A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network.
- The encrypted connection helps ensure that sensitive data is safely transmitted.
- It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.
At the heart of the Firewalla VPN, our goal is to ensure secure communication between two endpoints as if they are connected over a local network. To make this happen, firewalla provides two different services at no additional cost.
-
Firewalla VPN Server
- Secure access to your home or office network when you are outside/remote.
- Secure access to the internet when you are outside.
- Great for remote working from home and connecting back to the office.
- Great for traveling.
-
Firewalla VPN Client
- Connect to the internet via 3rd party VPN services seamlessly without installing VPN software.
- Client and server VPN to link home to work.
- A site-to-site VPN to link two sites together.
Using a combination of these two services, Firewalla can ensure the privacy and protection of your data. Here are some of the use cases. When using a VPN, the Firewalla IDS/IPS protections will still be active, so your network will be protected.
Firewalla VPN services (Server and Client) all run on the Firewalla box. If you want to hide from your ISP, you must subscribe to a 3rd party VPN service (and use Firewalla VPN client).
- Secure Access to Home Network
- Secure Access to the Office Network
- Connecting Multiple Networks
- Third-Party VPN
- VPN and Network Segmentation
- Summary of the VPN Capabilities
Secure Access to Home Network
When you are traveling, working at Starbucks, or using a network that may be snooped upon, connecting back to a safe place is the best solution. By connecting to the Firewalla VPN server at home, you can securely access your home devices, as well as surf the internet as if you are at home.
Problem/Risks
- You do not know who is watching you when you are using public Wifi or Wifi owned by someone else.
Solution
- Install Firewalla at home, and enable VPN Server
- Install a VPN client on your phone and/or laptop
- Your network traffic will always be encrypted first and sent to your home before reaching its destination.
- It will be like accessing the network from home, and you also have full access to devices at home.
Secure Access to the Office Network
If you are working from home and need to access office devices, such as security cameras, file servers, etc, VPN is the best solution.
Problem/Risks
- You have important business-related data that should be protected. You do not want this to be visible to the public network (including your service provider).
Solution
- Install Firewalla at work, and enable VPN Server
- Install the OpenVPN client on your laptop or Phone.
- You can also install Firewalla at home and enable VPN Client, allowing you to connect any device to the office.
- Your network traffic will always be encrypted first and sent to your office before reaching its destination.
(Firewalla also supports WireGuard protocol)
Connecting Multiple Networks
If you manage multiple offices or homes, you can securely connect them over encrypted links. This allows devices and services, such as file servers, printers, cameras, and internal applications, to be accessed bi-directionally between sites, as if they were on the same local network.
Problem/Risks
- You have multiple offices (or home offices), and you want resources shared between the offices securely
Solution
- Install a Firewalla box at each site.
- Connect them using either:
Both options use encrypted tunnels and Firewalla's internal DDNS, so they continue working even if your ISP changes your public IP address; no manual updates are required.
When to use Site to Site VPN or MSP VPN Mesh?
Both solutions are reliable and secure, but they are designed for different network topologies and management preferences.
- Ideal for connecting a few sites to access data or devices across site pairs.
- Requires manual setup for each VPN connection and doesn't scale as easily.
- Provides more control over VPN traffic, including Internet Outbound configurations and Policy-Based Routing.
- Ideal for connecting many sites and sharing LAN-based resources.
- Easiest setup; mesh connections are created automatically and scale as sites grow.
- Less control over VPN traffic; Internet Outbound configurations or Policy-Based Routing are not supported.
- Requires Firewalla MSP for centralized management of multiple Firewalla Boxes.
Third-Party VPN
If you are using third-party VPNs to shield your data from ISP / Government and want more devices (even those who can't install VPN client) to use the same service, you should use the Firewalla VPN Client feature.
Firewalla does NOT provide the 3rd party VPN service.
Problem/Risks:
- You want to shield your data from ISP or Government.
- Your company/school requires you to use VPN when working from home or taking online courses.
- You have IoT devices that can not install VPN Client software (e.g. Apple TV), yet you want to have them access the network via VPN.
Solution
- Install Firewalla at home
- Firewalla supports OpenVPN, WireGuard, AnyConnect, and IPsec (MSP only) VPN protocols.
You can sign up for a 3rd party VPN service, including:- NordVPN
- ExpressVPN
- Smart DNS Proxy
- IPVanish VPN
- PureVPN
- Many others are also supported; we have not tested them all.
- Use the Firewalla VPN Client feature to tunnel any device to the VPN server
VPN and Network Segmentation
The Firewalla Gold/Purple will allow you to create network segmentation and configure VPN at the individual segment level. For example, to make working from home more convenient, you can dedicate one port as a VPN network segment, and when you access that segment, you are directly connected to your office through the Firewalla VPN client/server.
Summary of the VPN Capabilities
| Firewalla Red | Firewalla Blue/Blue Plus | Firewalla Gold/Purple | |
| VPN Client | Yes | Yes | Yes |
| VPN Server | Yes | Yes | Yes |
| VPN Site-to-Site | Client Only | Client & Server | Client & Server |
| Segmentation | No | No | Yes |
Comments
1 comment
I have got the VPN client to work just fine with Private Internet Access using OpenVPN.
Please sign in to leave a comment.