To protect your smart home or small business from cyberattacks, it is important to strengthen the security profile of your network devices. Security starts with you first, but Firewalla can help by securing your whole network with a protective shield that covers all your IoT devices as well.

To achieve better security, Firewalla can give you:

1. Visibility: Window to your home/business network. Completely understand your network and be able to identify risk. 
2. Control: Have full control of your network, and apply policies and rules that are important to you. This will reduce risk by limiting the attack surface. Your network, you make the rules!
3. Protection: Have Firewalla automatically protect your network based on your rules.

We hope this three-part article series can help you build a better and more secure network.

 

---

 

PART 1: Visibility

One of the most revealing moments for first-time users of Firewalla is when they see how many connected devices they have in their homes and what exactly is going on in those devices. You'll be surprised how chatty some of these devices are in the background.

Firewalla can help you:

• Know what devices you have
• Check what your devices are doing
• Understand your network
• Scan for open ports and vulnerabilities
• Review and manage alarms

 

 

Know what devices you have

Once you have Firewalla set up, you'll see all connected devices (wired or wireless) in your home. Take an inventory of all your IoT devices, make sure you know what they are, and rename your devices so you can easily recognize them. The devices on your network may include:

• Smart TVs
• Speakers
• Printers
• Cameras
• Automation control units
• And more...

Firewalla will notify you of any new devices that appear and you can optionally automatically limit the access you give new devices. For example, if a neighbor jumps on your Wi-Fi without permission, you can block all internet access.

 

You can see device lists separated by Network and Group. Use the search feature to locate devices by name, IP, or MAC address. Change your device list view options by tapping the icon on the top right of the screen to see devices with reserved IPs, past devices, group devices by type, and sort the device list by name, MAC address, IP address, top download, and top upload. Learn more about device lists here.

 

 

Check what your devices are doing

Firewalla gives you deep insights into traffic activity on each device in your network. This is especially useful for IoT devices that operate in the background. While a router can't look at the content of secured data connections, Firewalla can still determine the following:

• Where data goes (e.g. country, domain) 
• How much data is going
• What kind of traffic is it
• Whether it is egress or ingress
• Whether it was allowed or blocked
• Why was it allowed or blocked

All of this is available by device, device group, and network segment, giving a very clear and specific picture of what's happening at all times. Firewalla can show you the following:

1. Network Flows
2. Local Flows
3. Blocked Flows
4. Live Throughput
5. Users

Check device activities regularly to stay on top of what they do. Any abnormalities will be automatically detected by Firewalla, and you will receive alerts. Learn more about how to monitor and configure devices.

 

1. Network Flows

Network Flows are a history of all inbound and outbound network traffic on your network. The crossed-out items in All Flows show what has been blocked. There is a separate, filtered view showing only the blocked flows, which has more detail (see Blocked Flows below for more detail). 

     

This data helps you answer critical questions such as:

1. What servers are your devices connecting to?
2. Where are these servers located?
3. Do these servers have a shady reputation?
4. Is there data collection that I'd like to block (e.g. logging and data mining)?
5. Is there Ingress port scanning happening?
6. What Ingress attacks are coming my way?
7. What interface is traffic coming over?

To make the list of flows easier to understand, you can hide some flows from view with the Exclude feature, such as:

• Inbound Flows: Flows that are coming from outside. These are typically blocked. 
• Blocked Flows: Flows that have been intercepted by Firewalla.
• System Noise: Background traffic on your OS system and commonly seen apps (including ads, tracking, telemetry, software updates, analytics, NTP, and public cloud services). Excluding system noise will helps you focus on important activities within your network.
• Specified Devices or Targets: Flows to or from a specific device or target. For example, if you don't want to see the blocked flows from a certain quarantined device, you can exclude it from appearing in Blocked Flows.

See our tutorial video for step-by-step instructions.

 

The web interface shows traffic by region utilizing the additional real estate of a web app.

 

The web interface also lets you do some filtering for more complex analyses. In this example, "blocked" flows from "Russia".

Firewalla MSP shows even more data and provides reports, easy filtering of flows, and a global view of all your Firewalla boxes.

 

2. Local Flows

Local flows display all internal traffic between devices within your network. As long as your Firewalla unit is in router mode and has more than one local network configured, traffic is counted as a local flow if between devices on different LANs or VLANs or between wireless devices connected to the Firewalla AP7. Learn more about local flows.

 

3. Blocked Flows

Blocked flows can provide tremendously helpful information and insights. They can tell you if Ad Block is working as expected. They can help you fine-tune the rules you set up previously, or create new rules to allow or block access. Learn more about managing Firewalla Rules.

 

By tapping on the right column of the Network Flows, you can cycle through the following data:

1. Block Counts: How many times was a particular domain or IP blocked?
2. Inbound vs Outbound: Was this connection going from inside your network out (egress) when blocked or outside your network in (ingress)?
3. Block Reason: Why did Firewalla block the connection?
4. Port: What port number was being accessed?

 

You can also click on any of the block entries and learn more about the location of the server that was the origin or destination of the traffic, which WAN connection was used, and which ports were used, as well as why it was blocked.

    

 

You can also dig in even further to learn about a particular IP address or domain. This can give you a better understanding of the risk of connecting with that server. However, keep in mind that sometimes perfectly innocent companies share web hosting or cloud services with less reputable companies.

 

Firewalla will show you two lists of your Top Blocked Flows, by Region and Destination:

• Top regions + inbound: If someone from the outside is trying to connect to your network, most attempts will be blocked by Firewalla's Ingress Firewall. We've aggregated those flows based on regions, so you can better understand which regions you should watch out for. 
• Top destinations + outbound: These are the destinations your devices are trying to connect to; most of them might be blocked by the Ad Block feature or the blocking rules you've created.

For step-by-step instructions on how to use this feature, watch our video tutorial.

 

4. Live Throughput

As the name implies, Live Throughput measures upload and download activity in real time. If your app is connected to Firewalla's local network, you can see both to understand how your bandwidth is being taxed globally and the live throughput per device.

Note: If you are using iOS, make sure your Firewalla app has access to local networks. In Settings, go to Privacy > Local Network and grant Firewalla app access.

 

If you have a Multi-WAN configuration, each WAN connection will be broken out separately so you can see how traffic is divided between connections. Live throughput is also available for individual devices.

 

Additionally, the device list shows individual live throughput while you're connected to your local network. See our video tutorial for more details.

 

5. Users

A User is Firewalla's representation of a person in your network. You can assign different devices to a User – for example, if your child has a phone, a tablet, and a laptop, you can assign them all to one User.

Firewalla will track app usage across devices for each User, making it easy to see when and for how long someone is doing certain activities. For example, you can easily see if your child is sneaking YouTube time while they're supposed to be asleep or if an employee is gaming during the workday.

 

Tapping on a specific app lets you drill down on when and for how long your User accessed the app. You can also see which device your User was using. To isolate a specific device, tap on All Devices in the top left corner and select a device.

 

Understand your network

Firewalla equips you with tools to help you monitor and achieve better network performance. Your Firewalla can measure internet speed, network latency, and network packet loss across both your LAN/Wi-Fi network and your WAN. Learn more about what Firewalla can tell you about your network performance and quality.

 

Firewalla also offers a Wi-Fi Test feature which helps you test and tune your Wi-Fi connection in real time. To use this feature, make sure you're connected to your box's local Wi-Fi, then tap Wi-Fi Test. You can see information about your connection download speed, upload speed, ping latency, and Wi-Fi roaming.

 

In addition to network performance metrics, Firewalla can show you total upload and download data consumption over the past 30 days, 24 hours, and 60 minutes. This allows you to observe the most active days of the month, hours in a day, or minutes in an hour. This can help you find unusual activities or identify network bottlenecks. 

 

If you want to look into past data usage, scroll to the bottom of your box's main page, tap More, and tap on the feature Data Usage. This feature will show you a monthly and daily data usage chart. You can tap on each chart to see details, enabling you to compare your data consumption between months. 

 

If you have a data cap on your Internet connection, Firewalla can monitor how much data you have consumed and how many days are left in your billing cycle. You can also set alarms to notify you when you get close to reaching your data cap so you don't face penalties from your ISP. Learn more about how to monitor your bandwidth usage.

  

 

Use the Upload and Download tabs in the Network Flows page to see the top devices, destinations, or flows with the most uploaded or downloaded data in the past 24 hours. Firewalla's Smart Queue can help you control how traffic is prioritized across your network.

   

The web interface displays top devices and destinations for upload and download. 

 

With Firewalla MSP, you get a powerful tool to investigate all flows in your network and can create reports to view all the top bandwidth devices for up to 180 days.

 

Scan for open ports and vulnerabilities

Your router's NAT + Firewall protects your home network from getting accessed externally. But it is fairly simple and common for devices to open an external port on your router to make setup easier, which may pose a security risk. Firewalla's Scan feature helps you identify potential weaknesses:

• External Open Port Scan – inspect your network's ports to see if they can be reached from the Internet. Open ports provide access to the devices on your LAN, potentially opening them up to malicious actors.

• System Vulnerability Scan – investigate your commonly used ports and detect services that do not have password protection, are using a default password, or are using a common/simple password.

Tap on the Scan button on the box's main screen to see these scans and their results. Learn more about Firewalla's Scan feature and open port alarms. 

 

Review and manage alarms

Firewalla will alert you with alarms and notifications when suspicious activities occur. Alerts can include things like:

1. Porn activity
2. Gaming activity
3. Security activity
4. WAN connection issues (so you don't have to guess if you have a Wi-Fi issue or if your ISP is down)
5. VPN connections and connectivity losses
6. Devices going on/offline
7. Network Events, ISP downtime, and connectivity test results 
8. Large Bandwidth usage
9. New devices
10. Open Ports

These alerts help you understand your home network dynamically. If an alarm is associated with normal operation or a trusted service, you can ignore or mute it. However, if a device's activity is unexpected, you should investigate or block it. Learn more about managing alarms.

   

 

The web interface lets you filter alarm searches. For example, security activity for a heartbeat attack: 

 

Firewalla MSP allows you to manage alarms across all or a selected group of boxes, with more advanced filtering options and over a longer period.

 

→ PART 2: Control