This article is only relevant if you are running your Firewalla in Simple Mode or DHCP Mode . Note that support for Simple/DHCP Mode may be reduced soon. If you have a Gold or Purple, we highly recommend using Bridge or Router mode.
To configure Google or Nest Wi-Fi with Gold boxes, see:
- Firewalla Gold Tutorial: Google Wi-Fi or Nest Wi-Fi Mesh network with Gold Series (Beta)
- Google Wi-Fi or Nest Wi-Fi Mesh network with Purple (Beta).
We absolutely love the newer generations of meshed routers. We use them at home and at our office.
However, we have noticed some strange things happening when Firewalla connects the mesh network, such as not being able to access the internet or loading a website is very slow. This is mainly due to the conflict between satellite boxes and Firewalla. Our recommendation is to disable monitoring on the satellite mesh devices in the Firewalla app. This does not affect Firewalla's monitoring of devices that are connecting to the satellite boxes via Wi-Fi.
If you are running the Firewalla Gold in Router Mode, all you need is to turn on Bridge or AP Mode on your mesh.
To disable monitoring of satellite devices:
- Tap on the "Devices" icon.
- Find the satellite devices from the list. Usually, the device's name is something like "Google", "Linksys", "Orbi", "Netgear", or "Orbi Pro".
- Tap on the device name, scroll down to the bottom of the page, and swipe the "Monitoring" button to turn it off.
When a device's monitoring is turned off, in the device list UI, you should see a blue icon, which indicates "monitoring off", next to the device name.
Some vendor's mesh routers may need additional configuration to use certain features or bypass some known issues. They are listed below by vendor.
- Google Wi-Fi
- Connectivity issue
- Use VPN Server - Linksys Velop
- Network slowdown
- Use IPv6 - TP-Link Deco (M5)
- Eero
- Wi-Fi Extenders in General
Google Wi-Fi / Nest Wi-Fi
For Google Wi-Fi, we recommend using the DHCP Mode. See this article. The workaround for Simple Mode only works for some users.
If you still want to try your luck with Simple Mode, try these workarounds:
Firewalla Simple Mode is compatible with some Google Wi-Fi deployments using workarounds from below. We know some Google Wi-Fi deployments will require DHCP Mode instead of Simple Mode.
* Note: There is quite a lot of confusion when talking about Google Wi-Fi. Here we are referring to the latest router from Google as Google Wi-Fi, not the older router from Google called Google Onhub. Currently, Google Onhub is not compatible with Firewalla.
Connectivity issue:
If you are running into connectivity issues, there are several tricks you can try:
- Turn off Guest Wi-Fi
We have recently heard one issue with Google Wi-Fi + Guest Wi-Fi. If you running into issues, please turn Guest Wi-Fi off. - Turn on Family Mode
by tapping on the Family Mode button. We have found Google Wi-Fi's built-in DNS may crash. Family Mode will circumvent this issue. We are working on a better solution. Another solution is to manually set a DNS server on the device. - Changing DNS to Customized DNS
We also worked with one customer on the issue related to a slower DNS problem; if you encounter this, please do not use Automatic mode in DNS; use the option to manually give the DNS address. According to Reddit, this is a possible Google Wi-Fi Bug.
Tutorial on How to Change Google DNS to Custom - Turn off W-Fi Point Usage Stats, Turn off Google Wi-Fi Cloud Services
- If the problem persists, try the experimental mode. In the Firewalla app, select "Monitoring", and under the mode option, select "Experimental Simple Mode".
We have one customer who confirmed this works.
To Work with Firewalla VPN Server:
To work with the Firewalla VPN Server feature, we recommend turning off its port mapping capability. Turn on UPnP instead. Detailed instructions are as follows:
- Turn off Firewalla monitoring globally in the Firewalla app
- Open the Google Wi-Fi app, tap Settings → Network & General → Advanced networking, and remove all DHCP IP reservations and Port forwarding. Then, turn on UPnP.
- Turn Firewalla's VPN feature off and then back on in the Firewalla app. In this step, Firewalla will automatically create a UPnP port mapping on Google Wi-Fi port 1194. (Ignore the "Need Manual Step" step if you see it on the VPN settings page, it's a bug. Optionally, you can reset the profile and password to clear the "Need Manual Step" flag.)
- Test if OpenVPN works.
- Turn Firewalla monitoring back on
- Test if OpenVPN still works.
Linksys Velop
Firewalla Simple Mode is compatible with Linksys Velop.
Network slowdown:
If you encounter issues with slowdowns, please turn off express forwarding via Connectivity Configuration. De-select Express Forwarding.
Use IPv6:
When the ipv6 feature is turned on, you 'may' need to disable Linksys ipv6 SPI firewall.
TP-Link Deco (M5)
Some customers have said the TP-Link Deco (M5) will work with Firewalla's Simple Mode.
Eero
Firewalla Simple Mode is NOT compatible with Eero v1 or Eero Pro Wi-Fi 6 units, please use Firewalla DHCP Mode instead. For Eero Pro Wi-Fi 6, please see this guide.
Eero V2 should be compatible with Simple Mode.
ASUS Mesh
We have some customers reporting issues with Asus Mesh in Simple Mode, and we are investigating. If you have issues with it, please let us know. If you don't have any issues with it, please let us know that too. (help@firewalla.com)
Wi-Fi Extenders in General
These are strange beasts. We have seen these extenders remap device MAC addresses. If you have seen your device continually change MAC addresses or have strange devices appear on your network, it is likely these extenders dynamically remapping device MAC addresses. Also, it is a good practice to turn off monitoring on the extenders.
Comments
14 comments
Note that according to eero, if you use use your eeros in bridge mode they must be wired as follows:
I have orbi router with two satellites, AP mode, connected to firewall gold, can I turn off monitoring two all, orbi router and satellites? thanks!
@carlos, if you are using the Gold under router mode, you do not need to do anything special. It should just work. This document only apply to when you are using the Gold in the traditional simple/dhcp modes.
When I had Blue I turned off monitoring on eero, with Gold (in router mode) I left monitoring on for eero and it seems perfectly happy.
Do we need to disable monitoring on main mesh device too?
and do we need to disable monitoring on satellite if connected by ethernet backhaul?
Same question as @S. M.
i am using TP-Link Deco X68 and it is disrupting the internet. I have tried the simple mode, experimental simple mode, it does not work. I did switch off the monitoring for the two mesh, but I am not able to switch off the monitoring for the main router. There is no option.
@tirthankar sen
I use Linksys Velop which wouldn't work in simple mode for more than a few hours before killing the network. It only works reliably in DHCP mode.
Is your main router in the base range of IP addresses? Ie 192.168.1.x? Are your satellites in the base range or in the overlay range of IP addresses?
In my setup, the main mesh and the satellites are all in the base range. The main mesh didn't need the monitoring off, it was off by default. I've turned off monitoring on both of the satellites but it didn't seem to matter that much if the monitoring was on or off.
I have followed the above steps in order in an attempt to get my Gold working in Simple Mode with my Nest WiFi mesh (turned off WiFi AP monitoring, turned off Google logging, configured static DNS address, enabled both Simple and Experimental Simple mode). I have also disabled Advanced Security blocking.
However, all devices are suffering delayed or blocked connectivity. AppleTVs time out, web sites do not load, images in email do not load, etc.
Unplugging the Firewalla resolves the problem.
Anything I'm missing, other than the complex multi-lan workarounds? I am a network engineer, but hesitant to make my large home network even more difficult to support.
@Don, I suggest trying this https://help.firewalla.com/hc/en-us/articles/360048869274-Firewalla-Gold-Tutorial-Google-Wifi-or-Nest-Wifi-Mesh-network-with-Gold-Beta-
I had been using my Firewalla Gold in Router mode with a TP Link X90 (set to AP mode), without any issues for almost two years.
About two weeks ago, the lights on my TP Link X90 turned red and the Deco app reported that there was no Internet access. Interestingly, the connection seemed to be working fine, if a bit slowly, with one exception: none of my Google Nest Mini devices were able to connect.
After a lot of tinkering, which included resetting the TP Link to factory settings, I was back to square one - the connection was fine only if I bypassed the Firewalla Gold, which wasn't willing to do.
I ended up following the instructions included in this page, although in theory they didn't apply to me as I am not using the Firewalla Gold in simple mode... but it fixed the problem anyway. As soon as I stopped monitoring the TP Link satellite, the light turned green and my Google Nest Mini were able to connect again.
@Daminano, you should run the Gold in router mode, it is much simpler and should work with pretty much any AP. https://help.firewalla.com/hc/en-us/articles/4411167832851-Firewalla-Router-Mode-Configuration-Guides
@Firewalla,
I have been doing just that since day 1, and that's why I didn't pay much attention to this page at first, since it clearly states that "this does not apply to Router mode in Firewalla Gold or Purple series boxes".
However, after having attempted in vain a bunch of other solutions, included resetting the TP Link router twice, stopping the satellite unit from being monitored fixed the problem instantly. Maybe a lucky coincidence, but I decided to share my experience here for others who may run into the same problem.
@Damiano, After resetting the TP-Link did you put them back to AP mode with FWG in Router mode?
Please sign in to leave a comment.