Firewalla's mission is to make managing different types of network activities more effective and convenient. Whether you're at home controlling your kid's internet access or at work supervising your employee's activities, we want you to have complete visibility and control.
- Family Features
- Basic Controls
- Advanced Controls
- Network Visibility
- Intercepting Smart Kids and Nosey Neighbors
- Protecting Kids while Traveling
- Example: Enforcing a schedule
As with any firewall, your policies can only be enforced if no one is meddling with them. If kids or employees have access to a device that's paired with your box, they may disable rules, pause monitoring, or make other configurations to your network. To prevent this from happening, we recommend securing your Firewalla app using Kid Lock.
1. Family Features
Firewalla offers a set of family-oriented features that make it easy to quickly block unwanted content from the internet. These features automatically identify and block inappropriate content for kids (or adults). You need to turn them on, and Firewalla will do its job.
Family Protect
Family Protect automatically blocks access to sites with pornographic and violent content. Turn it on by tapping the Family button on your Firewalla's main page or in the Features list, then toggling Family Protect on. You can choose which devices you apply it to.
We offer two different Family Protect modes:
- Native: This mode leverages Firewalla blocking features to give you full control over what to block right on the Firewalla box. When you turn on Native Family Protect, a set of default blocks will be automatically configured for you.
- 3rd-Party: This mode uses 3rd-party DNS services to filter content. Since this is a DNS service, it cannot be used with other DNS services, such as Unbound or DoH.
To learn more about Family Protect, consult the Family Protect article or watch our video tutorial for step-by-step instructions.
Safe Search
Safe Search automatically filters out offensive content in search results. It supports the most common search engines, including Google, Youtube, Bing, and DuckDuckGo.
Ad Block
Ad Block automatically blocks pop-up or embedded ads as much as possible in browsers and mobile apps. This also prevents ads from tracking your devices' web traffic.
Social Hour
Social Hour temporarily blocks social networking access for one hour on all devices. Just tap to turn it on and enjoy some family social time.
2. Basic Controls
Out of the box, we provide some basic controls that you can use to quickly manage network access on your kids' or employees' devices.
Users: Activity Tracking & Time Limits
Firewalla Users help you to organize devices and network activities by person. You can assign different devices to a User – for example, if your child has a phone, a tablet, and a laptop, you can assign them all to one User. Firewalla can show you when, what, and for how long each User is accessing certain apps on your network, such as watching YouTube or playing Roblox.
To create a user, tap Users on your box's main page, tap Create User, then either manually add devices or select an existing Device Group to build your User from.
You can control when and for how long each of your Users has access to certain apps with Time Limits. For example, you can limit your kids to 2 hours per day of Fortnite on weekends or set a daily 1-hour limit for YouTube or Netflix. To set a time limit from the User's detail page, scroll down and tap Add Time Limit under the activity chart, select an app, and set a daily or weekly time limit.
Blocking Shortcuts
Quickly block popular content and apps using blocking shortcuts for each device. With one tap, you can block or unblock access to video, gaming, social media, and apps like Facebook, TikTok, and more. These shortcuts always accurately reflect the status of the target, allowing you to easily see and control whether a target is blocked on a certain device, group, user, or network.
Pausing Rules
You can pause a rule from the rules detail screen if you'd like to disable it without having to delete or reschedule it. This is useful if you need to give your kid or employee temporary network access, such as an extra hour of gaming or 15 more minutes of YouTube access.
To customize the duration when pausing rules, tap into your rule and scroll down to Pause Rule. Tap Custom and choose either Pause For... or Pause Until... , select either a time duration or a time at which to resume the rule, and tap Done. A rule can also be paused for "Today," which means it will be paused until the end of the day. See our video tutorial for detailed instructions.
3. Advanced Controls
Firewalla also includes many sophisticated ways to observe and configure your network. You can create rules and policies based on specific target domains or activity categories, and apply them to individual devices or globally to all devices.
Specific and Specialized Rules
Firewalla's Rules have a comprehensive array of blocking options. You can block a specific activity category, including:
- Social networking
- Video
- Gaming
- Porn
- Gambling
- P2P
You can also define a specific target, such as:
- Domain name
- IP subnet
- Region
Better yet, you can specify the application:
- Discord
- Netflix
- Roblox
- Snapchat
- Tiktok
- YouTube
Once you have a target specified, you can then apply the rule to selected devices or everyone on your network.
Target Lists
Firewalla has a large database of dynamic security intel that your box can use to judge the risk of your connections. While this is usually enough to provide a reliable baseline of security for your family, we offer the Target List feature in case you have a lot of custom targets or want to use an existing pre-created target list. A Target List is a set of domains or IP addresses you can use as a rule target. If you create a rule to block a target list, the target list entries will always be blocked regardless of the site's reputation.
One way you can use Target Lists is to block a certain game by creating a list of its servers. For step-by-step instructions, refer to our article about Blocking Specific Games with Firewalla.
Scheduled Rules
You can also set a schedule for a rule to take effect. This allows you to manage internet access based on your kids' screen time rules. Through Firewalla, you can turn off some activities but allow your kids to do homework online, or turn off the internet entirely. It's all your choice.
For example, if you want to block a device from accessing Steam every week, Sunday to Thursday, from 9 PM to 7 AM, you can create a new rule for this device:
- Target: Domain -> "steampowered.com"
- Active Time: "Every Week; Sunday, Monday, Tuesday, Wednesday, Thursday; from 9 PM to 7 AM (next day)"
Emergency Access
Under each device/network detail page, there is an Emergency Access button to control whether a device's internet access is controlled by Firewalla. When turned on, it means Firewalla can no longer block you from accessing any site.
You can leverage this feature by scheduling Emergency Access to give kids extra hours. Similar to pausing rules, emergency access can be turned on for 15 minutes, 1 hour, always, or for any custom time period. At the end of the specified period, Emergency Access will automatically be turned back off. This way, you'll never forget to turn your kids' access rules back on.
4. Network Visibility
Firewalla's deep insights help you see what every device on your network is doing. Here are some examples of helpful things Firewalla can show you:
Alarms
Activity Alarms can tell you if people are playing games, watching videos, or visiting adult sites.
Online/Offline Alarms can tell when a known device rejoins and leaves your network. For example, you can see when your kids get home and connect their devices to the home network.
This type of alarm must be manually turned on from Device detail -> Status -> Notify me when offline/ back online.
Network Flows
Network Flows allows you to monitor what people are doing online remotely. To see what a device is doing, locate it from the device list, tap on its device name, and click "Network Flows." This shows what devices are doing and for how long. With a bit of knowledge of basic networking, you can detect and block any abnormal activities.
To focus on only the important flows, you can Exclude some traffic from view.
- Inbound Flows: Flows that are coming from outside. These are typically blocked.
- Blocked Flows: Flows that have been intercepted by Firewalla.
- System Noise: Excluding system noise will filter out background traffic on your OS system and commonly seen apps (including ads, tracking, telemetry, software updates, analytics, NTP, and public cloud services).
- Specified Target: Flows to or from a certain target.
You can also sort your flow history by a set of common categories: Gaming, Social, Video, Porn, and VPN. Simply tap one of these filters to apply it to your list of blocked flows. See our tutorial video for step-by-step instructions.
Firewalla looks at everything that is happening on your network. For example, our customers have discovered PS4s that were downloading pornography and routers that were "phoning home" extensively and sending suspicious amounts of data outside of the network.
5. Intercepting Smart Kids and Nosey Neighbors
If a new, unrecognized device joins your network, it can be hard to tell who or what it might be. It could be an unwelcome neighbor looking for free Wi-Fi, a guest trying to connect to the Internet, or a (very) smart kid attempting to get around their bedtime rules. With Firewalla, you can decide how much to trust unfamiliar devices. Here are some things you should be aware of:
- Private Addresses & New Device Quarantine
- Enforcing Your Policies: Cloud Private Relay, DoH Services, and VPNs
- Physical Security
- App Protection with Kid Lock
Private Addresses & New Device Quarantine
Android, iOS, and Windows have a feature called Private Addresses to protect consumers when they are on public Wi-Fi. Smart kids may try to get around your rules by turning on Private Addresses to hide their identity. Firewalla lets you shut off access to unknown devices using Rules and New Device Quarantine.
Enforcing Your Policies: Cloud Private Relay, DoH, and VPN
There are many different privacy-enhancing encryption services and features out there– unfortunately, clever kids might take advantage of them to get around Firewalla's monitoring capabilities. Here are some common privacy features that may cause issues on your network, and how you can get around them:
iCloud Private Relay
Like Private Addresses, Apple's iCloud Private Relay is another way of protecting your privacy on public Wi-Fi. However, using it on your home network means Firewalla has less information about network traffic than usual. You can disable Private Relay with a Rule without negatively affecting users and you will be able to have full visibility and enforce any rules or policies you wish. You can also block Apple Private Relay directly from the Native Family Protect page.
DoH Services
Some browsers provide DNS over HTTPS (DoH) features to encrypt DNS requests, hiding your device's web traffic. If a clever kid enables browser DoH, some of Firewalla's blocking rules may not work. To fix this problem, you can force users to use normal DNS by imposing a rule to block traffic to DoH/DoT servers using Firewalla's DoH Services Target List. You can also build your own Target List of specific DoH/DoT servers.
- Note that if you have Native Family Protect enabled, you can block DoH servers directly from the Family Protect page.
VPN Sites
Connecting to a VPN service that Firewalla does not manage also obscures your devices' network traffic. There are many different VPN services, and it can frustrating and time-consuming to stay on top of all of them. Fortunately, Firewalla's VPN-blocking capabilities are backed by dynamic security intel that's constantly updated.
- You can block VPN services directly from the Native Family Protect page.
For more information about DNS, see Firewalla DNS Services and Dealing DNS over HTTPS and DNS over TLS on your network.
Physical Security
No matter how strong your network security protocols are, you must still ensure your system is physically protected. Information Security is only as strong as the weakest link in your network. Here are some recommendations for how to physically secure your network:
- Peel off the license sticker on your Firewalla and store it in a safe place to prevent kids from pairing with the unit.
- Ensure kids have no physical access to the unit so they can't tinker with them.
- Please watch out for notifications in case kids power off the unit.
App Protection with Kid Lock
Kid Lock can lock the Firewalla App with Touch ID, Face ID, or a PIN Code to prevent kids who share or have access to your devices from accidentally changing network settings. This option is off by default. To turn it on, you can go to App Settings in the top right corner of the main page and tap "Kid Lock".
6. Protecting Kids while Traveling
Public Wi-Fi networks in airports, hotels, and other public places are often unsecured, making it easy for cybercriminals to intercept your kids' data and steal sensitive information. Additionally, you have no control over these networks, making it nearly impossible to enforce any activity limits or screen time rules. Firewalla can help you keep control over your family's network usage through:
Firewalla VPN Server
A VPN creates a secure and encrypted connection between your device and the internet. By using a VPN while traveling, you can have peace of mind knowing that your online activity is secure.
Firewalla offers a built-in VPN server that allows you to direct your devices' traffic through your home network no matter how you're connected to the Internet. By connecting back to your own Firewalla through a VPN, you get the same protections as you are at home, and all your home network rules are still in place.
A Trusted LAN with Firewalla Purple
Firewalla Purple is the perfect router and firewall to take on the go. With a Purple, it's easy to create a Trusted LAN no matter where in the world you are, giving you:
- The same level of protection you get at home, anywhere in the world.
- Easy access to your home devices without opening additional ports on your router.
- A simple way to connect all your devices to a VPN server.
- The ability to enforce restrictions on your kids' devices even when on holiday.
Read more about setting up a portable trusted LAN in our article about Traveling with Firewalla.
7. Example: Enforcing a schedule
Emily is entering 4th grade. Her parents set the following schedules and rules during school days:
- No online gaming or social media outside of open play hours (5-7 pm)
- Social apps, such as Tiktok, are not allowed
- Educational game apps, such as Prodigy, are allowed during school hours (8 am-4 pm)
- No Internet access from 7 pm until 8 am the next day
To enforce these rules, Emily's parents enable Ad Block, Family Protect, and Safe Search on Emily's device (or device group if she has multiple devices). Then, they add the following rules:
- Block all social sites from 7pm to 5pm the next day, every weekday
- Block all gaming sites from 7pm to 5pm the next day, every weekday
- Block all Internet access from 7pm to 8am the next day, every weekday
- Block TikTok
- Block porn
- Allow Prodigy from 8am to 4pm, every weekday
If you have any feedback for our team or suggestions for articles we should write, please don't hesitate to contact us at help@firewalla.com. We're always looking for ways to help you get more value from your Firewalla.
Comments
14 comments
How does the "Adult" filter work? Is this OpenDNS or something else?
The family mode is OpenDNS, fully DNS based
Porn block inside device control is both DNS and IP based controls. It will block faster, quicker, and done locally on your blue/red box.
People tend to turn on both ...
Under a devices "Network Flow" the "Apps" tab is always empty why is that? Upload Download and History all have content.
I have the following queries:
@ani
You should be able to create multiple rules to cover different times.
And there is no way to block search terms, those Firewalla can't see on the network.
Hello,
Is there anything to prevent turning off WiFi and using cellular data?
Can URL blocking policy be performed per device/IP and per user? Also, is the full set of 27 OpenDNS categories available for use in Firewalla gold?
The blocking policy can be per device, per group of devices (Gold, or you are on firewalla red/blue beta), and per network segment (gold only)
So is tiktok still an unknown or has it been added to one of the categories? Can I add new sites to the categories to simplify management?
Or are categories based on opendns categories and so those can't be changed?
tiktok is social networking. Categories are computed from various sources, so you can ask us to change anything, if it make sense, we can override
Is there a list available on all the apps you can block currently , and also is there a way to check under what category you place a certain site/ app ?
Where can I turn on "Kid Lock" in version 1.9731? I am not seeing it in the application.
I find that the ability to block a specific video game makes no sense, because my kids will just download a different game. And blocking "all known video games" leaves plenty of loopholes - they will just switch to lesser known games.
Which is why I take the whitelist approach - everything except for school stuff is always blocked, and I unblock it during "reward time" , after the homework and chores are done.
I would love an easier workflow for adding items to my target list - the kids access request a new educational web site, Firewalla captures all involved urls and suggests updates to the target list. I review the suggestions and save them.
Can more apps be blocked other than from the list? I would like to block certain game, example: Valorant, is that possible?
Please sign in to leave a comment.