STEP 1. Verify Firewalla is blocking 

Step 1.1: Turn on Emergency Access 

Emergency Access instantly unblocks internet access by suspending all blocking mechanisms (but  monitoring and basic protection remain in place). To turn on Emergency Access:

• Go to Main screen -> Devices
• Tap on the device that's having problems connecting 
• Scroll to the bottom and turn on Emergency Access

You can also turn on Emergency Access globally (Rules -> "…" on the top right corner -> Emergency Access)

• Emergency access may take some time to be effective (due to DNS cache). You can speed up this process by either turn off and on the WIFI on the device or reboot it.
• If it eliminates the access problem, it confirms that something in Firewalla is blocking the site, continue to Step 2
• If this still doesn't work, go to Step 1.2

Note: Emergency Access will suspend your customized blocking rules. Default inbound blocking and Active Protect will still work when it's on. Other block features won't be affected.

Step 1.2: Turn off monitoring on the device 

• Go to Main -> Devices
• Tap on the device that's having problems connecting
• Scroll to the bottom and turn off monitoring. 

If you are running DHCP mode, you may need to turn off and on the WIFI on the device to let it acquire a new IP address. 

• If it doesn't fix the problem, you should stop and check your network (wiring, router configuration, compatibility with other devices etc) or contact us.
• If this fixes the problem, go to Step 2.

DNS Servers:

Please also check carefully on the DNS servers you are using, in case they are filtering results. If possible change to a more open DNS like 1.1.1.1 or 8.8.8.8

 

 

STEP 2. Check Block Rules

Step 2.0: Identify the Blocking Rules (all platforms)

• Rule Diagnostics tool can also be found here: App Main screen -> Rules  -> the top right corner "…" -> Diagnostics. You can manually fill in the site you can't access and the device you are an issue with, and run the diagnosis manually. 

If no rule shows up while all features in Step 3  are disabled

Please disable rules one by one. Some different sites will share the same IP mapping. When you block one, others will be inaccessible.

 

Step 2.1: Identify the Blocking Rule Using Blocked Flows( box version 1.973 or above)

Firewalla Blocked Flows records all the flows blocked by Firewalla, you can use it to find out which IP or domain is being blocked: 

• Try to access the site or the App blocked by Firewalla.
• Go to the main screen, tap Blocked stats on the top, then in the blocked flows, find the flow that may be related to the App or the service. 

• Tap the flow, tap the "Why is it blocked?" button at the bottom, the App will run a rule diagnosis automatically.

After the diagnosis,

• If there is a rule found, go to Step 2.2. 
• If there is no rule found, then the connection is likely being blocked by other features, go to Step 3 to identify the feature. 

 

Step 2.2: After the Blocking Rule is Identified

Case 1: If it's a rule blocking a domain required by the site

For example, if you can't access docs.google.com, and you found that it's due to a global block rule on ytimg.com (which is a service/resource required by Google Doc), then pause or remove the rule. See more examples with google and youtube access.

 

Case 2: If it's a rule blocking a seemingly unrelated domain

For example, if you can not access help.firewalla.com, it could surprise you that it's due to a blocking rule on roblox.com. This is because Firewalla by default blocks at the IP level. Blocking of roblox.com will block IP used by help.roblox.com, which is the same IP as help.firewalla.com ... See this article for more explanations. 

To resolve this:

• pause/remove the rule, 
• or change the Block Mode of the rule to "Domain Only" 

 

Case 3. If it's a category block rule

For example, if you can not access pinterest.com because you have a block on "All Social Sites", you can do one of the following:

1. unblock "All Social Site"
2. remove pinterest.com and related domains from the All Social Sites category list
3. create an Allow rule for pinterest.com 

 See this article for instruction details for the above example. 

 

Case 4. If it's an allow rule that shows up

 That could be blocked by other block features. Please check Step 3.

 

Case 5. If the blocking rule is applied to other devices

Please check if there is any WiFi extender in your network. Some WiFi extenders will mix up MAC addresses while processing packets. Please temporarily power off the WiFi extender.

 

 

STEP 3. Check Block Features

Go through the following features that perform various blocking. Try turning each one off, and see if it makes any difference.  These three features will require you to flush DNS by turning WIFI off and on or reboot the device.

Ad Block

• Tap on Ad Block
• Turn off Ad Block globally or on the device experiencing the problem

For example, some google search results from "shopping" may be blocked because they are ads.

Family Protect

• Go to Main -> Family
• Turn off Family Protect globally or on the device experiencing the problem

Safe Search

• Go to Main -> Family
• Turn off Safe Search globally or on the device experiencing the problem

For example, if you have a problem accessing certain YouTube videos, it could be due to Safe Search (see this article).

 

Active Protect

Finally, try turning off Active Protect from Main -> Settings -> Features -> Active Protect. However, if the site is indeed blocked by Active Protect, chances are it's not a trusted site, and should be avoided.  

 

DNS Over HTTPS (DoH)

• Try to turn off DoH or Change Providers

• Tap on DNS over HTTPS button

We have seen DoH does some type of filtering and the results returned are not consistent from provider to provider.

 

Advanced Debugging

If you need more powerful, advanced debugging see Rule Debugging and use of tcpdump.

 

Need Help

If you still can not resolve the problem, please feel free to open a support case. We will guarantee to respond in less than 24 hours.