings -> Advanced -> Network Settings -> Overlay Network. 

 

Note: Firewalla Gold and Firewalla Purple don't create another overlay network. It will use the same subnet as your original network so that you don't have to configure the IP range used for DHCP on Gold in order to keep your network unchanged. Learn more about Gold in DHCP Mode

 

Pros:

  • All traffic will go through Firewalla.
  • Double NAT

Cons:

  • Need to login to the router and disable the DHCP server
  • Double NAT

To enable this mode, please read "How to set up with DHCP mode". 

 

If you want to see the difference between the different products, please see this.

 

Other Modes

Firewalla Experimental Simple Mode +legacy.png

DO NOT USE THIS IF:

  • Your router is compatible with Simple Mode.
  • You are good with DHCP mode.

Please note that support for Experimental Simple Mode may be reduced soon. We highly recommend using Bridge or Router Mode. Experimental Simple Mode enables more routers that aren't compatible with Simple Mode. These tricks may or may not work, hence the "experimental simple mode". DHCP mode is still preferred. 

 

Firewalla Limited Mode (Red/Blue/Blue+)

In this mode, Firewalla simply turns off monitoring and becomes a small network server.

Remember we talked about the overlay network? It is still there! What you can do is, to assign static IP addresses like in the overlay network to your device (such as iPhone), and make DNS point to Firewalla's Gateway. Now you have just secured one device.

We often use this mode to "check out" a particular device. Pretty good learning too. 

 

 

Related articles

Comments

0 comments

Article is closed for comments.