Firewalla is a networking device that sits in between your connected devices and the main router. By sitting in between, Firewalla is able to see and block all traffic going through your network. (Firewalla does not monitor your local traffic, only those traffic going to the internet)
Traditional Method (the old/complex method)
Traditionally to make such a thing happen, we will need to add an in-between device and another router.
Here the device M is inserted into the network after your main router. Since more devices are needed to connect, you will need either add another router2 or M has to have a build in router. Which means M is a lot more expensive.
Use Hacker Tools Against Hackers!
The traditional way of interception traffic is obviously an overkill for the consumer. Plus it is unlikely consumers will buy an extra router just for security ...
Hence, we start to explore 'other' ways to monitor and block traffic, given, we want things to be simple, and also keeping the consumer cost down
We were inspired by existing companies using 'hacker's method to make security better. Isn't that amazing? using 'their' tools against them! (We are not the first doing this, and will not take the credit for this inspiration)
So we started to innovate and turning some of the well-known hacker tools into 'good use'. See below.
Firewalla Simple Mode
To make life easier for consumers and at the same time making our solution affordable, we use the behavior of ARP protocol to route traffic virtually from connected devices to the Firewalla box.
Firewalla once started, will start to tell each of the connected devices that it is the router and tell everyone"please send all network traffic over". This essentially will virtually divert all live traffic to Firewalla to be monitored and managed.
Professionally, this method is called arp spoofing. A 'creative way' to do a man in the middle. In our case, the 'good' man is Firewalla. And we modified a few things to make this work better at home. (This method was an inspiration from another product on the market, we take no credit inventing this)
Since the ARP protocol to do this is supported differently on different routers, this mode may not be compatible with all routers. Please take a look at our compatibility http://firewalla.com/compatibility
If your router is on the list, please don't worry, we have you covered with another technology.
Pro:
- Simple to install, simple to use (that's why we call it simple mode)
- If anything goes wrong with Firewalla, your network will still be there
Con:
- May not compatible with all routers
- In certain situations, packets may 'leak' outside of Firewalla.
Firewalla DHCP mode:
The second model we support is the DHCP mode.
In this method, we have Firewalla create another network over the existing network. So if you have 10.0.0.x network on your main router, you will also see 192.168.218.x network from Firewalla.
The new 192.168.218.x network is statically overlayed on top of your home network's physical layer. You can statically point your devices to this Overlay network, or disable/modify the existing DHCP service on your main router and have the Firewalla serve DHCP request.
To enable this mode, please read "How to switch to DHCP mode" first, understand what are necessary steps.
Pro:
- All traffic will go through Firewalla.
- Double NAT
Con:
- Hard to set up, need to login to the router
- May need to reset a bunch of devices.
- Double NAT
Firewalla Limited Mode
In this mode, you simply turn off Firewalla monitoring. When this happens, Firewalla becomes a small network server.
Remember we talked about the 192.168.218.x network? it is still there! What you can do is to assign static IP addresses like 192.168.218.20 to your device (such as iPhone), make DNS point to 192.168.218.1
Now you have just secured one device.
We often use this mode to "check out" a particular device. Pretty good learning too.
Firewalla Enhanced (or Experimental) Simple Mode (beta)
If your router is compatible with simple mode, please DO NOT USE THIS. If you are good with DHCP mode, please do not use this.
Enhanced (Experimental) Simple Mode will enable more routers that weren't compatible with Simple mode. These tricks may or may not work, hence the "experimental simple mode". DHCP mode is still preferred.
Comments
1 comment
Thanks for this article. I've had my Red for about a week and was curious about DHCP mode. I am going to give it a try.
Please sign in to leave a comment.