Firewalla's mission is to make managing different types of network activities more effective and convenient. Whether you're at home controlling your kid's internet access or at work supervising your employee's activities, we want you to have complete visibility and control.
- Family Features
- Basic Controls
- Advanced Controls
- Network Visibility
- Intercepting Smart Kids and Nosey Neighbors
- Example: Enforcing a schedule
1. Family Features
Firewalla offers a set of family-oriented features that make it easy to quickly block unwanted content from the internet. These features automatically identify and block inappropriate content for kids (or adults). You need to turn them on, and Firewalla will do its job.
Family Protect automatically blocks access to sites with pornographic and violent content. Turn it on by tapping the Family button on your Firewalla's main page or in the Features list, then toggling Family Protect on. You can choose which devices you apply it to.
We offer two different Family Protect modes:
- Native: This mode leverages Firewalla blocking features to give you full control over what to block right on the Firewalla box. When you turn on Native Family Protect, a set of default blocks will be automatically configured for you.
- 3rd-Party: This mode uses 3rd-party DNS services to filter content. Since this is a DNS service, it cannot be used with other DNS services, such as Unbound or DoH.
Safe Search automatically filters out offensive content in search results. It supports the most common search engines, including Google, Youtube, Bing, and DuckDuckGo.
Ad Block automatically blocks pop-up or embedded ads as much as possible in browsers and mobile apps. This also prevents ads from tracking your devices' web traffic.
Social Hour temporarily blocks social networking access for one hour on all devices. Just tap to turn it on and enjoy some family social time.
2. Basic Controls
Out of the box, we provide some basic controls that you can use to quickly manage network access on your kids' or employees' devices.
Device Groups allow you to manage devices with the same policies. This can be very useful if your kids or employees have multiple devices that need the same network access. To create a group, navigate to the Devices List by tapping on the Devices button on the main screen. Then, tap Create Group, enter a group name, then add your devices.
Once a device group is created, it will be listed under Devices. You will be able to manage the device group similar to managing a device, including adding rules, viewing network history, etc.
Quickly block popular content and apps using the blocking shortcuts conveniently located on your device's detail screen. With one tap, you can block permanently, block for an hour, or unblock access to video, gaming, social media, and apps like Facebook, TikTok, and more.
You can pause a rule from the rules detail screen if you'd like to disable it without having to delete or reschedule it. This is useful if you need to give your kid or employee temporary network access, such as an extra hour of gaming or 15 more minutes of YouTube access.
To customize the duration when pausing rules, tap into your rule and scroll down to Pause Rule. Tap Custom and choose either Pause For... or Pause Until... , select either a time duration or a time at which to resume the rule, and tap Done. A rule can also be paused for "Today," which means it will be paused until the end of the day. See our video tutorial for detailed instructions.
3. Advanced Controls
Firewalla also includes many sophisticated ways to observe and configure your network. You can create rules and policies based on specific target domains or activity categories, and apply them to individual devices or globally to all devices.
Specific and Specialized Rules
Firewalla's Rules have a comprehensive array of blocking options. You can block a specific activity category, including:
- Social networking
You can also define a specific target, such as:
- Domain name
- IP subnet
Better yet, you can specify the application:
Once you have a target specified, you can then apply the rule to selected devices or everyone on your network.
Firewalla has a large database of dynamic security intel that your box can use to judge the risk of your connections. While this is usually enough to provide a reliable baseline of security for your family, we offer the Target List feature in case you have a lot of custom targets or want to use an existing pre-created target list. A Target List is a set of domains or IP addresses you can use as a rule target. If you create a rule to block a target list, the target list entries will always be blocked regardless of the site's reputation.
One way you can use Target Lists is to block a certain game by creating a list of its servers. For step-by-step instructions, refer to our article about Blocking Specific Games with Firewalla.
You can also set a schedule for a rule to take effect. This allows you to manage internet access based on your kids' screen time rules. Through Firewalla, you can turn off some activities but allow your kids to do homework online, or turn off the internet entirely. It's all your choice.
For example, if you want to block a device from accessing Steam every week, Sunday to Thursday, from 9 PM to 7 AM, you can create a new rule for this device:
- Target: Domain -> "steampowered.com"
- Active Time: "Every Week; Sunday, Monday, Tuesday, Wednesday, Thursday; from 9 PM to 7 AM (next day)"
Under each device/network detail page, there is an Emergency Access button to control whether a device's internet access is controlled by Firewalla. When turned on, it means Firewalla can no longer block you from accessing any site.
You can leverage this feature by scheduling Emergency Access to give kids extra hours. Similar to pausing rules, emergency access can be turned on for 15 minutes, 1 hour, always, or for any custom time period. At the end of the specified period, Emergency Access will automatically be turned back off. This way, you'll never forget to turn your kids' access rules back on.
4. Network Visibility
Firewalla's deep insights help you see what every device on your network is doing. Here are some examples of helpful things Firewalla can show you:
Activity Alarms can tell you if people are playing games, watching videos, or visiting adult sites.
Online/Offline Alarms can tell when a known device rejoins and leaves your network. For example, you can see when your kids get home and connect their devices to the home network.
This type of alarm must be manually turned on from Device detail -> Status -> Notify me when offline/ back online.
Network Flows allows you to monitor what people are doing online remotely. To see what a device is doing, locate it from the device list, tap on its device name, and click "Network Flows." This shows what devices are doing and for how long. With a bit of knowledge of basic networking, you can detect and block any abnormal activities.
To focus on only the important flows, you can Exclude some traffic from view.
- Inbound Flows: Flows that are coming from outside. These are typically blocked.
- Blocked Flows: Flows that have been intercepted by Firewalla.
- System Noise: Excluding system noise will filter out background traffic on your OS system and commonly seen apps (including ads, tracking, telemetry, software updates, analytics, NTP, and public cloud services).
- Specified Target: Flows to or from a certain target.
You can also sort your flow history by a set of common categories: Gaming, Social, Video, Porn, and VPN. Simply tap one of these filters to apply it to your list of blocked flows. See our tutorial video for step-by-step instructions.
Firewalla looks at everything that is happening on your network. For example, our customers have discovered PS4s that were downloading pornography and routers that were "phoning home" extensively and sending suspicious amounts of data outside of the network.
5. Intercepting Smart Kids and Nosey Neighbors
If a new, unrecognized device joins your network, it can be hard to tell who or what it might be. It could be an unwelcome neighbor looking for free Wi-Fi, a guest trying to connect to the Internet, or a (very) smart kid attempting to get around their bedtime rules. With Firewalla, you can decide how much to trust unfamiliar devices. Here are some things you should be aware of:
- Private Addresses & New Device Quarantine
- Enforcing Your Policies: Cloud Private Relay, DoH Services, and VPNs
- Physical Security
- App Protection with Kid Lock
Private Addresses & New Device Quarantine
Android, iOS, and Windows have a feature called Private Addresses to protect consumers when they are on public Wi-Fi. Smart kids may try to get around your rules by turning on Private Addresses to hide their identity. Firewalla lets you shut off access to unknown devices using Rules and New Device Quarantine.
Enforcing Your Policies: Cloud Private Relay, DoH, and VPN
There are many different privacy-enhancing encryption services and features out there– unfortunately, clever kids might take advantage of them to get around Firewalla's monitoring capabilities. Here are some common privacy features that may cause issues on your network, and how you can get around them:
iCloud Private Relay
Like Private Addresses, Apple's iCloud Private Relay is another way of protecting your privacy on public Wi-Fi. However, using it on your home network means Firewalla has less information about network traffic than usual. You can disable Private Relay with a Rule without negatively affecting users and you will be able to have full visibility and enforce any rules or policies you wish. You can also block Apple Private Relay directly from the Native Family Protect page.
Some browsers provide DNS over HTTPS (DoH) features to encrypt DNS requests, hiding your device's web traffic. If a clever kid enables browser DoH, some of Firewalla's blocking rules may not work. To fix this problem, you can force users to use normal DNS by imposing a rule to block traffic to DoH/DoT servers using Firewalla's DoH Services Target List. You can also build your own Target List of specific DoH/DoT servers.
- Note that if you have Native Family Protect enabled, you can block DoH servers directly from the Family Protect page.
Connecting to a VPN service that Firewalla does not manage also obscures your devices' network traffic. There are many different VPN services, and it can frustrating and time-consuming to stay on top of all of them. Fortunately, Firewalla's VPN-blocking capabilities are backed by dynamic security intel that's constantly updated.
- You can block VPN services directly from the Native Family Protect page.
No matter how strong your network security protocols are, you must still ensure your system is physically protected. Information Security is only as strong as the weakest link in your network. Here are some recommendations for how to physically secure your network:
- Peel off the license sticker on your Firewalla and store it in a safe place to prevent kids from pairing with the unit.
- Ensure kids have no physical access to the unit so they can't tinker with them.
- Please watch out for notifications in case kids power off the unit.
App Protection with Kid Lock
Kid Lock can lock the Firewalla App with Touch ID, Face ID, or a PIN Code to prevent kids who share or have access to your devices from accidentally changing network settings. This option is off by default. To turn it on, you can go to App Settings in the top right corner of the main page and tap "Kid Lock".
6. Example: Enforcing a schedule
Emily is entering 4th grade. Her parents set the following schedules and rules during school days:
- No online gaming or social media outside of open play hours (5-7 pm)
- Social apps, such as Tiktok, are not allowed
- Educational game apps, such as Prodigy, are allowed during school hours (8 am-4 pm)
- No Internet access from 7 pm until 8 am the next day
- Block all social sites from 7pm to 5pm the next day, every weekday
- Block all gaming sites from 7pm to 5pm the next day, every weekday
- Block all Internet access from 7pm to 8am the next day, every weekday
- Block TikTok
- Block porn
- Allow Prodigy from 8am to 4pm, every weekday
If you have any feedback for our team or suggestions for articles we should write, please don't hesitate to contact us at email@example.com. We're always looking for ways to help you get more value from your Firewalla.