This is focused on Firewalla Blue series.
- If you have a Firewalla Gold series box, please see this article
- If you have a Firewalla Purple series box, please see this article
Most of the time, Google (or Nest) Wifi (Mesh) should work perfectly with Simple mode. And unfortunately, there are cases where the simple model may cause Google Wifi to lose DNS capability. Until we (or Google) fixes this problem, here is a simple workaround to enable DHCP mode on Google Wifi.
This guide is in Beta, and for advanced users only. Please be aware that after this setup, the satellites sometimes may appear as "offline" in the Google Wifi app, but actually, the satellites are working.
Firewalla IP address: 192.168.86.25
Google Wifi's satellite points: S1(192.168.86.123), S2(192.168.86.160)
Step 1. Change Firewalla monitoring mode to "DHCP Mode".
Step 2. Take a note for Firewalla's IP and MAC address, e.g., 192.168.86.25, 02:01:B0:40:03:8B
Step 3. Open network settings in Google Wifi mobile app. Change DHCP address pool size to 1, which only contains Firewalla's IP address, e.g., starting IP 192.168.86.25 - Ending IP 192.168.86.25
Step 4. Add DHCP reservation for Firewalla in Google Wifi mobile app. Use Firewalla's MAC address noted in Step 1 to identify Firewalla in Google Wifi mobile app.
Step 5. Open Firewalla App, set Google Wifi's satellite points to "Monitoring Off".
I have been playing with this, and have found better luck by making a few tweaks, most significantly I have found that the Onhub and its meshed points are happier (more stable, better throughput and a better ability to reconnect if disconnected) if they all sit on the same subnet. Instead of having a single IP available on the native Google Wi-Fi subnet, I suggest have the meshed points on this network as well. 192.168.1.1 for primary router, 1.2 for meshed point A, 1.3 for meshed point B, (etc) and 1.4 for Firewalla.
Best practice for doing this is:
1. Unplug all lan side cables (keep the ISP connection plugged in)
2. Change WiFi SSID or P/W so devices are booted from network.
3. Change internal ip range (example 192.168.86.x to 192.168.1.x) and also limit IPs. Essentially this is number of meshed nodes + Firewalla, or 3 usable IPs for a 3 node mesh network. If you don't change the network range, you will find Google will continue to assign out IPs, ignoring the limitations you put in place. You may also find that your meshed points are not given sequential local addresses which is important.
4. Reboot, validate that you have a new IP range. (Pro-tip, you configure Google Wi-Fi over the public internet and not the LAN, so use a cellular connection to keep your phone from grabbing a local IP)
5. Plug in Firewalla and allow it to boot.
6. Ensure monitoring it turned off for meshed points. (This may be important, may not be but I would not skip it)
7. Reserve Firewalla's IP in Google app. (likely .4)
8. Reboot again, and verify setting in Google Wi-Fi have taken.
9. Ensure that Firewalla is in DHCP mode.
10. Plug in wired ethernet devices.
11. Change back SSID/PW do wireless devices can reconnect.
12. You may want to reboot both Firewalla and Google Wi-Fi- the Google Wi-Fi reboot will trigger wireless devices that did not automatically reconnect themselves to get back onto the network.
How do you reserve an up for the satellites that are hard wired? Assuming I'll have to unplug the main link to them first, then perform the reboots?
For most of the critical stuff I use a wired network and want to reserve IP (servers etc) and they keep taking a Google ip space, not firewalla IP.
This has been a nightmare:/ with probably 100 ips in the house (smart lights, Sonos, etc.)
The write up from @robrodier should still be valid; If you put the satellites into a not monitored mode, they will get the primary subnet's IP address.
Sorry, newbie question here - if I follow either the recommended steps or the steps suggested by @robrodier, I obviously end up kicking myself (i.e. my iPhone) off of the network and when resorting to logging into the GWifi app from my cellular connection, none of the critical settings (LAN, DHCP reservations etc) are available in the app anymore. Is there a way to mitigate or get around that issue pls? Thanks!
one of the steps needed from above is to turn monitoring off for the satellites. When you do that, firewalla will automatically set the satellites to the same network as the main unit. (turn monitor off, and reboot the satellites)
Do I need to reserve the IPs in the Google WiFi app for my Google Nest WiFi points? I was able to successfully reserve the IP for my Firewalla Blue but I cant seem to find the Nest APs on the list in the Google WiFi app. What happens if don't do this and there is a power outage or a DHCP lease renewal cycle...? Doesn't that mean that it's possible one of my points will loose the priority and some other random device may take it's IP -- hereby making it so the new device will not be monitored by firewalla or in general really messing up my network due to my point getting some other random IP?
My setup is:
192.168.1.1 (Main Google Nest WiFi router)
192.168.1.10 (Google Nest Wifi Point 1)
192.168.1.11 (Google Nest Wifi Point 2)
192.168.1.12 (Google Nest Wifi Point 3)
192.168.1.13 (Firewalla Blue)
Google LAN settings
DHCP Start: 192.168.1.10
DHCP End: 18.104.22.168
IP Address 192.168.2.1
DHCP End: 192.168.2.250
Thank you for the writeup on enabling DHCP mode on Firewalla for Google WiFi.
Simple mode kept breaking Google WiFi. It would lose all network connectivity to the WAN, and display a red light.
Changing to DHCP mode fixed it all. I also used your guide for making the overlay network use my existing IP subnet address. Worked well also.
Hey folks, just some updated feedback. With the latest version of the Google Wifi app - I don't believe you need the MAC address of Firewalla. That was my experience, at least. Google now seems to recognize the Firewalla device (in my case, Blue) and picks up the MAC automatically. It also allows you to choose a different IP address, although I found that I did not need to. Google also recommends rebooting or disconnecting and reconnecting the device you created the DHCP reservation for. A simple reboot through the Firewalla device did the trick for me!
Having some good luck with this setup so far, using Google Wifi Gen 1 3-pack.
After grinding away at settings for an evening I'm in my first 24 hours of solid operation still, including yanking power to test how everything would come back online afterwards. Fingers crossed that this recipe works out for others too.
First, you will need to fully set up your Google network first and only then get to the Firewalla work. I bit the bullet and did a factory reset (press the button, plug in the power cable & hold for 10 seconds till the light goes blue). After successfully getting both remote hubs onto a fresh setup you can do the necessary network settings.
One important note is that there are actually 2 network ports for each additional mesh hub.. a primary wifi port and a backhaul (via WAN or Mesh connection) and each is desired to be set by the primary Google Hub. I believe this may be part of the issue when setting up DHCP mode but still getting network hangs after a few days.
A second important note is when freshly setting up a Firewalla you might want to open the DHCP pool to: 192.168.86.2 - 6 after the hubs are online. When you get the Firewalla online then don't forget to put Google back to .2 - .5 as it should ONLY be provisioning IPs for it's own devices.
The theory behind the setup below is to allow 2 DHCP servers on the network. The primary one filled up with reservations across it's entire range. The secondary is the firewalla and it can provision IP's with the settings it needs to monitor/control traffic. There may be a slight delay when a new device first connects as it may get a response from the Google DHCP telling it there are no more addresses.. but eventually the Firewalla will get it's chance and provision the new device correctly.
Here's my setup:
I'm using Google Home (since Google Wifi app is being deprecated) and Alpha Release 1.972
Internet WAN --> Google Hub 1 (192.168.86.1) --> Switch --> Firewalla Blue+ (.86.6)
∞-> Google Hub 2 (.86.2)
∞-> Google Hub 3 (.86.3)
Google Hub Network settings:
DHCP pool: 192.168.86.2 - 5 <--Only enough to cover the Google hubs
DHCP reservations: <-- The Devices list on the setup app should show 5 devices..
Hub 2 : 192.168.86.2
Hub 3 : .86.3
ChromeOS device : 192.168.86.4 (Hub 2's mesh backhaul gets its own IP)
ChromeOS device : 192.168.86.5 (Hub 3's mesh backhaul gets its own IP)
Firewalla Network settings:
IP: .86.6 | 255.255.255.0
DNS: 22.214.171.124 / 126.96.36.199
DHCP Pool: .86.30 - 251
IP: .86.7 | 255.255.255.0
DHCP Pool: .86.30 - 251
DNS: 192.168.86.6 / 188.8.131.52 <-- Network devices using DHCP get DNS from Firewalla
Again, make sure to set up Google's network first and it's all online and working fine.
Let me know if you use this setup and if it works out for you! Have fun!
Thanks Brian, this is super helpful.
Are you using VLANs by any chance? Trying to understand if DHCP mode w/ Google Wifi is my solution to not replacing all my AP's. I have managed switches and need Firewalla to be able to manage the VLANs.
Please sign in to leave a comment.