PART 3: Active Protect
Firewalla can utilize deep insight at the network flow level together with your control policies, mixing our unique behavioral analytics engine using tens of thousands of Active Protect entries to actively protect your network.
How does Firewalla Active Protect work?
Firewalla Red through Blue Plus, are one port devices that have two logical ports (input and output) so all data traffic flows from your ISP through Firewalla to your devices. Firewalla Purple and Gold are multi-port devices that are usually physically inline as well so all data egress (outbound) or ingress (inbound) is monitored, assessed, and managed by Firewalla.
To protect your network, internally, Firewalla has various layers of protection that all data flows are compared against. These all work in concert to determine what traffic is risky. Block, or warn you to let you make the final decision.
Here is a quick tutorial on what we do exactly under the covers.
For connections that are certain to be “bad”, Firewalla can block them automatically. For connections that are questionable but possibly legitimate, alarms will be raised and you will be given the option to block the connections. There can be uncertainty because the same servers that host legitimate, safe websites sometimes house shady actors too and bad guys often stay on the move and change tactics to avoid detection.
What does Firewalla Active Protect do?
Firewalla provides three types of cyber protection for your home:
- Security protection from cyber threats impacting your home devices
- Data privacy protection when devices are communicating over the internet
- Family protection that filters out inappropriate online content for kids
1. Security Protection
Keep Active Protect On
Active Protect is an IDS/IPS (Intrusion Detection Service / Intrusion Prevention Service) provided by Firewalla. It automatically:
- detects suspicious activities by analyzing traffic going in and out of your network
- blocks high-risk type of connections
- alerts you for abnormal activities via alarms and notifications
Active Protect uses both signature-based algorithms and behavioral analytics to detect anomalies. For example, it utilizes machine learning to establish the "normal" upload behavior of a device, and if any "abnormal" upload activity occurs, it generates an "abnormal upload" alarm. You can then evaluate and decide what action to take. Learn more about Abnormal Upload Alarms.
Active Protect can also detect attacks using known signatures.
Active Protect is enabled by default and forms a baseline defense against cyberattacks for the whole network as soon as your Firewalla is on duty, even without any other configurations. Keep it on unless you need to run testing. Changing Active Protect from Default to Strict Mode blocks more connections and makes your network more secure.
2. Data Privacy Protection
2.1. Avoid Being Tracked with Ad Block
Ad Block is Firewalla's built-in ad-blocker. It does more than just blocking ads as an annoying type of content. It protects your privacy by preventing ads from tracking your online behaviors. This is especially useful for smart devices that have general access to the internet but do not provide users with privacy settings or controls. Ad Block now also has a Default and Strict mode which blocks ads more aggressively. Turn on Ad Block on All Devices so your whole network is ad-free. Find out more about Ad Block.
2.2. Tunnel IoT Traffic over VPN with VPN Client
Firewalla has a built-in VPN client that makes it easy and free to tunnel all your home network traffic, including IoT traffic, through a VPN.
Site to Site VPN:
If you have multiple homes, you can use Site to site VPN to connect the networks together over encrypted links. You can securely access shared devices such as file servers, printers, video cameras bi-directionally between the sites.
3rd Party VPN:
If you are using a third-party VPN server to shield your data from ISP or government, you can enable the Firewalla VPN Client and connect to the VPN Server. This will allow all your IoT devices to easily utilize the same VPN service.
2.3. Access IoT Devices Remotely with VPN Server
Firewalla has a built-in VPN Server as well. When you are traveling or using public Wi-Fi, you can connect back to the VPN Server at home and securely access your home devices, such as security cameras, home automation controllers, etc.
This method is far more secure than using simple port forwarding on your router. The extra encryption both hides your traffic and provides authentication at the network layer at the same time.
Active Protect doesn't just protect your devices on your local network. When you are on the road or at your favorite coffee shop, you can connect to the built-in VPN server on Firewalla to surf the internet as if you are at home with the same level of protection. Learn more about A Trusted LAN.
2.4. Protect Data Privacy with DNS over HTTPS
DNS over HTTPS (DoH) sends DNS requests encrypted over HTTPS, as opposed to the traditional DNS that sends the request in plain text over HTTP. It prevents third parties from spying on what websites/domains/services your devices are accessing. By turning on DoH in Firewalla, all devices in your network will be protected, especially IoT devices that otherwise have no ability to configure such service.
Firewalla supports several of the biggest DoH providers out of the box, and you can configure any DoH provider you like with custom settings. You can put all requests through a single provider or select several to randomize which provider is used for an extra level of protection.
3. Family Protect
Family Mode contains services that automatically filter out inappropriate content for families (porn and violent materials). It includes Family Protect that blocks access to websites that serve such content, and Safe Search that filters out offensive content from search results. If you have kids at home, enable Family Mode on all computers and smart devices(like Apple TV) that your kids might have access to.
To test all your settings to verify if everything is working as expected, check this: How to validate Firewalla features?