Please note that support for Simple/DHCP Mode may be reduced soon. If you have a Gold or Purple, we highly recommend using Bridge or Router Mode.
To use Firewalla in DHCP Mode, it'll require you to disable DHCP service on Routers. For routers that don't provide an option to turn off the built-in DHCP service, here is a simple workaround.
A small article on Simple mode vs. DHCP mode
Step 2: Setup Firewalla in DHCP Mode
Step 3: Configure your Router (Example: Xfinity XB6)
Step 1: Connect Firewalla
Connect Firewalla to the Router. Connect Power. And wait for 5 to 7 min.
Step 2: Setup Firewalla in DHCP Mode
Launch the App, before starting to set up, pick "Manual Setup" => "DHCP Mode"
Step 3: Configure Your Router
Take Xfinity XB6 as an example here.
Login Router and Tap on Connected Devices
Step 3-1: Reserve an IP for Firewalla
Write down the IP of Firewalla, e.g. 10.0.0.237 (yours will be different)
Step 3-2: Limit DHCP
Tap on Connection->Local IP Network and limit the IP range to Firewalla IP Address (you got from step 3-1)
Original IP range:
Change both Beginning Address and Ending Address to Firewalla's IP Address:
Note: If your router does not allow you to create a DHCP range with the same start and end address, you'll need to reserve an IP address for a fake device.
In this example:
Set DHCP Beginning Address: 10.0.0.237, DHCP Ending Address: 10.0.0.238. Then reserve IP Address 10.0.0.237 for Firewalla, and also reserve IP Address 10.0.0.238 for a fake device with a mac address that is not in your network.
Step 4: Connect your Devices
Now you may need to reboot or wait for devices to start getting the 192.168.218.x address.
Notes on IPv6:
Some providers don't allow the router to fully disable or limit IPv6. When this happens, Firewalla will not be able to manage any site that's IPv6. Resulting in you can't see traffic or block any IPv6 sites. We are working on a solution, this may take a while. For example, if you block Firewalla.com it will work, but block google.com will not.
Example: Eero
Step 1:
You will need to configure the eero in manual, IP; Eero for some strange reason doesn't allow reserving 1 IP but a minimum of 9 IP addresses.
You can use any of the options in the Eero interface for IP address prefix, this is just an example.
After this is done, bring up the Firewalla and then change it to DHCP mode. Your Firewalla will be in the range of 10.110.1.240 to .249.
Next, you will need to start "pre-reserving" these IP, you will have to reserve all of these with fake MAC addresses. And make sure one of them is Firewalla.
If you need help generating mac addresses, you can use a tool like https://dnschecker.org/mac-address-generator.php
After you have done all the reservations, your existing devices should either start to migrate these when their DHCP lease expires or you can power off and on them to do the migration.
Comments
14 comments
Today I have my Xfinity Gateway replaced because it was faulty, and for some reason this "tricky" no long works by
change both Beginning Address and Ending Address to Firewalla's IP Address... It says that the Beginning and Ending Address cannot be the same !
I think they send me with new firmware, because the gateway looks like the same as the old one!
What is the model of the xfinity gateway?
Hi there, follow the information about the gateway:
Gateway: Xfinity XB3
The DPC3941T should fully compatible with Simple mode. Are you having problems with it?
I'm running it with simple mode with no problem !
But if you desire to run it in DHCP mode, probably due a gateway firmware update it doesn't allow you to do this trick by set the IP range the same start and end.
My old gateway (same model) I was able to do this!
Thanks!
Correct. This no longer works on the XB6 as well.
@peter, any details on why it is not working on the XB6?
Same reason as posted above. No longer able to set the IP range to the same start and end. Work around may be putting device in bridge mode and using a supported router.
Peter, interesting. So the new firmware forcing at least 2 devices in DHCP? if that's the case, the method may also work (one device may not be able to be monitored).
Also, if you can, please try the "experimental simple mode" (you will need to turn on DHCP on your router first). Experimental simple mode is a set of customized fixes, that may make the router work.
Hi Firewalla team, so by set DHCP Beginning Address: 10.0.0.237, DHCP Ending Address: 10.0.0.238... on XB6 and assign the 10.0.0.238 to a fake device will work on IPV4 !
What about the IPV6 that XB6 will not allow to disable it ?
Any solution for this case ? I can perform any test with my XB6 if needed, just let me know how to proceed!
Thank you !
I attempted to install with a XB3 in DHCP mode. I'm able to connect to the device, configure it. I then reserved the address (10.0.0.10) , and reserved a Fake one (10.0.0.11). Everything still working ok. Some devices already getting a 192 address from the Firewalla. I then set the DHCP range to just the two devices. At this point I loose internet connection from the devices with 192 addresses and I'm unable to connect to the Firewalla from the phone on cellular. I opened the DHCP pool again, 10.0.0.5-150, and it starts working.
Any thoughts on this, ideas on what I should try?
@joe can you send an email to help@firewalla.com so we can help you take a look at the problem?
Update on what I found. Working with the tg1682g, When I'd reduce the DHCP pool to less than 15 devices, the unit would stop forwarding/ routing DNS queries. I was able to ping from my laptop, and the Modem could resolve from the test page, however no device inside the network could resolve a DNS, if the DHCP pool was less than 15 devices. I tried it using DHCP range of 10.0.0.10 to 10.0.0.25 and 10.0.0.210 to 10.0.0.225, with the same results. The only device I had connected was my laptop, wired, with WiFi on the modem off.
I ended up simply reserving 14 addresses, and using the Firewalla in DHCP mode. Unfortunately there continued to be issues with the Firewalla dropping out, or not giving out addresses very consistently. Most importantly the Comcast modem would give out IPv6 addresses and the devices would just work and ignore the DNS from the Firewalla (open DNS) being used to additionally prevent porn and other unsafe searches. Hopefully the Firewalla gets IPv6 support soon.
So I have this modem https://www.rogers.com/customer/support/article/learn-more-about-the-rogers-ignite-modem
Will the Firewalla Blue work? I don't think I can disable DHCP on it., but I can edit the LAN start and end ranges for DHCP.
Do you think this would still work? I think this is the model info for it:
Technicolor CGM4140COM
Rev 2.2
Please sign in to leave a comment.