(Previously "My Firewalla".)
My Firewalla (my.firewalla.com) will be deprecated on June 1, 2026.
The Firewalla Web Interface, or MSP Lite, is a complementary management interface to the mobile app using Firewalla MSP. The goal is to provide:
- A richer and more in-depth view of your network
- Some of the more complex operations that are not possible on the mobile app
- A quicker way for us to deploy features ahead of the mobile app
Note that this was previously referred to as My Firewalla, or my.firewalla.com. We've given the free web interface some TLC by providing:
- An updated user interface, but with the exact same functionality as my.firewalla.com
- Email-based logins
- 2FA support for business applications
If you're interested in multiple box management, extended data visibility, detailed Reports, and more features, see MSP Professional or MSP Business.
- Dashboard
- Devices
- Alarms
- Flexible Search and Bulk Action
- Target List
- Export
- Flows
- What products does it support?
- How to access it
- FAQs
Dashboard
Devices
Edit Device Name or assign to Group directly from the Device list:
Alarms
Mute any type of alarms on a specific device or all devices:
Flexible Search and Bulk Action
Search anywhere and take action on multiple items at once:
Target List
Target lists allow you to create your own list using an IP or domain address; this list can be used to create rules to block, allow, or prioritize a group of targets. If you have a lot of rules, this feature can help you to organize them.
- Target Lists can only be created and managed using Firewalla MSP (including MSP Lite, Professional, and Business).
- Target Lists can be applied via Firewalla MSP or App.
- Maximum number of items per list:
- MSP Lite: up to 200 items
- MSP Professional/Business: up to 2000 items
- Maximum number of custom lists that can be created:
- MSP Lite: up to 20 lists
- MSP Professional/Business: up to 100 lists
Learn more about Target Lists here.
Export
Export devices/alarms to a .csv format file.
Flows
Search and filter flows by device, source, destination, direction, and more.
Search/Filter Syntax:
If you filter for different fields (device, destination), the results are AND.
The below search syntax means all flows that are outbound AND BlockType:"IP filtering".
Direction:Outbound BlockType:"IP Filtering"If you only wanted flows that were outbound AND blocked by IP filtering AND had a specific destination, you could add:
Direction:Outbound BlockType:"IP Filtering" Destination:184.169
If you use multiple queries using the same field, the results are OR. For example, the below search syntax would return flows blocked by either IP Filtering OR TLS filtering.
BlockType:"IP Filtering" BlockType:"TLS Filtering"
Similarly, to return flows from the United States OR China:
Region:"United States" Region:"China Mainland"
Or ask for flows from multiple devices:
Device:"Mom's iPhone" Device:"Dad's iPhone"
What products does it support?
The web interface is supported on all Firewalla units. It is not (officially) supported on Firewalla Red (it may or may not work).
How to access it
- From your web browser, go to https://firewalla.net.
- Click Sign In in the top right corner.
- You will need a Firewalla MSP account to access the Free Portal. Please sign up for an account if you don't have one already, or enter your credentials here.
- After signing in, you should see a QR Code on your screen. If you don't, click Compare Plans > Continue with Lite to launch the free portal.
- Then, scan the QR code with the Firewalla App. The QR Code scanner can be found on the Box Selection screen at the top left corner, with the icon [--].
- Alternatively, you can:
- Tap directly into the box you want to manage
- Tap Box Settings (gear icon) in the top right corner
- Tap Open in Desktop Browser.
- Scan the QR Code with the App's QR Scanner.
FAQs
- How does it work?
- What role does the web interface play?
- Why not have a local web interface instead?
- Why do I need to scan the QR code to log in?
- Can you replicate all the mobile app functions on the Web Interface?
- Can I log into the Web interface from off-site?
- Can I manage multiple boxes from the web?
How does it work?
The web interface is hosted on a central server in Amazon AWS. There is no data stored in permanent storage on this server. Its primary role is to bridge the data from your Firewalla boxes to the web interface.
- No permanent storage of your data
- Data is always streamed dynamically from your Firewalla box
- Data is dynamically decrypted and stored in memory
- After you scan the QR code, some pieces of data may stay in memory for up to 24 hours, or until the login expires.
- Scanning the QR code will dynamically exchange keys and allow the web session to temporarily talk to your box.
What role does the web interface play?
This interface will always complement the mobile interface.
Why not have a local web interface instead?
When we started Firewalla, we wanted everything to be both simple and powerful, which is why we built a dedicated mobile app.
We wanted the presentation layer (UI) to be separate from the control logic. In other words, the interface and core control logic are never running on the same box. Most attacks are web-based, and adding another local web layer would increase complexity and risk. Keeping them separate helps ensure stronger security.
A cloud-based web interface also allows us to release features faster. Each Firewalla box release takes around 3 to 5 months. We did a monthly data overview feature on the web, and it took us just two days to release the UI.
From a software architecture perspective, having the UI outside of the firewall will make it more efficient and secure.
Why do I need to scan the QR code to log in?
In Firewalla, there is no username and password. Everything is based on public key/private keys (Firewalla has end-to-end encryption enabled). When you log into the web interface, the authentication part is the private key stored on your phone. This enables the web interface to decrypt your flow data (and is the reason for the QR scan).
Since we are security people, we do not want this decryption capability in the web server forever, so the web server will wipe its memory after a few hours of usage.
We are also working on other ways to log in, but they will still involve the app.
Can you replicate all the mobile app functions on the Web Interface?
Not until the web interface is widely used. It is extremely expensive (and time-consuming) to keep three different UI (iPhone/Android + Web)
Can I log into the Web interface from off-site?
Yes. As long as you have a paired phone, you can log in anywhere.
Can I manage multiple boxes from the web?
If you're an IT professional or a home user looking for a more heavy-duty web interface, try upgrading your MSP plan to Professional or Business. With a paid plan, Firewalla's Managed Security Portal (MSP) makes it easy to securely manage multiple Firewalla boxes from anywhere with features like:
- A private domain
- Box update management
- Reporting and Extended logging and analytics
- Programmable APIs/Webhook/Slack/IFTTT integration
- VPN Mesh
- Purely email-based login (you do not need your phone to scan the QR code and access your boxes)
Upgrade to Firewalla MSP Professional or Business here. All paid plans include a discounted 3-month trial. Learn more in our Firewalla MSP introduction article.
If you have any issues, please contact us: Contact Firewalla Support
Comments
20 comments
The web interface is outstanding - very intuitive. Will there be a way to create (various) user-created filters that removes "mundane" IP traffic from the traffic list generated in "Insights"? Various filter lists could be created with Destination IPs and ranges of destination IPs to include or exclude. A filter list could also be added to be selecting the Destination IP addresses on the web page and adding them to a given filter so that the Destination IPs are included or excluded when the filter is applied. I imagine using this more to exclude mundane IP traffic so I can see the more unusual accesses in the Insights list. Many thanks,
@richard, make sense. Will ask our developers to create an issue on this.
This is AWESOME. I just installed my firewalla 2 weeks ago and running the iOS interface on my ipad was making me so crazy that I was going to inquire about returning the device!
An obvious addition I hope will be the general ability to manage the network settings through the web. Right now, it seems like the web interface is primarily a portal to view info
Areas that I especially like:
The Devices screen! This is SO MUCH easier than looking through the device list on the ipad! I love being able to click on the device and getting full details on it. But, why can't we edit the network information for devices here? It looks like we can add rules, but I'd like to manage the DHCP reservation here. The device screen seems like an obvious location to go to to manage these settings. For instance, I have a bunch of devices that need to have reserved IP addresses. Doing that on the iOS interface was frankly a collossal PITA, but on the web interface, it could be dramatically easier if you allowed editing there
Having it locally would have a massive boost in responsiveness. FWG to AWS to desktop, round trip is unwarranted.
The web server on the local FWG could be updated as per existing schedule or with a separate package and versioning.
Please do think about having it locally.
Hello folks,
I love the firewalla web interface (with its limitations) and I use quite often. But I am struggling stupidly to manage more than one box from the firewalla web interface.
If I press over "manage boxes" I have no option to add a second box. Neither I can from the phone app main screen. How is it done? Thanks.
You will have to login via the other box to manage it. The web interface to manage multiple units is not yet ready for prime time (as of the time of this message)
Thanks for the prompt reply. While I am unsure about what you mean by that, the only way I found is to use an incognito mode to open the second one. I thought It was implemented, thanks.
Cheers.
I really appreciate Firewalla devoting resources to a having web interface in addition to the phone apps for many reasons, including having a larger screen to view more information at once, exporting logs/events/etc, and what looks like a big picture goal of a user being able to import configuration settings lists such as the block list, and generally being able to save time.
My compliments to the Firewalla devs for adding onto your existing development workloads what seems like an entirely new dimension of development, and making it all look easy in the process lol, considering how well formed and smooth it is already, particularly given how young this new long-term development effort is.
Thanks! I look forward to continue trying new features and watching it grow.
Please continue to invest time and resources to allow the Web interface to have all of the features and not just complement the mobile GUI, but allow full autonomy and independence. Myself and I believe many tech-savvy users use web GUI interfaces for many applications and servers and would benefit greatly from a well-defined and independent, feature-full web GUI.
Thank you!
I love the work on the web interface. Will a different login method ever be implemented? I spend a good portion of my day in an area without my phone. At times it would be nice to sign-in with user and password. Having another form of 2FA would be nice. Thanks!
I really enjoy the Purple and Gold products and look for better ways to use them for myself and others. That said, I have noticed that the MSP interface shows an events view that is missing on the desktop browser interface designed for non-MSP folk. However, the events are visible in the mobile app.
This is an issue as internet events used to generate alarms that the admin could take action on, but now do not seem to raise any alarms. They are noted as events, but there is no other notification. Such events are just noted silently and hope they are discovered by someone looking.
One more vote here for making the Web interface the primary control source for Firewalla. The phone screens are too small. Very difficult to read. Not much room for a lot of information.
The WebUI has lots of room. And my computer screens are much easier to read and interact with. The current WebUI is well behind the phone interface. Hopefully you can get it up to speed shortly.
And making the login process easier would be great. And allow the login to be semi permanent would be a big improvement.
Could not agree more with the last comment. Upvoted
And let me leverage this same comment to request the inclusion of target list management within the mobile app. It is a big pain not being able to include one new IP to one list on the go, because they can only me modified through web interface or MSP. Thanks.
I would like to add a feature request where clicking on Open in Desktop Browser would allow you to also open the web interface from the same mobile device itself without requiring a second device to scan a QR code with. That way I could either use the app or the browser from the same mobile
Web "Security Lookup" vendors to Match the Mobile Apps
Can we have the number of Security Lookup vendors match what we have on the Mobile Apps.
Makes it easier when trying to go through 30,000-50,000 Log Entries a day via the Web Portal and deciding to Block or Allow connections.
Domain Security Lookup Missing in Web App - VirusTotal, Shodan, AbuseIPDB, Hurricane
IP Security Lookup Missing in Web App - VirusTotal, Shodan, AbuseIPDB, Hurricane, GreyNoise
I appreciate your statement about a full web interface being local. But not having a local web interface at all makes specific scenarios (like diagnosing and changing internet connection properties) more difficult than it could be.
The Unifi USG took an approach where the local web interface just contained some very core things: Port configuration, status, IP address, Internet connection settings, reboot. That way you can get the device connected to the internet and diagnose issues without the current dancing around you sometimes need with bluetooth/connecting via another router just to commission
Your phone app is still the main interface, and if the internet is down, it has the ability to configure the firewalla via Bluetooth. (which is likely can't be done with anything 'local')
Yes, I understand this - and I'm suggesting a local web interface with some key settings to allow you to get online would be better from a commissioning and diagnostic point of view - rather than have to get near the device and use bluetooth.
Hi Firewalla.
I need to know how to prevent any form of access to the firewalla via the internet. We shld only managed the firewall from within the internal network, or via VPN. Having access from public internet is a security risk.
Pls have an option that only allows mgmt only from within the local IP or network.
Thank you.
The web interface FAQ currently states the following about its AWS deployment:
All of these appeals to better security and efficiency make good sense. My question is: why not release a Docker container image, so that consumers could self-host the web interface if they wanted? ...Something roughly comprable to applications like Bitwarden or Actual Budget, where cloud-hosted access is available (and easy), but a completely local-only access model is possible.
Please sign in to leave a comment.