The best way to set up a mesh network with Firewalla Gold in router mode is to configure the mesh network in AP Mode/Bridge Mode.
However, Google Wifi mesh network doesn't support AP Mode or Bridge mode (when the mesh is enabled). This tutorial introduces a workaround.
Here is the proposed network diagram:
There will be three network subnets created:
- Google Wifi LAN, managed by Google Wifi. This subnet is only used for Google satellites (e.g. 192.168.86.0/24).
- Gold - Port 3, managed by Gold. This subnet is only used for Google Wifi's WAN IP (e.g. 192.168.200.0/24).
- Gold - Port 2, managed by Gold. This subnet is used for the remaining Wifi devices (e.g. 192.168.210.0/24).
Step 1: Setup Local Networks in Gold
- Make sure Firewalla Gold is running in Router Mode
- Create a dedicated local network on Port 3. (e.g. 192.168.200.1/24)
- Create another local network on Port 2. It can either be shared with Port 1 or dedicated. (e.g. 192.168.210.1/24). The basic requirement is Port 2 and Port 3 must be used for different local networks.
1. Here is the tutorial on how to manage networks on Gold
2. We'll use the subnets above as an example in the rest of this guide.
Step 2: Setup Google Wifi Mesh network with a limited DHCP address range
- Connect the WAN port of the Google Wifi primary unit to Port 3, then follow the official guide to set up the Google Wifi primary device. Double confirm that the WAN IP of Google Wifi should be under 192.168.200.0/24
- Configure DHCP address range in Google Wifi primary unit so that the number of available IP addresses is N (N=number of additional Wifi points)
For example, to allow 2 more Wifi points in the Google Wifi mesh network, you can set the DHCP address range as 192.168.86.2~192.168.86.3.
- Set up Google Wifi Mesh network by adding additional Google Wifi points one by one, and verify that they get IP addresses in the given DHCP address range.
- Sometimes one Google Wifi point may have two mac addresses, so you may need to reserve more IP addresses.
Step 3: Use DHCP from Gold for devices in the wireless mesh network
- Connect the LAN port on Google Wifi primary unit to Port 2 on Firewalla Gold.
- Now any device connecting to the Google Wifi network should be able to get IP address allocated by Gold. (They should get IP address under 192.168.210.0/24.)
Step 4: Configure Gold to not allocate IP for Google Wifi points
Google Wifi points may accidentally get IP addresses allocated by Gold If the DHCP allocation from Google Wifi expires. This may break mesh setup. When this happens:
1. Firewall App will get a New Device Alarm on google wifi points.
2. Find the Wifi points devices in the Firewalla app (usually, the name is Google, Inc. and the IP address is under 192.168.210.0/24)
2. For each Wifi point device, tap on "IP Address", select "Do not allocate". This only needs to be done once.
3. Reboot Wifi point to get an IP from the Google Wifi primary unit.