Firewalla app version 1.62 is now available to all users.
- Firewalla Gold, Gold Plus, Gold Pro, Gold SE, Purple, Purple SE, Blue Plus Production Release
---
Major Release: 1.62:
- New Features
- Vulnerability Scan Updates
- MSP Target List Support
- UI Remodeling
- Enhancements
- Bug Fixes
New Features
1. Live Throughput by Device
Curious about what devices are taking up the most throughput? We now display a live list of the devices processing the most data (download + upload) through your network(s). This can help you identify abnormal activity and see if any devices are hogging bandwidth. To see this list, just tap the Live Throughput graph on your device's main page
- if you don't see this graph, make sure you're connected to your Firewalla's local network.
- The list will automatically update as devices change their throughput use. Tap on any device in this list to go to its detail page.
- This feature is not supported on DHCP and Simple mode.
2. Exclude Devices
To make it easier to customize each of your device's network experiences, we now allow you to exclude specific devices while you're applying certain features to All Devices:
- Ad Block
- DNS over HTTPS (DoH)
- Unbound
- Device Port Scan
- Safe Search
- Vulnerability Scan (App version 1.62.1)
For example, if you'd like your entire network to be protected by Ad Block but want to access certain sites that have been blocked by Ad Block on your personal laptop, you can quickly do so by applying Ad Block to All Devices, then selecting your laptop under the Exclude Device section.
3. App and User Info in Alarms
To help you more easily understand Firewalla's alarms, we've added information about apps and Users to the alarm descriptions. Instead of having to interpret something like "Device Chris iPad is watching video on yt3.ggpht.com.", if the iPad belongs to User Chris, the alarm now clearly states "Chris is watching YouTube with device Chris-iPad."
Note that this update is limited to the apps that Firewalla can track. We're always adding more apps to this list.
4. Vulnerability Scan Updates
We've made several upgrades to our System Vulnerability Scan feature to make it easier to keep your commonly used ports protected:
- Automatic scanning (Gold Series Only)
- Specify what devices the scan is applied to
- MAC address displayed on each result
- False positive detection
You can now schedule an automatic weekly vulnerability scan to ensure your network is constantly monitored for weak credentials—just tap Automatic Scan, toggle it on, and set a day of the week and hour.
- Due to heavy system resource usage, the automatic scan is only supported on Gold models, including Firewalla Gold, Gold Plus, Gold SE, and Gold Pro.
If you have devices that may flag the scan as suspicious activity or password guessing, you can now specify or exclude certain devices from the System Vulnerability Scan. Tap Scan Scope. Then, tap Specified Devices to choose what devices the scan should apply to, or tap Add Device under Exclude Device to exclude specific devices from the scan.
To help you identify exactly which device has a vulnerability, we now display the MAC address for each scan result. Tap on a scan result to see the device's MAC address shown next to its name.
Depending on the devices on your network, the System Vulnerability scan may detect some false positives. To help you identify these faulty results, if there are more than 5 vulnerability scan results for the same port on the same device, we'll automatically group them into a Possible False Positives dropdown.
5. MSP Target List Support
With the MSP 2.6.0 release, Professional MSP users can use their target lists on the Firewalla app, as well as the MSP UI. Business MSP users have the option to allow app users to create rules using these lists or edit the lists by adding domains or IP addresses.
For example, to create rules using your MSP-owned target lists in the app:
- Create a new rule by tapping Rules -> Add Rule
- For the rule target, tap Target List
- You'll see all the target lists that are available to your box, including any Local (box-owned), MSP (MSP-owned), and System (Firewalla-owned) lists
Learn more about managing Target List's App Access in the MSP 2.6.0 release notes.
UI Remodeling
1. Setup page redesigned
We've made some slight readjustments to the setup page (where all your Firewalla boxes are listed) in anticipation of the upcoming Gold Pro. We've redrawn some of our icons and made some small alignment changes.
Enhancements
1. Rule shortcut limit increased to 10
By popular demand, we've increased the number of rule shortcuts you can keep on the main screen to 10! To add a rule to the main screen, tap Rules -> tap on a Rule -> scroll down and tap Add to Main Screen. The rule can now be quickly paused or resumed directly from your box's main page.
2. VPN Server support for IPv6 (Requires Box 1.979)
When using Firewalla's VPN server, you may need to set up port forwarding or make other DDNS settings changes to make your box publically reachable. Whether you're planning to use an IPv4 address, port forwarding, or an IPv6 address for your VPN server, Firewalla will guide you to make the right configurations to get your VPN server set up.
3. Roaming event updates
In response to community feedback, we've added the BSSID information to the Roaming tag on the Wi-Fi Test graphs. Now, you can clearly see which access point your device has switched to every time it roams.
4. Double NAT detection
We now display whether your network is under double NAT (behind at least one other router) directly on the NAT Settings page. This makes it easy to see if you need to set up extra port forwarding settings on upstream routers.
Note that this enhancement only applies to Gold and Purple boxes in boxes in Router Mode or Simple/DHCP Mode .
5. Firewalla Gold Pro
To take advantage of the Gold Pro's additional processing power (10Gbps speed, 8GB memory, faster VPN connections, etc.), we're raising some of its feature limits (Gold Pro only):
-
WireGuard client limit:
- Production: 25 -> 50
- Early Access/Beta/MSP: 100 -> 200
- Site to Site VPN connections: 10 -> 20
- IPs per WAN: 1 + 5 additional IPs -> 1 + 10 additional IPs
- Active VPN clients: 5 -> 10
- VPN client connections: 9 -> 20
Bug Fixes
- Fixed the issue where the median latency on the Internet Quality page would sometimes be incorrect.
- Fixed the issue where trying to switch an Ethernet WAN to wireless after changing its MAC address caused an error.
- Fixed the issue where Kid Lock had a short delay. (Android Only)
- Fixed the issue where changes to the ping target IP sometimes weren't saved in the Internet Quality settings. (Android Only)
- Fixed the issue where Rules searching sometimes didn't work. (Android Only)
- Fixed the issue where Time Limit rules may block the access without reaching the limit.
- Fixed some display and grammar issues.
- Fixed the issue where Block ICMP couldn't be configured while in Bridge mode. (iOS Only)
- Fixed the issue where captive portals sometimes wouldn't show if there was an active VPN client connection.
- Updated the device activity preview on the Devices list to show app activities.
- Fixed the issue where Large Bandwidth Usage alarm notifications sometimes switched hours with percentage. (Android Only)
- Fixed the issue where subnet conflicts would show for OpenVPN networks even when those networks were hidden. (Android Only)
- Fixed the issue where the MAC address for the Link Aggregation Group on WAN interfaces may be unexpectedly wiped out when making network configuration changes in app 1.62. (Android 1.62.1 (5) & iOS 1.62.1 (4))
- Fixed the issue where changing VLAN may cause network-level rules to be lost. (Android 1.62.1 (5))
- Fixed the issue where newly created rules (in App version 1.62.1) targeting user-managed lists might not function as expected. Updating to version 1.62.2 and re-creating the rules will fix it.
-
Fixed CVE-2024-40892, CVE-2024-40893
Comments
10 comments
Is there a way to apply the new "Exclude Devices" to "Custom DNS Rules"?? If not, can that please be added? Ideally on a per-rule basis.
Do you mean something like
map something.com to 1.2.3.4 on device iPhone but not device iPad?
If it is, then no, it is not possible.
Yes, that is basically what I want. Some combination of mapping something.com to 1.2.3.4 and then either ONLY doing that for specific devices or LANs, or excluding that from specific devices or LANs. Can that please be added as a feature request.
When is 1.979 released?
Hi,
Does it just do a port scan? This is not a vulnerability test? Shouldn't it mention the CVE code of the relevant vulnerability in order to be a vulnerability test?
Why can't I click on the live throughput and see what units are using the most data as illustrated in your latest video? I am up to date on my Gold SE and iOS app...
@qBit
During beta, it is possible your box and app may be out of sync. So please check the release notes, some times app may release sooner than the box. If the box still in beta, you will need to join box beta.
When will we see enhancements to the DHCP reservation system so we can create reservations for devices BEFORE they connect to the Firewalla?
Humble feature request: when clicking on a device from the Live Throughput screen, it defaults to the "Last 24 Hours". Since it's coming from a perspective of a "Live" investigation, seems like it would make more sense to default to "Last 1 hour".
Well, it still defaults to the latest/current hour. If in case you need to look at something way beyond an hour, you just need to scroll down and there's no need to change window or click on something else. Maybe that's the reason why they set it that way. Just my thought.
Please sign in to leave a comment.