Firewalla App version 1.54 is available on both Android and iOS.
Some of the new features require box version 1.976 or above. This version is available on Firewalla Gold, Purple, Purple SE, and Blue Plus.
New Features
- Smart Queue Adaptive Mode
- Specify WAN and IP Type for DDNS and VPN Server (IPv6 VPN and DDNS support)
- Mute Alarms Matching Target Lists
- On-Demand Network Diagnostics
- Filter Flows by Category
- Devices View Options
- Renew DHCP Lease
- Special Early Access Feature: CAKE
- Firewalla MSP VPN Mesh Support
1. Smart Queue Adaptive Mode (Requires Box 1.976)
Smart Queue Adaptive Mode Video Tutorial
Firewalla's Smart Queue helps you "smooth out" the traffic on your network by making all the flows "fair." In this release, we've introduced a new Smart Queue mode called "Adaptive." In contrast to the existing "Static" Mode, the algorithm behind Smart Queue Adaptive Mode can adjust based on your Internet Bandwidth. Adaptive Mode reduces/conserves CPU usage for high-speed networks when not congested.
If you haven't provided your Internet Bandwidth, the app will ask for it before enabling Smart Queue Adaptive Mode. The Internet Bandwidth can also provide a baseline for measuring your Internet speed. You can go to Network Performance -> Internet Speed to change it if your bandwidth is updated.
2. Specify WAN and IP Type for DDNS and VPN Server (Requires Box 1.976)
Specify WAN and IP Type for DDNS and VPN Server Video Tutorial
(This feature is helpful if you want to run VPN Server if you have an IPv6 address and do not have a public IPv4 address. You can use IPv6 to connect back to your VPN Server at home.)
When using Firewalla's VPN Server or DDNS feature, Firewalla automatically picks up your primary WAN (if you have a dual-WAN setup) and IP type (preferably IPv4) to establish the connection. We now support manually specifying the WAN interface and IP type. For example, if you use CGNAT as your primary WAN, which doesn't support port forwarding, you can set the WAN Interface for DDNS and your VPN server to your backup WAN or change the IP type to IPv6 Only. You may specify an IP address if you have multiple static IPs on the same WAN.
3. Mute Alarms Matching Target Lists
Mute Alarms Matching Target Lists Video Tutorial
A Target List is a set of targets defined by domain (exact or all subdomains) or IP (exact or a range), which can be used as a building block to create rules or prioritize a group of targets. This new release allows you to mute alarms by selecting a Target List.
For example, if you want to mute alarms from a list of IPs used by Ring services but don't want to create mute settings for each IP individually, you can now create a target list of those IPs, then go to Alarms -> Alarm Settings -> Abnormal Upload -> Mute -> Add Target List, select the Target List you created, and apply it to your Ring devices.
To learn more about creating a Target List, refer to this guide.
4. On-Demand Network Diagnostics
On-Demand Network Diagnostics Video Tutorial
When Firewalla detects that your box has been disconnected from the Internet, the app will show a banner and allow you to run Network Diagnostics. This tool can run a series of tests and tell you which part of the connection is disturbed.
In this release, we've supported on-demand network diagnostics. This allows you to diagnose the connection anytime, even when Firewalla is not reporting connection errors.
5. Filter Flows by Category (Requires Box 1.976)
Filter Flows by Category Video Tutorial
Firewalla's Network Flows provide comprehensive insight into your devices' activities. However, seeing every traffic flow listed over a very long period may feel like too much detail. In this release, we've provided simple filtering for Network Flows so that you can sort activity history by a set of common categories: Gaming, Social, Video, Porn, and VPN.
To filter your flows by category, navigate to the Network Flows or Blocked Flows for all devices, a network, a group, or a specific device. Tap one of the buttons on top of the flows list to filter the flows. Tap the button again to remove the filter.
6. Devices View Options (Requires Box 1.976)
Devices View Options Video Tutorial
In this release, we've added some new view options to make finding Devices with Reserved IPs and Past Devices easier.
Devices with Reserved IP: Like any other router, Firewalla allows you to reserve IP addresses for devices. In response to requests from our community, we've added a small pin to indicate reserved IPs on the Devices list. Furthermore, if you tap the "sort" icon in the top right corner of the devices list, then tap Show Devices with Reserved IP, you will find all devices with reserved IPs listed together.
Past Devices: To prevent too many devices from appearing on your box, Firewalla automatically hides devices that have been offline for more than seven days. With this release, you can reveal all the hidden devices by tapping the "sort" icon in the top right corner of the devices list and turning on Show Past Devices. From there, you can then update their settings and rules, migrate them to another box, or delete them from your box completely. Your Past Devices will appear at the bottom of your devices list.
7. Renew DHCP Lease (Requires Box 1.976)
Renew DHCP Lease Video Tutorial
For WAN Connections using DHCP, Firewalla now supports renewing DHCP lease info manually. In the app, go to Network Manager -> WAN Connection -> DHCP Lease Info, tap Renew DHCP Lease, and the DHCP lease info will be renewed in around 10 seconds.
Special Features
[Smart Queue - CAKE] Supported on Alpha & Beta Purple boxes and Gold boxes with Ubuntu 22 image (Requires box 1.976).
Firewalla MSP VPN Mesh Support
With Firewalla VPN Mesh, you can seamlessly link multiple Firewalla units together and enable your employees or family members to access anything, anywhere.
- Firewalla 1.976 is needed to run Firewalla VPN Mesh via Firewalla MSP
Enhancements
- [IA_NA for DHCPv6] Supported disabling IA_NA for DHCPv6 connection.
- [Route] Supported pausing/resuming Route rules.
- [STP] Supported disabling Spanning Tree Protocol.
- [Triple Play] Supported using the same port with different VLAN IDs for triple-play connections.
- [Kid Lock] Supported automatically locking the app after switching to the background if Kid Lock is on.
- [Wi-Fi Test] Supported choosing Test Again or Send Feedback for Wi-Fi speed test results.
- [Emergency Access] Turning on Emergency Access will also suspend the Smart Queue feature.
- [Port Forwarding] Supported forwarding the same port to different WAN or VPN interfaces.
- [Auto-Configuration] Sped up the auto-configuration process.
Bug Fixes
- Fixed the issue where the app would crash on iOS version 16.4 while filtering alarms with no results. (requires iOS App 1.54 (92) or above)
- Fixed the issue of Malaysia users not being able to run Internet speed tests.
- Fixed the issue of all connected WireGuard VPN devices being shown as Emergency Access On. (iOS only)
- Fixex the issue of device-level policy not being cleaned up when applying features on all devices.
- Fixed the issue of being unable to set some DHCP options, including DHCP 43.
- Fixed the issue of slow connections when the app doesn't have Internet access. (iOS Only)
- Fixed some issues of migration/restoration during initial setup.
- Fixed the incorrect "Turn Off Ingress Firewall" warning when deleting blocking rules matching local ports.
- Fixed the issue of a missing warning when subnet conflicts are detected between WAN and LAN networks.
Open Issues
- [Live Throughput] IPv6 traffic may not be counted in live throughput stats for device and device group. No impact on live throughput stats on network level.
Resolved Issues
Fixes for these issues have already been rolled out as specified.
- Fixed the issue of MSP-related rules not being displayed in the Rules list (requires iOS App 1.54.1 (1) or above).
- Fixed the issue of failing to renew the DHCP lease on Purple SE.
- Fixed the issue of past devices with DHCP reservation will not be kept on the devices list.
- Fixed the issue of being unable to delete past devices.
Comments
6 comments
Is it necessary to pause or delete any smart queue rules if you switch to using adaptive mode for testing, or are they ignored? Also, for the internet bandwidth values, should this be the advertised speed or an average of actual speeds. The description in the app reads like it's the prior but I'm not sure how that would help congestion if the actual speeds differ significantly enough.
Thanks!
My box is set to alpha but I'm not getting this build, is there something else I need to do?
In playing around with adaptive SQM it appears that you do want to specify ~90-95% of your average actual download and upload speeds. Once I did this my latency was +0ms for download and +1ms for upload using the Waveform bufferbloat test (link below). I need to play around with some smart queue rules to see if they're still honored in adaptive mode. I think there are certain scenarios were I'd prefer to have a hybrid approach so things like Windows Updates and other "bulk" type services aren't competing for bandwidth with things like Zoom, WebEx, Teams, Citrix, gaming, etc. I'd like to see more documentation or explanation for adaptive SQM, as well as CAKE. I was surprised to see that the documentation for CAKE from Firewalla says to use it with lower bandwidth applications. That's contrary to my experience with it on other platforms.
https://www.waveform.com/tools/bufferbloat
@Matt
1. No need to pause or delete any rules. They will still be used.
2. Generally it's the advertised speed. It's a baseline that will be used to configure the system. If there is significant difference between the actual speed and advertised speed, may need to adjust the baseline a bit.
3. We recommend to use it with lower bandwidth network, not lower bandwidth application. If you have a 1g up&down fiber, the probability to trigger bufferbloat is lower. Enabling QoS will add extra CPU load, so potentially may reduce the max packet processing speed. So need to balance between the two.
@Coty
Both app and box need to be set in alpha, (It's only available in Gold/Gold Plus) if it still doesn't work, please email help@firewalla.com so that we can debug.
Bravo on adding target lists to alarm settings. It seems to work correctly in the app.
When will we get this feature fully in the MSP UI? I would like to be able to create, manage, and delete in that UI.
Currently, alarm settings created in the app using target lists are shown incorrectly as large nets that mute all abnormal uploads in the MSP UI.
just to check, will the selection box / clear all alert button/ function be release to aid the speed for clearing alerts?
Please sign in to leave a comment.