The default network settings should work out of the box for most of the time, but sometimes you may want to tweak the network settings to meet your own need. Configuring network settings requires you to have basic knowledge of networking. Send email to firstname.lastname@example.org at any time if you need help.
You can find the UI to configure network settings by Settings -> Advanced -> Network Settings.
In Simple Mode, two network interfaces will be listed: Primary Network and VPN Server Network. In DHCP Mode, three network interfaces will be listed: Primary Network, overlay network, and VPN Server Network.
Simple Mode Network Settings
Primary Network describes the network information of your network as well as Firewalla Box's IP Address.
- You can set a static IP address for Firewalla so that it will always use the same IP address.
- If you want to force the entire network to use a customized DNS server, you can configure it in the DNS section.
- It's also supported to change the subnet mask or gateway, but be extremely careful when changing them, make sure they are correctly edited, otherwise, you may lose the access to Firewalla.
VPN Server Network:
VPN Server Network is the subnet for any VPN client connecting to Firewalla VPN server, each client will get an IP address allocated in this subnet. The subnet is randomly generated by Firewalla and it's not configurable. This section only shows up when VPN Server feature is enabled.
DHCP Mode Network Settings
In DHCP Mode, Overlay network is the network that all monitored devices connect to, and the primary network is the network that all unmonitored devices connect to. Firewalla DHCP service will automatically allocate devices to these two networks based on monitoring configuration.
Primary Network configures the network setup for all unmonitored devices. When Firewalla DHCP service replies device's DHCP request, it will pass the network setup to the device. By default, it inherits the settings from your router.
Overlay Network configures the network setup for all monitored devices. When Firewalla DHCP service replies device's DHCP request, it will pass the network setup to the device. By default, the overlay network uses 192.168.218.0/24, you may change it to other network subnets.
Specially, you can make the overlay network use the same subnet as the primary network. so that your devices can keep IP address unchanged when moving to overlay network for monitoring.
Be aware that unless overlay network has the same subnet as primary, devices need to re-join the network to pick up new network settings from Firewalla.
VPN Server Network:
VPN Server Network is the subnet for any VPN client connecting to Firewalla VPN server, each client will get an IP address allocated in this subnet. The subnet is randomly generated by Firewalla and it's not configurable.