Firewalla is a networking device that sits in between your connected devices and the main router. By sitting in between, Firewalla is able to see and block all traffic going through your network. (Firewalla does not monitor your local traffic, only those traffic going to the internet)
Traditional Method (the old/complex method)
Traditionally to make such a thing happen, we will need to add an in-between device and another router.
Here the device M is inserted into the network after your main router. Since more devices are needed to connect, you will need either add another router2 or M has to have a build in router. Which means M is a lot more expensive.
Use Hacker Tools Against Hackers!
The traditional way of interception traffic is obviously an overkill for the consumer. Plus it is unlikely consumers will buy an extra router just for security ...
Hence, we start to explore 'other' ways to monitor and block traffic, given, we want things to be simple, and also keeping the consumer cost down
We were inspired by existing companies using 'hacker's method to make security better. Isn't that amazing? using 'their' tools against them! (We are not the first doing this, and will not take the credit for this inspiration)
So we started to innovate and turning some of the well-known hacker tools into 'good use'. See below.
Firewalla Simple Mode
To make life easier for consumers and at the same time making our solution affordable, we use the behavior of ARP protocol to route traffic virtually from connected devices to the Firewalla box.
Firewalla once started, will start to tell each of the connected devices that it is the router and tell everyone"please send all network traffic over". This essentially will virtually divert all live traffic to Firewalla to be monitored and managed.
Professionally, this method is called arp spoofing. A 'creative way' to do a man in the middle. In our case, the 'good' man is Firewalla. And we modified a few things to make this work better at home. (This method was an inspiration from another product on the market, we take no credit inventing this)
Since the ARP protocol to do this is supported differently on different routers, this mode may not be compatible with all routers. Please take a look at our compatibility http://firewalla.com/compatibility
If your router is on the list, please don't worry, we have you covered with another technology.
Pro:
- Simple to install, simple to use (that's why we call it simple mode)
- If anything goes wrong with Firewalla, your network will still be there
Con:
- May not compatible with all routers
- In certain situations, packets may 'leak' outside of Firewalla.
Firewalla DHCP mode:
The second model we support is the DHCP mode.
In this method, we have Firewalla create another network over the existing network. So if you have 10.0.0.x network on your main router, you will also see 192.168.218.x network from Firewalla.
The new 192.168.218.x network is statically overlayed on top of your home network's physical layer. You can statically point your devices to this Overlay network, or disable/modify the existing DHCP service on your main router and have the Firewalla serve DHCP request.
To enable this mode, please read "How to switch to DHCP mode" first, understand what are necessary steps.
Pro:
- All traffic will go through Firewalla.
- Double NAT
Con:
- Hard to set up, need to login to the router
- May need to reset a bunch of devices.
- Double NAT
Firewalla Limited Mode
In this mode, you simply turn off Firewalla monitoring. When this happens, Firewalla becomes a small network server.
Remember we talked about the 192.168.218.x network? it is still there! What you can do is to assign static IP addresses like 192.168.218.20 to your device (such as iPhone), make DNS point to 192.168.218.1
Now you have just secured one device.
We often use this mode to "check out" a particular device. Pretty good learning too.
Firewalla Enhanced (or Experimental) Simple Mode (beta)
If your router is compatible with simple mode, please DO NOT USE THIS. If you are good with DHCP mode, please do not use this.
Enhanced (Experimental) Simple Mode will enable more routers that weren't compatible with Simple mode. These tricks may or may not work, hence the "experimental simple mode". DHCP mode is still preferred.
Comments
4 comments
Thanks for this article. I've had my Red for about a week and was curious about DHCP mode. I am going to give it a try.
Can you please give more details about this "experimental simple mode"?
It seems to work and I had to use it with ASUS RT-AC88U running merlin firmware for firewalla to see some traffic...
The experimental simple mode is something we are experimenting trying to 'fix' some of the problems with simple mode. Primarily spoofing the wifi side and the ethernet at the same time, which causes some routers to lock up. The experimental simple mode will simply be trying to send packets through the same interface. It is kind of a 'trick', hence not documented well until we have more 'experiments done'
thx, FYI in my case, I had to use the experimental simple mode to find firewalla...
I am running an ASUS RT-AC88U(with merlin, wireless) +2 tp-link-switches in cascade + 3 tp-link M4 as Access Points.
I know that the AC88U is a bit odd with its wireless and switched ports...
Please sign in to leave a comment.