When setting up Firewalla VPN Server, If your Firewalla is running in router mode and has a public IP address), or if Firewalla's upstream router has UPnP enabled (as most routers do), Firewalla will do everything for you. If your upstream router doesn't support UPnP, you will need to manually set up port forwarding on your home router.
By default, Firewalla uses UDP port 1194 for OpenVPN, and 51820 for WireGuard VPN. Basically, you need to map your upstream router's public port to Firewalla's local port.
If you have double NAT and looking for instructions on how to configure port forwarding on the second router, just replace the IP address of your firewalla box in step 2 with the IP address of your first router, the rest of the instruction is the same.
On the VPN Server's Setup page, if port forwarding is required, Firewalla will detect it and show a "Need Manual Setup" link, you can tap on the link and follow the instructions to set it up.
Below are the steps explained in detail:
Step 1: Get the IP Address of your Firewalla Box
Normally, if your Firewalla is using a single WAN setup, on Firewalla's main page, tap on the gear button on the top right, then look at the IP address field, and write it down. (This is the IP address of your firewalla box.)
If you are using a Dual-WAN setup, in order to make both WANs work properly, you may need to set up port forwarding on both of your upstream routers.
On the Firewalla mainscreen, tap Network Manager, tap on the WAN connections, and write down their IP Address.
Step 2: Set up the Port Mapping on your Router.
We are taking Apple AirPort as an example here. (Apple should just work, in case it doesn't, here are the manual steps)
For other brands of routers, we recommend checking out this website for detailed instructions. If your router is not listed and you have trouble to setup port mapping, please email us: firstname.lastname@example.org
On AirPort Utility, select the base station > Edit > Network tab:
- Click the "+" (Add) button under Port Settings or Port Mappings.
- Description: <enter: Firewalla VPN>
- Public UDP Ports: <enter 1194>
- Public TCP Ports: <leave blank>
- Private IP Address: <enter the IP address from Step 1)>
- Private UDP Ports: <enter 1194>
- Private TCP Ports: <leave blank>
- Click "Save"
- Click "Update"