New Features
- WireGuard VPN
- Strict Ad block
- Target List to group multiple targets
- System Events: WAN connectivity test Log
- Blocking flow + stats
- Local + Remote port rules
- Configure DNS server on VPN networks
- Edit network inside Network UI
1. Wireguard VPN Server (Gold + Blue Plus)
Firewalla VPN server is now supporting a new type of VPN - Wireguard. Similar to OpenVPN, Wireguard allows you to connect devices to the Firewalla Box when you are outside your home network, so your traffic can be protected and controlled by Firewalla.
WireGuard is a security-focused virtual private network (VPN) known for its simplicity and ease of use. This protocol is simpler than OpenVPN and can achieve higher encryption rates.
- When Wireguard is turned on, tap Setup -> Add a client, Firewalla will generate a VPN profile that helps you to set up a VPN connection using Wireguard App on your device automatically.
- Wireguard VPN Server supports up to 12 clients, and 1 client can only be used on one device at the same time.
- You have the flexibility to pick OpenVPN and/or WireGuard. We are committed to supporting both protocols.
Learn more on Wireguard VPN configuration.
2. Strict Ad Block
Strict Ad Block can block more ads than the default mode (likely trigger the ad blocker detection more often).
On the box main page, tap on Ad Block -> Ad List, you can switch the Ad list from Default (the previous list) to Strict.
3. Target List
Target List can be used to create rules to block, allow, or prioritize a group of targets.
When adding a rule, tap Select a target -> Target list, you'll find two sections :
- Firewalla-managed: This includes the lists provided by Firewalla, we will add more in the future.
- User-managed: This includes the lists managed by you using the Firewalla Web interface: my.firewalla.com. After a list is created on the web, it will appear on the App automatically. If you have a lot of rules, this feature can help you to organize them.
Learn more on Managing Target List on Firewalla Web Interface.
4. System Event (Gold + Blue Plus)
Firewalla can now log the WAN connectivity status changes using System Events and give you a short brief on the main screen after the change in 24 hours.
If your ISP has been unstable during the nighttime, the events will help you to debug, or at least, learn more about the stability of Internet connection.
Events can be found in Box Settings -> Events. Currently, it is able to provide you with the history of
- WAN disconnected or restored (Gold Only)
- Dual WAN switch or failover (Gold Only)
- Ethernet Port connected or disconnected (Gold and Blue Plus)
5. Blocking Stats and History (Gold + Blue Plus)
Firewalla has always been protecting you from various malicious activities and ads. Now it has the ability to show you all the blocking details and the statistics of how many flows it captures and how many have been blocked in the last 24 hours.
This is supported on individual devices, groups, networks, and all devices. You can either tap on the statistics panel or tap on the flows chart -> View Blocked to dive into the details.
Please don't be alarms if you have strange blocks, here is a quick FAQ https://help.firewalla.com/hc/en-us/articles/1500007220942
6. Create a rule to specify Local Port
Firewalla is now supporting rules matching the combination of Local Port + Remote Target.
If you have your own servers running at your home or office, i.e. web servers or email servers, and you want to specify who can access your local port from the outside of your local network.
For example, if you have a web server running, you can now create a rule to allow traffic from any region to access a certain port on your web server.
Enhancement
- Snooze: Pause a rule and auto-resume after a certain amount of time.
- Policy-based routing to VPN: Ability to specify any type of traffic and route them to your VPN servers, as long as the VPN is connected. For example, routing all video traffic to a 3rd party VPN server. Learn more about PBR.
- Ability to edit network inside individual networks
- Ability to change DNS server for VPN networks: Tap the Edit button on the network page, fill in the DNS server and save.
- Supporting OpenVPN Network Flows. Tap on Devices, tap on Firewalla VPN, tap on Network Flows
- Able to add a new source network for NAT: If Source NAT is turned on, you can manually specify which networks can access the internet through the SNAT gateway. (Gold Only)
Feature Availability for different platforms
Red |
Blue |
Blue+ |
Gold |
|
---|---|---|---|---|
Upcoming Features 1.972 | ||||
Wireguard VPN Server | ✔ | ✔ | ||
Ad Block Advanced Mode | ✔ | ✔ | ✔ | ✔ |
Target List (Rules Grouping) | ✔ | ✔ | ✔ | |
Blocking History | ✔ | ✔ | ||
Network Connectivity Test | ✔ | ✔ | ||
VPN Network Flows | ✔ | ✔ |
Bug Fixes
- On iOS, the "Sign In" button was disabled after scanning the QR code to login my.firewalla.com
- On iOS, the rules count on the main screen was not calculated correctly
- On Android, the error message was not shown correctly when editing rules
- Several UI and translation issues.
- General bug fixes for all platforms.
Known Issues
- Blocked UDP flows will be shown in the flows
- Some of the outbound TCP flows may be mistaken as blocked inbound flows
- DNSmasq bug may cause DNS leak when DoH is on
- The direction of the blocked flows between local networks may be wrong
Comments
5 comments
Will the Strict Ad Block replace Pihole?
when is it coming out?
When is 1.972 coming?
Thank you!
I love the new Wireguard VPN server mode, it's much faster for me.
Now I look even more forward to client mode, when you get to that! It will simplify also site-site setups!
Thanks for adding more useful features to the Gold box. You guys have done a great job!
Please sign in to leave a comment.