Firewalla app version 1.60 is available to users on both Android and iOS!
1.978 Prod version is available to Firewalla Gold, Gold Plus, Gold SE, Purple, Purple SE, and Blue Plus.
--
New Features
1. Users: Track App Usage (Requires Box 1.978)
In this release, we're introducing an exciting new feature to the app: Users. This is a new way of keeping track of your devices' online activity – Firewalla will show you information about app usage for each User for up to 7 days. For example, you can see how long your child has been watching YouTube across each of their devices over the past week.
To create a User, tap Create User, add devices to it, and then give it a name. When creating a user, a User's devices will be automatically put in a Device Group to make them easier to manage. If you add devices that already belong to other device groups, they'll be removed from those groups to join the new one.
We have also added support for creating users from a group, which means you can keep all the rules and settings on your existing groups unchanged while benefiting from this new feature.
Note:
- Firewalla only counts activities in a User after a device has been added, so the activity chart will be empty right after the user is created.
- We don't double-count your activity time if you use multiple apps simultaneously (e.g., playing Fortnite while watching YouTube).
In this release, we're supporting tracking for YouTube, Netflix, TikTok, Fortnite and Roblox (by popular demand from the community), and also added the ability to block the app Fortnite using the blocking rule. We plan to add many more video, gaming, and social apps, and the ability to limit activity time in the near future.
You can learn more in our article about Users.
2. NTP Intercept (Requires Box 1.978, Router & Bridge Modes Only)
Firewalla will intercept NTP requests and process them locally.
- This prevents internal devices from contacting random NTP servers.
- Even if a device's outbound traffic is blocked, it can still use Firewalla's NTP to sync its time.
To use this feature, tap the Services button on your box's main page, toggle on NTP Intercept, and select which local networks to apply it to.
- NTP is only supported on boxes in Router Mode and Bridge Mode.
- To validate if NTP Intercept is working or not, see this article.
- Firewalla uses standard ntp.org NTP servers.
3. Multi-WAN Performance Monitoring & Adaptive Smart Queue (Requires Box 1.978)
Network Performance:
If you have a multi-WAN setup, we now support testing the Internet Speed and Quality on your WAN networks separately. Tap the Network Performance widget on the top of your box's main page, then scroll down to the Internet Speed and Internet Quality sections. Tap on Test Options in the top right corner of each section to set up automatic testing. You can set different server preferences, Internet bandwidths, and test settings for each WAN.
If you have Internet Speed testing set up for both WANs, you'll see two speed charts displayed on your box's main page.
To run the speed test manually, just tap Test Internet Speed and select which WAN to test.
Adaptive Smart Queue:
Smart Queue Adaptive Mode auto-prioritizes traffic based on your Internet speed. If you have multiple WANs, the app now supports setting up the speed for your WANs separately so Smart Queue in Adaptive mode can better adjust its policy based on which WAN traffic is going through. Learn more about Smart Queue Adaptive Mode.
You'll be asked to enter Internet speed information when creating a WAN or turning on Adaptive Smart Queue (Adaptive Smart Queue can be turned on directly from the Smart Queue page or through the auto-configuration wizard). Internet speed will also be used as a reference for your Internet speed test results.
4. SSDP Relay (Requires Box 1.978, Router Mode Only )
Isolating your smart media devices (such as Sonos speakers or a Roku) to their own network segment can be a useful way to increase your network's security. However, you might need to access these devices while on a different LAN, and constantly switching back and forth between networks can get frustrating.
In this release, we've added support for SSDP Relay, which allows you to use some devices and features across networks (similar to mDNS Relay). To enable it, go to your box's Network Manager, tap on a LAN, tap Edit, and then toggle SSDP Relay on.
Please note:
- If SSDP Relay is enabled on one network, SSDP broadcast queries sent from the network will be relayed to all the other networks.
- SSDP is a discovery protocol; once devices find each other, they can communicate without an SSDP Relay. To make sure devices in different networks stop talking to each other, we recommend you reboot the device or reconnect it to your network after turning off SSDP Relay.
- SSDP Relay is only supported in Router Mode on all local networks.
- SSDP Relay is not supported on VPN networks (OpenVPN and WireGuard), because multicast is not supported on them.
UI Remodeling
1. Scanning and Port Forwarding moved into Scan
To make room for new features and make navigating the app a bit easier, we've reorganized our scanning- and port-related items under one page: Scan. This page includes the External Open Port Scan (previously accessible via the Open Ports button), Port Forwarding, and the Device Open Port Scan. All your port scans, open ports, and port forwarding configurations are now accessible in one place.
2. DNS Services moved into Services
The features from the DNS Services button (DNS over HTTPS, Unbound, and Custom DNS Rules) have been moved into the Services button.
Note that the NTP section will only appear when your box is in Router or Bridge mode.
3. Block ICMP (Ping) and mDNS Reflector moved into Network Manager
The Block ICMP (Ping) and mDNS Reflector (now mDNS Relay) options have been moved from the Configurations page to the network detail pages. Tap into the Network Manager from your box's main page, tap on a network, tap Edit, then scroll down to see Block ICMP and mDNS Relay.
4. Mode and Firewalla Web buttons removed from Main Page
The Mode page and the Firewalla Web login page can now be accessed by tapping on the + More button on your box's main page or by tapping Settings -> Features.
Enhancements
1. Multiple IPv6 Prefixes
If your ISP has provided you with multiple IPv6 prefixes, you can now specify the number of prefixes and the prefix delegation size in the app.
2. Display DHCPv6 Lease Information
We now support displaying information about each WAN's DHCPv6 lease, including DHCPv6 server, lease lifetime, and IPv6 prefix lifetime. We've also added an option to Renew DHCPv6 Lease.
3. Configure MTU for DHCP and Static IP WANs
You can now set MTU when setting up or editing a DHCP or Static IP WAN. The default MTU value is 1492. If your ISP hasn't given you any specific requirements for MTU, there is no need to change this value.
4. Power Outage Events (Requires Box 1.978)
Firewalla can now tell you if your box has experienced a power outage. This is useful for debugging the true cause of network issues and can help indicate if there are any problems with your power supply. Power outages will show as gray in your box's Network Performance bar. Tap into the event detail page to see the approximate time the outage started and the duration of the outage.
5. Interface Info in Flow Details
In each flow's detail page, you can now see the WAN or VPN interface the traffic went through. Tap on any flow and scroll down to Outbound Interface.
Bug Fixes
- Fixed the bug where the Kid Lock may be bypassed. (Android 1.60.101)
- Fixed the bug that APP crashes when Data Plan reset date is set to 30 or 31. (Android 1.60.102)
-
Fixed the bug where the app would crash when frequently entering the main screen of the box within a short time. (iOS 1.60(71))
-
Fixed the bug where the box's DDNS may sometimes be mapped to an incorrect public IP, leading to connection failures or delays when using DDNS.
- Fixed the bug that expired rules are not deleted automatically when paused.
- Fixed the bug where VLAN is displayed as LAN in Bridge mode. (iOS only)
- Fixed the bug where port forwarding on the VPN interface is not shown. (iOS only)
- Fixed the bug where SSDP should not be supported on OpenVPN.
- Fixed the incorrect display of DHCP/static IP default MTU value.
- Fixed the bug where configuring the upload/download limit in Smart Queue rules sometimes caused the app to crash. (Android Only)
- Fixed the bug where the DHCP option 66 may not work properly.
- Fixed the bug where the device type icons were sometimes hidden.
- Fixed the bug where the VPN client continued to be active after switching to Bridge Mode.
- Fixed the bug where Network Diagnostics results sometimes incorrectly showed as Failed.
- Fixed the bug where the app didn't allow new Smart Queue rules on devices/groups/networks with default priority and no upload and download limit. (iOS only)
- Fixed the bug where IP addresses would sometimes show as domains from a flow detail page.
- Fixed the bug where different LANs on the same box could reserve the same IP for different devices.
- Fixed other UI inconsistencies and bugs.
Known Issues
- Issue: The Firewalla NTP server may be reachable from the WAN’s public IP when the NTP Intercept is enabled.
How to fix: Update the box to version 1.978 or above. - Issue: The automatic speed test may run twice if you use app version 1.60 with box version 1.977 and have updated your performance test settings.
How to fix: Update the box to version 1.978 or above. - Issue: Changing MTU on Purple's WAN Port, Purple SE's LAN Port, and Gold SE's Port 2 and 3 may not work.
How to fix: It will be fixed in the next box release. - Issue: When the MTU value is removed from the app to set it back to default, the value will not take effect until the box is rebooted.
How to fix: Reboot the box after changing the MTU value. This issue will be fixed in the next box release. - Issue: The NTP Intercept feature may not work in IPv6 network.
How to fix: Update the box to version 1.978 or above.
Comments
7 comments
Parent feedback:
There needs to be a difference between Users and Groups. Maybe this is planned for the future, but as it is implemented, it isn't an effective distinction.
In my network, I have groups primarily by device type, since we previously didn't have a way to assign devices to a person. So my primary groups are Cameras, Media Players, Phones/Tablets, Computers, and Smart Home.
There should be a way keep a person's device (users) included in the device type (group) so apply additional rules (higher priority) rather than needing its own, separate set of rules.
For example, if I want to set different time limits on my kids tablets (because they are 3 years apart), I still want them to have my basic "tablets" rules and settings, without applying the time limit to my wife's tablet, for example. So it seems that I can't keep all of the tablets from accessing my work VLAN and still monitor Netflix and Youtube per device.
As it currently stands, if i want to be able to monitor my son's Netflix usage vs my daughter's, I have to remove all of their devices from their respective device groups.
This may be more unique to my particular use case, but I can't imagine that I'm the only person who set their network up this way.
Agreed! You should join the Reddit thread if you haven’t already. https://www.reddit.com/r/firewalla/s/nJdjbex353
Didn't know that was a thing. See you over there!
Given the UI changes, or just in general, it would be nice to have a web page showing a menu tree/tree diagram that shows where everything can be found in the app. Most drawing tools have support for creating these (here's a random example, https://svg.template.creately.com/il6mrtzm1, from Creately), the idea is that if you want to find X in the app you can go to the web page and locate the direct path through the app menus to get to X.
Corey,
Totally agree. I use network and groups extensively… and they are awesome. I will not use the users feature because it removes devices from the groups I have already established.
I have a about a dozen vlans. The dynamic nature of networks and the static nature of groups makes administration very easy and flexible. I don’t want to give up my existing group layout in order to manage users.
Users can "adopt" an existing group. So you don't have to move them
I see 1.978 was released a while ago, my standard firewalls gold on “site A” has auto upgraded, however my firewalla gold+ on “site B” is still on 1.977. Is there a way to “encourage” the firewalls to update?
Please sign in to leave a comment.