Firewalla's mission is to make managing different types of network activities more effective and convenient. Whether you are at home managing your kid's internet access or at work managing your employee's activities, we want you to have complete visibility and control.
This article covers:
You can also take a look at an example of parental control settings.
1. Network Visibility
The deep insights that Firewalla provides can help you see what every device on your network is doing. Here are some examples of helpful things Firewalla can show you:
Activity Alarms can tell you if people are playing games, watching videos, or visiting adult sites.
Online/Offline Alarms can tell when a known device rejoins and leaves your network. For example, you can see when your kids get home and connect their devices to the home network.
Network Flows allows you to monitor what people are doing online remotely. To see what a device is doing, locate it from the device list, tap on its device name, and click "Network Flows." This shows what devices are doing and for how long. With a bit of knowledge of basic networking, you can detect and block any abnormal activities.
Firewalla looks at everything that is happening on your network. For example, our customers have discovered PS4s that were downloading pornography and routers that were "phoning home" extensively and sending suspicious amounts of data outside of the network.
2. Basic Controls
Out of the box, we provide some basic controls that you can use to block unwanted content from the internet. These features automatically identify and block inappropriate content for kids. You need to turn them on, and Firewalla will do its job. Here are some features you can easily activate to start protecting your family:
Safe Search automatically filters out offensive content in search results. It supports the most common search engines, including Google, Youtube, Bing, and DuckDuckGo.
Family Protect automatically blocks access to sites with pornographic and violent content.
In the 1.52 app release, we've added Native Family Protect, which gives you full control over what to block right on the Firewalla box. You can see this video tutorial to learn how to enable Native Family Protect or read more about it in our 1.52 App Release Notes.
Ad Block automatically blocks pop-up or embedded ads as much as possible in browsers and mobile apps. This also prevents ads from tracking your devices' web traffic.
Social Hour temporarily blocks social networking access for one hour on all devices. Just tap to turn it on and enjoy some family social time.
Additionally, popular blocking shortcuts are conveniently located on the device detail screen. With one tap, you can block permanently, block for an hour, or unblock access to video, gaming, social sites, and even Apps like Facebook, TikTok, etc.
3. Advanced Controls
Firewalla also includes many sophisticated ways to observe and configure your network. You can create rules and policies based on specific target domains or activity categories, and apply them to individual devices or globally to all devices. Our advanced controls include:
Specific and Specialized Rules
Firewalla's Rules have a comprehensive array of blocking options. You can block a specific activity category, including:
- Social networking
You can also define a specific target, such as:
- Domain name
- IP subnet
Better yet, you can specify the application:
Once you have a target specified, you can then apply the rule to selected devices or everyone on your network.
You can also set a schedule for a rule to take effect. This allows you to manage internet access based on your kids' screen time rules. Through Firewalla, you can turn off some activities but allow your kids to do homework online, or turn off the internet entirely. It's all your choice.
For example, if you want to block a device from accessing Facebook every night from 9 PM to 7 AM, you can create a new rule for this device with the target set as "Domain" -> "facebook.com" and the active time set to "every day, from 9 PM to 7 AM (next day)".
Under each device/network detail page, there is an Emergency Access button to control whether a device's internet access is controlled by Firewalla. When turned on, it means Firewalla can no longer block you from accessing any site.
You can leverage this feature by scheduling Emergency Access to give kids extra hours. Similar to pausing rules, emergency access can be turned on for 15 minutes, 1 hour, always, or for any custom time period. At the end of the specified period, Emergency Access will automatically be turned back off. This way, you'll never forget to turn your kids' access rules back on.
4. Intercepting Smart Kids and Nosey Neighbors
If a new, unrecognized device joins your network, it can be hard to tell who or what it might be. It could be an unwelcome neighbor looking for free Wi-Fi, a guest trying to connect to the Internet, or a (very) smart kid attempting to get around their bedtime rules. With Firewalla, you can decide how much to trust unfamiliar devices. Here are some things you should be aware of:
- Private Addresses
- iCloud Private Relay
- Target Lists
- Physical Protection
- App Protection with Kid Lock
Android, iOS, and Windows have a feature called Private Addresses to protect consumers when they are on public Wi-Fi. Smart kids may try to get around the rules you set by turning on Private Addresses to hide their identity. Firewalla allows you to shut off access to unknown devices using Rules and New Device Quarantine.
iCloud Private Relay
Apple's iCloud Private Relay is another way of protecting your privacy, particularly on public Wi-Fi. Using it on your home network may mean Firewalla has less information about network traffic than it would otherwise have. If you wish, you can disable Private Relay with a Rule without negatively affecting users and you will be able to have full visibility and enforce any rules or policies you wish.
Firewalla has a large database of dynamic security intel that your box can use to judge the risk of your connections. While this is usually enough to provide a reliable baseline of security for your family, we offer the Target List feature in case you have a lot of custom targets or want to use an existing pre-created target list. A Target List is a set of domains or IP addresses that you can use as a rule target. If you create a rule to block a target list, the target list entries will always be blocked regardless of the site's reputation.
One way you might use Target Lists to protect your family is to block traffic to DoH/DoT servers. Some browsers provide DNS over HTTPS (DoH) features to encrypt DNS requests, hiding your device's web traffic. If a clever kid enables browser DoH, some of Firewalla's blocking rules may not work. To fix this problem, you can force users to use normal DNS by imposing a rule to block traffic to DoH/DoT servers using Firewalla's DoH Services Target List. You can also build your own Target List of specific DoH/DoT servers.
No matter how strong your network security protocols are, you still need to make sure your system is physically protected. As the saying goes, "Information Security is only as strong as the weakest link." So here are some final recommendations for how to physically secure your network:
- Peel off the license sticker on your Firewalla and store it in a safe place to prevent kids from pairing with the unit.
- Make sure kids have no physical access to the unit so they can't tinker with them.
- Please watch out for notifications in case kids power off the unit.
App Protection with Kid Lock
Kid Lock can lock the Firewalla App with Touch ID, Face ID, or a PIN Code to prevent kids who share or have access to your devices from accidentally changing network settings. This option is by default off. To turn it on, you can go to App Settings in the top right corner of the main page and tap "Kid Lock".
If you have any feedback for our team or suggestions for articles we should write, please don't hesitate to reach out to us at firstname.lastname@example.org. We're always looking for ways to help you get more value out of your Firewalla.
How does the "Adult" filter work? Is this OpenDNS or something else?
The family mode is OpenDNS, fully DNS based
Porn block inside device control is both DNS and IP based controls. It will block faster, quicker, and done locally on your blue/red box.
People tend to turn on both ...
Under a devices "Network Flow" the "Apps" tab is always empty why is that? Upload Download and History all have content.
I have the following queries:
You should be able to create multiple rules to cover different times.
And there is no way to block search terms, those Firewalla can't see on the network.
Is there anything to prevent turning off WiFi and using cellular data?
Can URL blocking policy be performed per device/IP and per user? Also, is the full set of 27 OpenDNS categories available for use in Firewalla gold?
The blocking policy can be per device, per group of devices (Gold, or you are on firewalla red/blue beta), and per network segment (gold only)
So is tiktok still an unknown or has it been added to one of the categories? Can I add new sites to the categories to simplify management?
Or are categories based on opendns categories and so those can't be changed?
tiktok is social networking. Categories are computed from various sources, so you can ask us to change anything, if it make sense, we can override
Is there a list available on all the apps you can block currently , and also is there a way to check under what category you place a certain site/ app ?
Where can I turn on "Kid Lock" in version 1.9731? I am not seeing it in the application.
Please sign in to leave a comment.