PART 3: Protect
Firewalla provides three types of cyber protection for your home:
- Security protection from cyber threats impacting your home devices
- Data privacy protection when devices are communicating over the internet
- Family protection that filters out inappropriate online content for kids
Here are recommendations on how to use various protection features and services to maximize the benefit.
1. Keep Active Protect On
Active Protect is an IDS/IPS (Intrusion Detection Service / Intrusion Prevention Service) provided by Firewalla. It automatically:
- detects suspicious activities by analyzing traffic going in and out of your network
- blocks high-risk type of connections
- alerts you for abnormal activities via alarms and notifications
Active Protect uses both signature-based algorithms and behavioral analytics to detect anomalies. For example, it utilities machine learning to establish the "normal" upload behavior of a device, and if any "abnormal" upload activity occurs, it generates an "abnormal upload" alarm. You can then evaluate and decide what action to take. Learn more about abnormal upload.
Active Protect can also detect attacks using known signatures.
Active Protect is enabled by default and forms a baseline defense against cyberattacks for the whole network as soon as your Firewalla is in duty, even without any other configurations. Keep it on unless you need to run testing.
2. Protect Your Kids with Family Mode
Family Mode contains services that automatically filter out inappropriate content for families (porn and violent materials). It includes Family Protect that blocks access to websites that serve such content, and Safe Search that filters out offensive content from search results. If you have kids at home, enable Family Mode on all computers and smart devices that your kids might have access to.
3. Avoid Being Tracked with Ad Block
Ad Block is Firewalla's built-in adblocker. It does more than just blocking ads as an annoying type of content. It protects your privacy by preventing ads from tracking your online behaviors. This is especially useful for smart devices that have general access to the internet but do not provide users with privacy settings or controls. Turn on Ad Block globally so your whole network is ads-free. Learn more about ad-block.
4. Tunnel IoT Traffic over VPN with VPN Client
Firewalla has a built-in VPN client that makes it easy and free to tunnel all your home network traffic, including IoT traffic, through a VPN.
Example: Site to Site VPN
If you have multiple homes, you can use Site to site VPN to connect the networks together over encrypted links. You can securely access shared devices such as file servers, printers, video cameras bi-directionally between the sites.
Example: 3rd Party VPN
If you are using a third-party VPN server to shield your data from ISP or government, you can enable the Firewalla VPN Client and connect to the VPN Server. This will allow all your IoT devices to easily utilize the same VPN service.
5. Securely Access IoT Devices Remotely with VPN Server
Firewalla has a built-in VPN Server as well. When you are traveling or using public Wi-Fi, you can connect back to the VPN Server at home and securely access your home devices, such as security cameras, home automation controllers, etc.
This method is far more secure than using simple port forwarding on your router. The extra encryption not only hides your traffic, but also provides authentication at the network layer.
6. Protect Data Privacy with DNS over HTTPS
DNS over HTTPS (DoH) sends DNS requests encrypted over HTTPS, as opposed to the traditional DNS that sends the request in plain text over HTTP. It prevents third-parties from spying on what websites/domains/services your devices are accessing. By turning on DoH in Firewalla, all devices in your network will be protected, especially IoT devices that otherwise have no ability to configure such service.