Firewalla VPN Introduction

A virtual private network, or VPN, is an encrypted connection over the Internet from a device to a network.

• The encrypted connection helps ensure that sensitive data is safely transmitted.
• It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely.

At the heart of the Firewalla VPN, our goal is to ensure secure communication between two endpoints as if they are connected over a local network. To make this happen, firewalla provides two different kinds of services, at no additional cost.

• Firewalla VPN Server
  • Secure access to your home or office network when you are outside/remote.
  • Secure access to the internet when you are outside. 
  • Great for remote working from home and connecting back to the office.
  • Great for traveling.
• Firewalla VPN Client
  • Connect to the internet via 3rd party VPN services seamlessly without installing VPN software.
  • Client and server VPN to link home to work.
  • A site-to-site VPN to link two sites together. 

By using a combination of these two services, firewalla can ensure the privacy and protection of your data.  Here are some of the use cases. Note that when using the VPN, the Firewalla IDS/IPS protections will be still active, so your network will be protected.

Secure Access to Home Network

When you are traveling, working at Starbucks, or using a network that may be snooped upon, connecting back to a safe place is the best solution. By connecting to the Firewalla VPN server at home, you can securely access your home devices, as well as surfing the internet as if you are at home.  

Problem/Risks

• You do not know who is watching you when you are using public Wifi or Wifi owned by someone else

Solution

• Install Firewalla Red/Blue/Gold at home, and enable VPN Server 
• Install VPN client on your phone and/or laptop
• Your network traffic will always be encrypted first and send to your home before going to its destination.  
• It will be like accessing the network from home, and you also have full access to devices at home

Secure Access to the Office Network

If you are working from home and need to access office devices, such as security cameras, a file server, etc, VPN is the best solution.  

Problem/Risks

• You have important business-related data that should be protected. You do not want this to be visible to the public network (including your service provider).

Solution

• Install Firewalla Red/Blue/Gold at work, and enable VPN Server
• Install OpenVPN client on your laptop or Phone. 
• You can also Install Firewalla Red/Blue/Gold at home and enable VPN Client, this will allow you to connect any device to the office.
• Your network traffic will always be encrypted first and send to your office before going to its destination

Connecting Multiple Networks with Site to Site VPN

If you have multiple offices or homes, you can use Site to site VPN to connect the networks together over encrypted links. You can access shared devices such as file servers, printers, video cameras bi-directionally between any two sites. 

Problem/Risks

• You have multiple offices (or home offices) and you want resources shared between the offices securely

Solution

• Install Firewalla Blue/Gold at each site
• Follow the site-to-site VPN installation guide.

Third-Party VPN

If you are using third-party VPN's to shield your data from ISP / Government, and want more devices (even those who can't install VPN client) to use the same service, you should use the Firewalla VPN Client feature.  

Firewalla does not provide the 3rd party VPN service.

Problem/Risks:

• You want to shield your data from ISP or Government.
• You have IoT devices that can not install VPN Client software, you want to have them access the network via VPN.   

Solution

• Install Firewalla Red/Blue/Gold at home
• Sign up for a 3rd party VPN server service.   Firewalla supports these services (see VPN Client document for the latest).
  • NordVPN
  • ExpressVPN
  • Smart DNS Proxy
  • IPVanish VPN
  • PureVPN
  • Many others are also supported, we have not tested them all
• Use Firewalla VPN Client feature to tunnel any device to the VPN server 

VPN and Network Segmentation

The Firewalla Gold will allow you to create network segmentation and configure VPN at the individual segment level. For example, to make working from home more convenient, you can dedicate one port as a VPN network segment, and when you access that segment, you are directly connected to your office through Firewalla VPN client/server.

Summary of the VPN Capabilities: