To protect your smart home or small business from cyberattacks, it is important to strengthen the security profile of your network devices. Security starts with you first, but Firewalla can help by securing your whole network with a protective shield that covers all your IoT devices as well.

To achieve better security, Firewalla can give you:

1. Visibility: Window to your home/business network. Completely understand your network and be able to identify risk. 
2. Control: Have full control of your network, and apply policies and rules that are important to you. This will reduce risk by limiting the attack surface. Your network, you make the rules!
3. Protection: Have Firewalla automatically protect your network based on your rules.

We hope this three-part article series can help you build a better and more secure network.

 

---

 

PART 1: Visibility

One of the most revealing moments for first-time users of Firewalla is when they see how many connected devices they have in their homes and what exactly is going on in those devices. You'll be surprised how chatty some of these devices are in the background.

Firewalla can help you:

• Know what devices you have
• Check what your devices are doing
• Understand your network
• Examine open ports
• Review and manage alarms

 

 

Know what devices you have

Once you have Firewalla set up, you'll see all connected devices (wired or wireless) in your home. Take an inventory of all your IoT devices, make sure you know what they are, and rename your devices so you can easily recognize them. The devices on your network may include:

• Smart TVs
• Speakers
• Printers
• Cameras
• Automation control units
• And more...

Firewalla will notify you of any new devices that appear and you can optionally automatically limit the access you give new devices. For example, if a neighbor jumps on your Wi-Fi without permission, you can block all internet access.

 

You can see device lists filtered by Network and Group. You can also scroll through your entire device list and use the search feature to locate devices by name, IP, or MAC address. Change your device list view options to see devices with reserved IPs, past devices, and sort the device list by name, MAC address, IP address, download, and upload.

 

Check what your devices are doing

Firewalla gives you deep insights into traffic activity on each device in your network. This is especially useful for IoT devices that operate in the background. While a router can't look at the content of secured data connections, Firewalla can still determine the following:

• Where data goes (e.g. country, domain) 
• How much data is going
• What kind of traffic is it
• Whether it is egress or ingress
• Whether it was allowed or blocked
• Why was it allowed or blocked

All of this is available by device, device group, and network segment, giving a very clear and specific picture of what's happening at all times. Firewalla can show you the following:

1. Network Flows
2. Blocked Flows
3. Live Throughput

Check device activities regularly to stay on top of what they do. Any abnormalities will be automatically detected by Firewalla, and you will receive alerts. Learn more about how to monitor and configure devices.

 

1. Network Flows

Network Flows are a history of all inbound and outbound network traffic on your network. The crossed-out items in All Flows show what has been blocked. There is a separate, filtered view showing only the blocked flows, which has more detail (see Blocked Flows below for more detail).

     

 

This data helps you answer critical questions such as:

1. What servers are your devices connecting to?
2. Where are these servers located?
3. Do these servers have a shady reputation?
4. Is there data collection that I'd like to block (e.g. logging and data mining)?
5. Is there Ingress port scanning happening?
6. What Ingress attacks are coming my way?

In addition, the web interface shows traffic by region utilizing the additional real estate of a web app.

 

The web interface also lets you do some filtering for more complex analyses. In this example, "blocked" flows from "Russia".

2. Blocked Flows

Blocked flows can provide tremendously helpful information and insights. They can tell you if Ad Block is working as expected. They can help you fine-tune the rules you set up previously, or create new rules to allow or block access. Learn more about managing Firewalla Rules.

 

By tapping on the right column (where the pink highlight is in the images below), you can cycle through the following data:

1. Block Counts: How many times was a particular domain or IP blocked?
2. Inbound vs Outbound: Was this connection going from inside your network out (egress) when blocked or outside your network in (ingress)?
3. Block Reason: Why did Firewalla block the connection?
4. Port: What port number was being accessed?

 

You can also click on any of the block entries and learn more about the location of the server that was the origin or destination of the traffic, which WAN connection was used, and which ports were used, as well as why it was blocked.

    

 

You can also dig in even further to learn about a particular IP address or domain. This can give you a better understanding of the risk of connecting with that server. However, keep in mind that sometimes perfectly innocent companies share web hosting or cloud services with less reputable companies.

 

Firewalla will show you two lists of your Top Blocked Flows, by Region and Destination:

• Top regions + inbound: If someone from the outside is trying to connect to your network, most attempts will be blocked by Firewalla's Ingress Firewall. We've aggregated those flows based on regions, so you can better understand which regions you should watch out for. 
• Top destinations + outbound: These are the destinations your devices trying to connect to; most of them might be blocked by the Ad Block feature or the blocking rules you've created.

For step-by-step instructions on how to use this feature, watch our video tutorial.

 

3. Live Throughput

As the name implies, Live Throughput measures upload and download activity in real time. If your app is connected to Firewalla's local network, you can see both to understand how your bandwidth is being taxed globally. Note: If you are using iOS, make sure your Firewalla app has access to local networks. In Settings, go to Privacy > Local Network and grant Firewalla app access.

 

If you have a Multi-WAN configuration, each WAN connection will be broken out separately so you can see how traffic is divided between connections. Live throughput is also available for individual devices.

 

Additionally, as part of the 1.53 app release, the device list now shows individual live throughput while you're connected to your local network. You can see a video tutorial or read more about this feature in our Firewalla App Release 1.53 notes.

 

Understand your network

Firewalla equips you with tools to help you monitor and achieve better network performance. Your Firewalla can measure internet speed, network latency, and network packet loss across both your LAN/Wi-Fi network and your WAN. Learn more about what Firewalla can tell you about your network performance and quality.

 

In addition to network performance metrics, Firewalla can show you total upload and download data consumption over the past 30 days, 24 hours, and 60 minutes. This allows you to observe the most active days of the month, hours in a day, or minutes in an hour. This can help you find unusual activities or identify network bottlenecks. 

 

If you want to look into past data usage, scroll to the bottom of your box's main page, tap More, and tap on the feature Data Usage. This feature will show you a monthly data usage chart and a daily usage chart. You can tap on each chart to see details, enabling you to compare your data consumption between months. 

 

If you have a data cap on your Internet connection, Firewalla can monitor how much data you have consumed and how many days are left in your billing cycle. You can also set alarms to notify you when you get close to reaching your data cap so you don't face penalties from your ISP. Learn more about how to monitor your bandwidth usage.

  

 

You can use the Apps view under Network Flows to see approximately how much time a Network, Group, or Device is spending by app/domain; use Upload and Download to see top data usage. Firewalla's Smart Queue can help you control how traffic is prioritized across your network.

 

 

The web interface displays top devices and destinations for upload and download. 

 

Examine open ports

Your router's NAT + Firewall protects your home network from getting accessed externally. But it is fairly simple and common for devices to open, or ask you to open, an external port on your router to make setup easier. These open ports are holes into your home and may be a risk.

 

Firewalla can detect these open ports:

• Externally scanned ports: ports detected through an external scan. These ports are very likely opened by you using port mapping on your router, by the router, or through UPnP Port mapping. 
• UPnP ports: ports detected using the UPnP protocol. These ports are opened by other devices/services via UPnP.

You can see these ports by tapping on the "Open Ports" button. Make sure you know why each of your open ports is there. If you need to open a port on your router, using the Firewalla VPN server to access that device is likely a better solution. Learn more about open ports and open port alarms. 

 

Review and manage alarms

Firewalla will alert you with alarms and notifications when suspicious activities occur. Alerts can include things like:

1. Porn activity
2. Gaming activity
3. Security activity
4. WAN connection issues (so you don't have to guess if you have a Wi-Fi issue or if your ISP is down)
5. VPN connections and connectivity losses
6. Devices going on/offline
7. Network Events, ISP downtime, and connectivity test results 
8. Large Bandwidth usage
9. New devices
10. Open Ports

These alerts help you understand your home network dynamically. If an alarm is associated with normal operation or a trusted service, you can ignore or mute it. However, if a device's activity is unexpected, you should investigate or block it. Learn more about managing alarms.

   

 

The web interface lets you filter alarm searches. For example, security activity for a heartbeat attack: 

 

→ PART 2: Control