Products Firewalla Gold Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Blue Plus Firewalla Wi-Fi SD Product Comparison Product Reviews

Articles in this section

See more

How Does Firewalla Intercept Traffic? Which Firewalla Mode Should I Use?

Avatar
Support
  • Updated
Follow

Firewalla is a networking device that sits in between your connected devices and the main router. By sitting in between, Firewalla is able to see and control all traffic going through your network.

  • Firewalla does not monitor your local traffic (LAN to LAN); If you are using network segmentation, Firewalla will be able to filter traffic between your LAN networks.

There are four different modes that Firewalla supports to intercept network traffic. Monitoring mode can be changed via box main page -> monitoring -> mode

 Simple mode selection on the Firewalla main page   Simple Firewalla mode selection to filter internet traffic   Simple Firewalla mode selections includes Router, Bridge, Simple Mode, and more

There are advantages and disadvantages to each mode, please see the chart at the end

 

Firewalla Simple Mode

To make life easier for consumers and at the same time make our solution affordable, we use the behavior of ARP protocol (arp spoofing) to route traffic virtually from connected devices to the Firewalla box.

Firewalla simple mode uses the ARP protocol to route traffic virtually

Once started, Firewalla will tell each of the connected devices that it is the router and tell everyone, "please send all network traffic to me". This will virtually divert all live traffic to Firewalla to be monitored and managed.

Technically, this method is called ARP spoofing, a creative way to do man-in-the-middle. In our case, the "good" man is Firewalla, and we have modified a few things to make this work better at home. (This method was inspired by another product on the market, and we take no credit for inventing this.)

Since the ARP protocol is supported differently on different routers, this mode may not be compatible with all routers. Please take a look at our compatibility guide. If your router is not compatible, no worries, we have you covered with other modes. 

Pros:

  • Simple to install, simple to use (that's why we call it simple mode).
  • If anything goes wrong with Firewalla, your network will still be there.
  • No need to rewire or configure anything, true plug and play

Cons:

  • Not compatible with all routers.
  • In certain situations, packets may "leak" outside of Firewalla.

 

Firewalla DHCP Mode

Firewalla DHCP mode creates another network over the existing network

For Firewalla Red, Blue, Blue Plus, in the DHCP Mode, Firewalla creates another network over the existing network. So if you have a network on your main router, you will also see an overlay network from Firewalla.

This overlay network is created by Firewalla, and it is statically overlayed on top of your home network's physical layer. You can statically point your devices to this overlay network, or disable/modify the existing DHCP service on your main router and have the Firewalla serve DHCP requests.

To find out about your Firewalla's overlay network on the Firewalla app, tap Box Settings -> Advanced -> Network Settings -> Overlay Network. 

 

Note: Firewalla Gold and Firewalla Purple don't create another overlay network. It will use the same subnet as your original network so that you don't have to configure the IP range used for DHCP on Gold in order to keep your network unchanged.  Learn more about Gold in DHCP Mode

 

Pros:

  • All traffic will go through Firewalla.  
  • Double NAT

Cons:

  • Need to login to the router and disable the DHCP server
  • Double NAT

To enable this mode, please read "How to set up with DHCP mode". 

 

 

Firewalla Router Mode

This mode is unique to Firewalla Gold and Firewalla Purple. Here, Firewalla can act as your router/firewall/IPS/IDS inline to your network traffic. There are no compatibility issues in this mode.

Router mode is unique to Gold and Purple series boxes to work inline to your network traffic

  • When in router mode, Firewalla will also be able to segment network traffic using the extra ports and/or VLAN.
  • Router mode requires Firewalla to be in between two network elements, such as a modem and a wifi access point. 
  • This is the best mode to use for the Firewalla Gold and Firewalla Purple.

Pros:

  • Physically inline between LAN and WAN networks; High performance, gigabit rates.
  • Routing and security functions are handled by Firewalla, leaving Wi-Fi routers only focus on wifi.
  • The Gold operates the best in this mode.

Cons:

  • If you only have one single device as your modem + router + access point, it will not work for you. This mode requires Firewalla to be in between two network elements, such as a modem and a Wi-Fi access point.

Learn more about the Firewalla Router Mode.

 

Firewalla Transparent Bridge Mode 

This mode is unique to Firewalla Gold and Firewalla Purple. Here, Firewalla can be placed in between your router and access points/switch and act as your firewall/IPS/IDS inline to your network traffic. There are no compatibility issues in this mode.

Firewalla Gold and Purple series boxes placed between your router and access points to act as your firewalla/IPS/IDS inline to your network traffic

Pros:

  • Physically inline between your existing router and switch (or access point)
  • Preserve existing network assignments from your router
  • LAN devices are not aware of the bridge
  • A good transition mode without removing the existing router

Cons:

  • Features include "Route", "Smart Queue", "VPN Client" will not work.
  • This mode is very specific to certain network topologies.  

Learn more on the transparent bridge mode here.

 

Which Mode To Use 

We made this chart which ranks the different modes in terms of installation, compatibility, and performance.  

 

Why support different modes?

  • Not all networks are the same
  • Not everyone has the same requirements
  • For example, the simple mode is the most simple way to install, but its performance is ranked the least of the 3 modes.   This mode is not compatible with all routers. (https://firewalla.com/compatibility)
  • Router mode is compatible with pretty much anything, but it will require you to physically replace your existing router.   And it is the best performing model.  This mode is recommended for the Gold and Purple.

Note: the performance difference usually is not detectable during bandwidth tests.

  Simple Mode DHCP Mode Router Mode Bridge Mode
Firewalla Red Yes Yes     
Firewalla Blue/ Blue Plus Yes Yes    
Firewalla Gold Yes Yes Yes Yes
Firewalla Purple Yes Yes Yes Yes
         
Requires wiring change  No No Yes (replace your router) Yes (place it between two networks)
Simple Install (ranking) #1 #2 #4 #3
Compatibility (ranking) #3 #2 #1  #1
Performance  (ranking) #3 #2 #1 #1
Preserving Routing Yes No No Yes
Transparency No No No Yes
         
VPN Client Overlay Only Yes Yes No
IPv6 Monitoring Yes No Yes  Yes
Route Functions No No Yes No
Smart Queue No No Yes No
MultiWAN No No Yes No

 

 

If you want to see the difference between the different products, please see this.

 

Other Modes

Firewalla Experimental Simple Mode (beta)

DO NOT USE THIS IF:

  • Your router is compatible with Simple Mode.
  • You are good with DHCP mode.

Experimental Simple Mode will enable more routers that weren't compatible with Simple mode. These tricks may or may not work, hence the "experimental simple mode".  DHCP mode is still preferred. 

 

Firewalla Limited Mode (Red/Blue/Blue+)

In this mode, Firewalla simply turns off monitoring and becomes a small network server.

Remember we talked about the overlay network? It is still there! What you can do is, to assign static IP addresses like in the overlay network to your device (such as iPhone), and make DNS point to Firewalla's Gateway. Now you have just secured one device.   

We often use this mode to "check out" a particular device. Pretty good learning too. 

 

 

Related articles

Comments

0 comments

Article is closed for comments.