Please only try this if you have and can flash an SD card: https://help.firewalla.com/hc/en-us/articles/115004705654-Tutorial-Remote-support
Warning, if you change these pre-defined IP addresses, you may run into issues when moving out from beta to production.
This article only applies to Firewalla Red, Blue, and Blue Plus. Firewalla Gold has one subnet in DHCP Mode , which is the same subnet as your router's previous DHCP setup.
If you want to keep all your devices' IP subnet addresses unchanged while using DHCP Mode , please follow this guide. There are two different methods:
Please note that support for DHCP Mode may be reduced soon. If you are able to switch to a Purple or Gold in Bridge or Router Mode, we highly recommend doing so.
Method 1: Keep one Subnet (seamless migration)
In this method, we try not to change your router's DHCP configuration and use the trick of making Firewalla a default gateway to route traffic.
1. Turn on DHCP Mode on Firewalla
Follow the instruction in Switch to DHCP to turn on Firewalla DHCP mode first.
2. Change the Firewalla Overlay Network Setting
In this example, assume your original router IP address was 192.168.86.1, and all your devices' IP address range is 192.168.86.100 ~ 192.168.86.200.
In the Firewalla app, go to Settings -> Advanced -> Network Settings -> OVERLAY NETWORK section and change the DHCP address pool to match the old subnet setting that you have in your router. In this case, change to 192.168.86.100 ~ 192.168.86.200. Also, change the overlay network IP address to something in the same subnet, such as 192.168.86.254. Here, the overlay network IP address is the secondary IP address assigned to your Firewalla box. Note: Make sure it is not in conflict with any existing device's IP address (including Firewalla's) in your network.
Also, make sure the DNS server is set to a public DNS server such as Cloudflare (1.1.1.1), Google (8.8.8.8), or Cisco (208.67.222.222).
3. Turn off DHCP Server on your router
Detail instruction is already mentioned in the Switch to DHCP guide. Mentioned it again to emphasize the importance. Please record your router's IP address (should be like 192.168.x.1 or 10.x.x.1) before turning off the DHCP server. In case anything goes wrong, you will need to manually configure a static IP on your PC/Mac/Pad to get back access to your router.
4. Have all devices rejoin the network
Have all the devices connected to your home router rejoin the network in order to get the new IP address assigned by the Firewalla DHCP service (you can either turn off/on airplane mode on your mobile devices or simply reboot your devices).
5. Additional Configuration
To capture all incoming packets, you will need to change all devices' port forwarding on your original router to target the Firewalla primary network. Then on Firewalla, configure the port forwarding to point them to the right host.
If you have static IPs on some of your devices, you will need to change the default gateway on your device to the Firewalla overlay IP address. In the above example, 192.168.86.254.
If you have a VPN server feature enabled, you will need to change the VPN connection port forwarding on your original router to target the Firewalla overlay network. In the above example, 192.168.86.254.
Method 2: Swap two Subnets
1. Change your router Subnet
Login to your router admin page and change the router's IP address to a new subnet.
In this example, assume your original router IP address was 192.168.86.1, and you changed it to 192.168.100.1. Your router's subnet has changed from 192.168.86.x to 192.168.100.x.
2. Reboot Firewalla
Firewalla will be able to pick up the new IP address.
3. Turn on DHCP mode on Firewalla
Follow the instruction in Switch to DHCP to turn on Firewalla DHCP mode first.
4. Change the Firewalla Overlay Network Setting
In the Firewalla app, go to Settings -> Advanced -> Network Settings -> OVERLAY NETWORK section and change the DHCP address pool to match the old subnet setting that you have in your router. In this case, change to 192.168.86.100 ~ 192.168.86.200. Also, change the overlay network IP address to something in the same subnet, such as 192.168.86.1. Here, the overlay network IP address is the secondary IP address assigned to your Firewalla box. Note: Make sure it is not in conflict with any existing device's IP address in your network.
Also, make sure the DNS server is set to a public DNS server such as Cloudflare (1.1.1.1), Google (8.8.8.8), or Cisco (208.67.222.222).
5. Turn off the DHCP Server on your router
Detail instruction is already mentioned in the Switch to DHCP guide. Mentioned it again to emphasize the importance. Please record your router's IP address (should be like 192.168.x.1 or 10.x.x.1) before turning off the DHCP server. In case anything goes wrong, you will need to manually configure a static IP on your PC/Mac/Pad to get back access to your router.
6. Additional Configuration
To capture all incoming packets, you will need to change all existing port forwarding on your original router to target Firewalla. And then on Firewalla to forward them to the right host.
Comments
2 comments
When can we expect this in the production release? (Aka, I went hunting for every reference of 192.168.218.x, found a bunch, found a ./.firewalla-something-save(?), then after about 30 minutes realized I should have probably imaged the sd card first. I can re-image the sd card, but if you're ready to push to to prod I'll chill for a bit before fixing my box.) (btw, loved hunting down all the monkey test files...) (PPS... bang up job, got two reds and a blue, love them, keep at it!)
I don't use DHCP on my router but have my own DHCP server since I like to manage what IPs are assigned to which device. Is there a mode where firewalla has an ip on the existing subnet and I just modify my DHCP config to point to the firewalla ip as the gateway ip? Of course, someone can just bypass firewalla by manually setting the gateway ip back.
Please sign in to leave a comment.