Firewalla Gold and Firewalla Purple work best in Router Mode and Bridge mode. These two modes are compatible with any device. If you are using or planning these modes, this guide DOES NOT apply to you. Learn more about Firewalla Router Mode.
Firewalla works in either Simple Mode (Plug and Play) or DHCP mode (need to log into the router and disable the DHCP server. Learn more about DHCP Mode). Your router should be able to work with at least one of these modes. Please note that support for Simple Mode may be reduced soon. We highly recommend using Bridge or Router Mode.
The Firewalla app auto-detects you during the initial pairing with the Firewalla box. If you are running into problems, please check the list below to see if there are any known issues. The auto-detection process is not perfect, but you can always manually force a mode to use.
- If your router is not on the list, it is most likely compatible with Firewalla in either Simple or DHCP mode. This list will be updated as we learn from our customers.
- DHCP Mode: If you can turn off the built-in DHCP sever in your router, then DHCP mode will work for you. For some routers where DHCP can’t be disabled, a trick like this might work.
- To connect Firewalla, your router (or a switch connected to the router) must have a free Ethernet port. Here is the installation guide.
- Any questions? Just email us at help@firewalla.com and we'll create a support case. Our engineers will help you directly.
Here is some detailed compatibility information:
- Firewalla Confirmed Router List & User-contributed List
- VPN Server Compatibility
- Compatibility with Other Devices
- Special Configuration
Firewalla Confirmed Router List
Brand | Model |
Simple Mode . |
DHCP Mode . |
Notes . |
---|---|---|---|---|
Actiontec | T3200 | ❌ Not Compatible | ||
Actiontec | T2200 | ✅ Compatible | ||
Amplifi | HD | ❌ Not Compatible | LIMIT-DHCP | Starting Firmware version 3.3.0, need to keep the network unchanged |
Apple | Airport Extreme | ✅ Compatible | LIMIT-DHCP | |
Apple | Airport Time Machine | ✅ Compatible | LIMIT-DHCP | |
Arris | 5268 | ✅ Compatible | LIMIT-DHCP | Need to disable monitoring of devices that look like 5268AC, or 5268. |
Arris | DG3450 | ❌ Not Compatible | LIMIT-DHCP | |
Arris | SBG6782 | ✅ Compatible | ✅ Compatible | Set the DHCP lease time from 3600 (one hour) to a large number like (604800) |
Arris | SBG6900AC | ✅ Compatible | ✅ Compatible | Set the DHCP lease time from 3600 (one hour) to a large number like (604800) Put device Arris-LGW in not monitor mode. |
Arris | SVG2482AC | ✅ Compatible | LIMIT-DHCP | |
Arris | XB6/TG3482 | ❌ Not Compatible | LIMIT-DHCP | |
Arris |
Others |
✅ Compatible | ✅ Compatible | Disable monitoring of device that looks like ARRIS-LGW |
Aruba | Any | ✅ Compatible | Please turn off "Block ARP Broadcast". This prevents Firewalla from being discovered. | |
ASUS | N600 | ✅ Compatible | ✅ Compatible | NAT Acceleration must be turned off |
ASUS | RT-N56U | ✅ Compatible | ✅ Compatible | NAT Acceleration must be turned off |
ASUS | RT-N66U | ✅ Compatible | ✅ Compatible | NAT Acceleration must be turned off |
ASUS | RT-AC68U | ✅ Compatible | ✅ Compatible | NAT Acceleration must be turned off |
ASUS | RT-AC68R | ✅ Compatible | ✅ Compatible | Firewall must be turned off during installation |
ASUS | RT-AC86U | ❌ Not Compatible | ✅ Compatible | |
ASUS | RT-AC87 | ✅ Compatible | ✅ Compatible | NAT Acceleration must be turned off |
ASUS | Others (See more models on User-contributed list) |
✅ Compatible | ✅ Compatible | |
AVM GmbH | FRITZ!Box 6490 | ✅ Compatible | ||
AVM GmbH | FRITZ!Box 7490 | ✅ Compatible | ||
Bell/ SEGAMCOM |
Home Hub 3000/ F@ST 5566 |
❌ Not Compatible | ✅ Compatible | Special setup required |
Belkin | All models | ✅ Compatible | ✅ Compatible | |
Cisco | RV325 | ✅ Compatible | ✅ Compatible | |
Cisco | Comcast DPC3941 Cable Modem | ✅ Compatible | LIMIT-DHCP | |
Cisco | WRVS4400N | ❌ Not Compatible | ✅ Compatible | |
D-LINK | AC3100 | ✅ Compatible | ||
EERO | Pro Wifi6 | Unknown | LIMIT-DHCP | You may need to turn off eero secure to install. (eero firmware 6.3.1 or greater) |
EERO | Version 2 | ✅ Compatible | ✅ Compatible | see above |
EERO | Version 1 | ❌ Not Compatible | ✅ Compatible | see above |
OnHub TGR-1900 (TP-Link) | ❌ Not Compatible | ❌ Not Compatible | ||
SRT-AC1900 /Onhub | ❌ Not Compatible | ❌ Not Compatible | ||
Wifi / Nest Wi-Fi | ❌ Not Compatible | LIMIT-DHCP | Need Additional setup | |
Huawei | HG659 | ❌ Not Compatible | ✅ Compatible | |
Huawei | HG635 | ❌ Not Compatible | ✅ Compatible | |
Huawei | HGW-2501gn-r2 /Mitrastar | ❌ Not Compatible | ✅ Compatible | |
Huawei | HA35-22 | ❌ Not Compatible | ✅ Compatible | |
Linksys | N600 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Linksys | AC1900/EA7500 v1 | ✅ Compatible | ✅ Compatible | Express Forwarding should be Disabled |
Linksys | AC2600/ EA8500 /Max Stream | ✅ Compatible | ✅ Compatible | Express Forwarding should be Disabled |
Linksys |
WRT32X AC3200 |
✅ Compatible | ✅ Compatible | A gigabit switch is required, when working with Firewalla Red. (Connect the switch to the router, and connect Firewalla Red to the switch.) |
Linksys | AC4000/EA9300 | ✅ Compatible | ✅ Compatible | Express Forwarding should be Disabled |
Linksys | EA7500v2 | ❌ Not Compatible | ✅ Compatible | |
Linksys | AC2400/EA8350 | ❌ Not Compatible | ✅ Compatible | |
Linksys | E3000 | ❌ Not Compatible | ✅ Compatible | |
Linksys | Velop | ✅ Compatible | ✅ Compatible | Special setup on Mesh |
Luma | Luma | ✅ Compatible | ❌ Not Compatible | |
AT&T / Motorola | NVG510 | ✅ Compatible | ❌ Not Compatible | |
Netgear | Orbi | ✅ Compatible | ✅ Compatible | Special setup on Mesh |
Netgear | Orbi Pro | ✅ Compatible | ✅ Compatible | Special setup on Mesh |
Netgear | Orbi RBR840 | ❌ Not sure | Unknown | |
Netgear | Orbi RBR75x | ❌ Not sure | ✅ Compatible | |
Netgear | N600 /WNDR3400v2 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Netgear | WNDR3400 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Netgear | R6250 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Netgear | R6400 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Netgear | D6400 | ✅ Compatible | ||
Netgear | R6251v3.3 | ✅ Compatible | ✅ Compatible | Not compatible with guest network |
Netgear | X4 /R7500 (AC2350) | ❌ Not Compatible | ✅ Compatible | |
Netgear | X4S /R7800 (AC2600) | ❌ Not Compatible | ✅ Compatible | |
Netgear | X6 /R8000 (AC3200) | ✅ Compatible | ✅ Compatible | |
Netgear | X6S /R8000P (AC4000) | ❌ Not Compatible | ✅ Compatible | |
Netgear | X10 /R9000 (AD7200) | ❌ Not Compatible | ✅ Compatible | |
Netgear | XR500 | ❌ Not Compatible | ✅ Compatible | |
Netgear | Nighthawk M1 | ❌ Not Compatible | ❌ Not Compatible | |
Phicomm | Any | ✅ Compatible | ✅ Compatible | |
Portal Wi-Fi | Any | ✅ Compatible | ❌ Not Compatible | |
Sonicwall | Most Models | ✅ Compatible | ||
Technicolor | TC8717 | ✅ Compatible | ❌ Not Compatible | |
Technicolor | TC8715 | ✅ Compatible | ❌ Not Compatible | |
Technicolor | DJA0231 | ❌ Not Compatible | LIMIT-DHCP | |
TP-LINK | TL-WVR4300L | ❌ Not Compatible | ✅ Compatible | |
TP-LINK | TL-W8901N | ❌ Not Compatible | ✅ Compatible | |
TP-LINK | AC2600 | ❌ Not Compatible | ✅ Compatible | |
TP-LINK | TALON AD7200 | ❌ Not Compatible | ✅ Compatible | |
TP-LINK | On Hub | ❌ Not Compatible | ❌ Not Compatible | |
TP-LINK | C3150 | ✅ Compatible | ||
TP-LINK | Deco | ✅ Compatible | ❌ Not Compatible | Special setup on Mesh |
TP-LINK | Deco (Wi-Fi 6) X60 | ❌ Not Compatible | ❌ Not Compatible | May work in Experimental Simple Mode |
TP-LINK | TL-WDR5620 | ✅ Compatible | ||
Synology | RT2600AC | ❌ Not Compatible | ✅ Compatible | Requires Special Setup on Synology |
Synology | RT1900 | ❌ Not Compatible | ✅ Compatible | Requires Special Setup on Synology |
Ubiquiti | UniFi Security Gateway | ✅ Compatible | ||
Ubiquiti | Dream Machine | ✅ Compatible | ✅ Compatible | |
Verizon | FiOS G1100 | ✅ Compatible | ✅ Compatible | |
Xfinity | XB6 | ❌ Not Compatible | LIMIT-DHCP | ipv6 must be off |
Xfinity | XB7 | ❌ Not Compatible | LIMIT-DHCP | ipv6 must be off |
Xiaomi | All models | ✅ Compatible | ✅ Compatible | |
Xiaomi |
AX1800 AX3600 |
❌ Not Compatible | Unknown | Use Experimental Simple Mode |
User Confirmed Router List
Following list of routers known to be compatible with Firewalla, contributed by our wonderful users across the world. Discussions can be found here: user-contributed router list.
Brand | Model | Simple Mode | DHCP Mode |
---|---|---|---|
2WIRE | 2WIRE | ✅ Compatible | |
ARCADYAN | VGV7519 | ✅ Compatible | |
ARCADYAN | SINGTEL WIFI | ✅ Compatible | |
Actiontec | C3000A | ❌ Not Compatible | ✅ Compatible |
Amplifi | Alien | Compatible with Experimental Simple mode | Unknown |
Arris (AT&T) | BGW210 | ✅ Compatible | |
Arris | TG862G | ✅ Compatible | |
Arris | TG1682G | ✅ Compatible | |
Arris | 2Wire | ✅ Compatible | |
Arris | DG1670 | ✅ Compatible | |
Arris | DG2470 | ✅ Compatible | |
Arris | TG2492LG | ✅ Compatible | |
Arris | NVG468MQ | ✅ Compatible | |
Arris | NVG589 | ✅ Compatible | |
ASUS | AX58U | ✅ Compatible | Unknown |
ASUS | Lyra Trio | ❌ Not Compatible | Pro only, SSH/Terminal knowledge required * |
ASUS | RT-AC66U | ✅ Compatible | |
ASUS | RT-AC88U | ✅ Compatible | |
ASUS | RT-AC1200 | ✅ Compatible | |
ASUS | SRT-AC1900/Onhub | ❌ Not Compatible | ❌ Not Compatible |
ASUS | RT-AC5300 | ✅ Compatible | ✅ Compatible |
ASUS | RT-AC3100 | ✅ Compatible (Some versions) | ✅ Compatible |
ASUS | RT-N12 | ✅ Compatible | |
ASUS | RT-ACRH13 | ✅ Compatible | ✅ Compatible |
ASUS | Rapture GT AX1100 | ✅ Compatible | |
Altice | Altice One | ❌ Not Compatible | ✅ Compatible |
AVM GmbH | FRITZ!Box 3490 | ❌ Not Compatible | ✅ Compatible |
AVM GmbH | FRITZ!Box 6490 | ✅ Compatible | ✅ Compatible |
AVM GmbH | FRITZ!Box 7360 | ✅ Compatible | |
AVM GmbH | FRITZ!Box 7490 | ❌ Not Compatible | ✅ Compatible |
AVM GmbH | FRITZ!Box 7530 | ✅ Compatible | |
AVM GmbH | FRITZ!Box 7590 | ✅ Compatible | ✅ Compatible |
Bell / SEGAMCOM |
Home Hub 2000 / F@ST 5250 |
✅ Compatible | |
Bitdefender | Bitdefender Box | ✅ Compatible | |
BSKYB | Sky Hub | ✅ Compatible | |
BSKYB | ADSL Router | ✅ Compatible | |
BT | Home Hub 4 | ✅ Compatible | |
BT | Home Hub 5 | ✅ Compatible | |
BT | Home Hub 6 | ✅ Compatible | |
Cisco | RV320 | ✅ Compatible | |
Cisco | DPC3941 | ||
Cisco | Meraki | ✅ Compatible | |
Compal | CH7465LG | ✅ Compatible | |
Cox | Panoramic Gateway | ❌ Not Compatible | ❌ Not Compatible |
D-LINK | DIR-615 | ✅ Compatible | |
D-LINK | DIR-810 | ✅ Compatible | |
D-LINK | DIR-818 | ✅ Compatible | |
D-LINK | DIR-842 | ✅ Compatible | |
D-LINK | DIR-859 | ✅ Compatible | |
D-LINK | DIR-868 | ✅ Compatible | |
D-LINK | DIR-879 | ✅ Compatible | |
HITRON | CGNM-2250 | ✅ Compatible | |
HITRON | Coda 4582 | ❌ Not Compatible | ✅ Compatible |
HiWifi | All models | ✅ Compatible | |
Huawei | B310s | ✅ Compatible | ❌ Not Compatible |
Huawei | B683 | ✅ Compatible | ❌ Not Compatible |
Huawei | B593s-22 | ✅ Compatible | ❌ Not Compatible |
Huawei | HG658 | ❌ Not Compatible | ❌ Not Compatible |
Linksys | EA3500 | ✅ Compatible | ✅ Compatible |
Linksys | EA6500 | ✅ Compatible | ✅ Compatible |
Linksys | EA6900 | ✅ Compatible | ✅ Compatible |
Linksys | EA9500 | ✅ Compatible | ✅ Compatible |
Linksys | E3000 DDWRT | ✅ Compatible | |
Linksys | WRT1900ACS | ✅ Compatible | |
Linksys | E1200 | ✅ Compatible | |
MikroTik | MTK-FW | ✅ Compatible | ✅ Compatible |
MikroTik | Routerboard | ✅ Compatible | |
NEC | ATERM | ✅ Compatible | |
NEC | PR-400NE | ✅ Compatible | |
Netgear | N750/WNDR4300 | ✅ Compatible | |
Netgear | WAC120 | ❌ Not Compatible | ✅ Compatible |
Netgear | WNDR4500v2 | ✅ Compatible | |
Netgear | WNDR4500v3 | ? | ? |
Netgear | R6220 | ✅ Compatible | ✅ Compatible |
Netgear | X6S /R7900 (AC3000) | ❌ Not Compatible | ✅ Compatible |
Netgear | X8 /R8500 (AC5300) | ✅ Compatible | |
Netgear | X8 /R8300 (AC5000) | ✅ Compatible | |
Netgear | R6300 | ✅ Compatible | |
Netgear | R6700 | ✅ Compatible | ✅ Compatible |
Netgear | R6700v2 | ❌ Not Compatible | ✅ Compatible |
Netgear | R7000P (AC2300) | ✅ Compatible | |
Netgear | R7000 (AC1900) | ✅ Compatible | |
Netgear | C7000 | ✅ Compatible | |
Netgear | C7000v2 | ❌ Not Compatible | ✅ Compatible |
Netgear | C3000 | ✅ Compatible | |
Netgear | C6300 | ✅ Compatible | |
Negear | C7800 | Likely Not | Unknown |
Netgear | D7800 | ✅ Compatible | ✅ Compatible |
Netgear | Nighthawk AX12 | Compatible with Experimental Simple mode | |
Netgear | RAX120 | ❌ Not Compatible | ✅ Compatible |
Netgear / Telstra | v7610 | ✅ Compatible | |
Netgear / Telstra | DEVG2020 | ✅ Compatible | |
Mikrotik | RB2011UAS-2HnD | Compatible with Experimental Simple mode | |
Proximus | BBox3 | ✅ Compatible | |
SAGEMCOM | F@ST 5260 | ❌ Not Compatible | |
SAGEMCOM | ADSL Router | ✅ Compatible | |
SAGEMCOM | F@ST 5280 | ❌ Not Compatible | ✅ Compatible |
SAGEMCOM | BBOX 3 | ✅ Compatible | |
SAGEMCOM | 3686 | ✅ Compatible | |
Samsung | SMT G7400 | ✅ Compatible | |
Technicolor | CGM4140 | Unknown | Unknown |
Technicolor | DJA0231 | ❌ Not Compatible | LIMIT-DHCP |
Technicolor | DGA4131FWB | ✅ Compatible | |
Technicolor | TG789vac v2 | ✅ Compatible | |
Technicolor | DJA0230TLS | ✅ Compatible | |
Technicolor | CenturyLink TR-064 | ✅ Compatible | |
Technicolor | TC8717(T) | ✅ Compatible | |
TENDA | Nova | ✅ Compatible | |
TP-LINK | Archer C1200 | ✅ Compatible | |
TP-LINK | AC1900 | ✅ Compatible | |
TP-LINK | Archer C3200 | ✅ Compatible | |
TP-LINK | M5 | ✅ Compatible | |
TP-LINK | TL-R600VPN | ✅ Compatible | |
TP-LINK | Archer C5400 | ✅ Compatible | |
TP-LINK | Archer C2300 | ✅ Compatible | |
TP-LINK | Archer C7 | ✅ Compatible | |
TP-LINK | TL-WR841N | ✅ Compatible | |
TP-LINK | Archer D7 | ✅ Compatible | |
TP-LINK | Archer A7 | ✅ Compatible | |
TP-LINK | Archer C60 | ✅ Compatible | |
TP-LINK | Archer C50 | ✅ Compatible | |
TP-LINK | Archer C2600 | ❌ Not Compatible | ✅ Compatible |
TP-LINK | Archer C5 | ✅ Compatible | |
TP-LINK | C4000 (A20) | ❌ Not Compatible | ✅ Compatible |
TP-LINK | DECO M4 | Compatible with Experimental Simple mode | |
TP-LINK | DECO X55 | May work in Experimental Simple Mode | |
Ubiquiti | Edge Router | ✅ Compatible | ✅ Compatible |
ZTE | TR064 | ✅ Compatible | ✅ Compatible |
ZYXEL | EMG2926 | ✅ Compatible | |
ZYXEL | PK5001Z | ✅ Compatible | |
ZYXEL | C3000Z | ✅ Compatible |
✅ Compatible |
Verizon | FiOS G1100 | ✅ Compatible (Home network protection should be turned off) |
* Run the following command with SSH to disable DHCP on ASUS Lyra Trio
nvram set dhcp_enable_x=0; nvram commit;
Special Configuration
Network Extenders
There is a class of network extenders that will actively change or randomize all the Wi-Fi devices connecting to it. These are not compatible with Firewalla. The reason is that Firewalla uses the device's MAC address as the key to the device, if it keeps on changing, it will make monitoring impossible (such as NETGEAR EX3700).
Wi-Fi Access Points (Simple Mode )
If you have network devices, such as extenders, or routers acting as access points, you may need to put them into "not monitor" mode.
Comcast Routers
Certain Comcast routers that run in DHCP mode (such as XB6/XB7) may have issues with blocking IPv6 traffic. Please contact your Comcast provider and make sure they can turn off ipv6 before purchasing if you have XB6/XB7 as your main router.
IPv6
In Simple mode: IPv6 support needs to be manually turned on. Please tap on "+" and then add the IPv6 feature.
In DHCP mode: DHCPv6 and auto-config should be turned off.
Network Size (For advanced + business users)
Most home network by default is /24 network mask (253 networked devices). Please limit Firewalla Red's network to /24 and Firewalla Blue to /19
Guest Networks
Guest networks are generally not supported by Firewalla. These networks are mostly 'inside' the router and not visible on the LAN side.
LAN Ports
Certain router's LAN ports (we have confirmed on the Synology 2600) when shared with multiple devices (multiple devices connecting to the LAN ports), there will be a speed reduction (even more if there is a 100mbit device attached to the router LAN port). This is the problem relating to the Linux bridge interface and router's LAN implementation. To correct this problem, attach a switch to one LAN port and connecting the rest of the devices to that LAN port.
VPN Server Compatibility
(So far we see the issues below happening in Germany and China)
To access the Firewalla VPN server, your ISP will need to give you an externally routable IPv4 address. (Most ISPs do this already, we have seen cases in Germany and China, where the IP address provided is a private IP) Without this, your VPN client will not be able to talk to Firewalla.
VPN will not work in a pure IPv6 network, it only supports IPv4 at the moment. We are working on getting it working over IPv6. We encounter problems in some German ISPs, where IPv4 in IPv6 tunnel is used.
Compatibility with Other Devices
The idea behind the defense-in-depth approach is to defend a system against any particular attack using several independent methods. We engineered our box to play with other boxes just for this purpose. Many of the tips here are contributed by our customer base.
Circle: If you have Circle on the network, make sure Circle is not monitoring Firewalla and Firewalla is not monitoring Circle. And both are not monitoring the same devices. Otherwise, your network will be shut down with packets flying all over the place.
Cujo: One user has claimed that they're running Firewalla in Simple Mode under Cujo. (verified by another user)
Fing: Fully compatible. Do not use Fing to block a device that's monitored by Firewalla in Simple Mode.
PFSense: Pending confirmation, we have one user who's gotten Firewalla Simple Mode working with it.
PiHole: This is the open-source DNS server. Much like what Firewalla does. If you have this as your DNS server, please disable the monitoring of the PiHole Unit inside the Firewalla App. (tap on devices->find pihole->tap on it->move to the bottom and monitoring off)
You also can install pihole inside the firewalla Blue by following this Guide.
SonicWall: Should work in Simple Mode
Bitdefender: We do know a few users run Firewalla with Bitdefender in router mode.
Bitdefender Total Security: Firewalla Device Port Scan feature is reported to be NOT compatible with Bitdefender's Port Scan Protection, which may impact the whole network. Disabling either Device Port Scan on Firewalla Box or Port Scan Protection on Bitdefender will solve the problem.
Ubiquiti: Firewalla works with many Ubiquiti devices in Simple Mode.
Untangle: Firewalla works with Untangle with the help of an additional switch sitting in between them. Firewalla will NOT be able to monitor devices connecting to interfaces other than which Firewalla is connecting to.
Rattrap: Firewalla works with rattrap as the front end. Tested by one of our customers, who really loves the concept of layered security.
Comments
0 comments
Please sign in to leave a comment.