The Firewalla Web Interface is a complementary management interface to the mobile app. The goal is to provide:
- a richer and in-depth view of your network
- some of the more complex operations that are not possible on the mobile app
- a quicker way for us to deploy features ahead of the mobile app
Dashboard
Devices
Edit Device Name or assign to Group directly from the Device list:
Alarms
Mute any type of alarms on a specific device or all devices:
Flexible Search and Bulk Action
Search anywhere and take action on multiple items at once:
Target List
Target lists allow you to create your own list using IP or domain address; this list can be used to create rules to block, allow, or prioritize a group of targets. If you have a lot of rules, this feature can help you to organize them.
- Target Lists can only be created and managed using the Firewalla Web interface.
- Target Lists can be applied via the Web or App.
- Target List items are restricted to 200 items
- Domain
- IP
- IP Range
- You can only create up to 20 target lists
Export
Export devices/alarms to a .csv format file.
Flows
Note, If you filter for different fields (device, destination) the results are AND. So
Direction:Outbound BlockedBy:"IP Filtering"
means all flows that are outbound AND Blockedby:"IP filtering". If you only wanted flows that were outbound AND blocked by IP filtering AND had a specific destination, you could add:
Direction:Outbound BlockedBy:"IP Filtering" Destination:184.169
If you use multiple queries using the same field, it is an OR. For example:
BlockedBy:"IP Filtering" BlockedBy:"TLS Filtering"
Region:"United States" Region:"China Mainland"
Device:"Mom's iPhone" Region:"Dad's iPhone"
What products does it support?
The web interface is supported on:
It is not (officially) supported on Firewalla Red (it may or may not work)
How to access it
- From your web browser, go to https://my.firewalla.com. You will see a QR code displayed on-screen.
- From your Firewalla App, tap on the Firewalla box instance from the home screen, tap on the top right gears button, tap on " Open In Desktop Browser". It will turn on the camera for scanning.
- Use the phone to scan the QR code displayed on your browser in step 1. You will then be logged into the web and directed to the dashboard page.
How does it work?
The web interface is hosted on a central server in Amazon AWS. There is no data stored in permanent storage on this server. Its primary role is to bridge the data from your Firewalla boxes to the web interface.
- No permanent storage of your data
- Data is always streamed dynamically from your firewalla box
- Data is dynamically decrypted and stored in memory
- After you scan the QR code, some pieces of data may stay in memory for up to 24 hours, or until the login expires.
What role does the web interface play?
This interface will always complement the mobile interface.
Why not have the interface local to the Firewalla box?
A cloud-based web interface will allow us to release features much faster. Each firewalla box release takes around 3 to 5 months. We did a monthly data overview feature on the web, and it took us 2 days to release the UI.
From a software architecture perspective, having the UI layer outside of the firewall will likely make the firewall more efficient and secure.
Why do I need to scan the QR code to log in?
In Firewalla, there is no user name and password, everything is based on public-key / private keys. (Firewalla has end-to-end encryption enabled). When you log in to the web interface, the authentication part is the private key stored on your phone. This enables the web interface to decrypt your flow data. (The reason for the QR scan)
Since we are security people, we do not want this decryption capability in the webserver forever, so the webserver will wipe its memory after a few hours of usage.
We are also working on other ways to log in, but it will still involve the smartphone.
Can you replicate all the mobile app functions on the Web Interface?
Not until the web interface is widely used. It is extremely expensive (and time-consuming) to keep three different UI (iPhone/Android + Web)
Can I login Web interface from offsite?
Yes. With the paired phone, you can login from everywhere.
If you have any issues, please contact us here: https://help.firewalla.com/hc/en-us/articles/360049896733
Comments
13 comments
The web interface is outstanding - very intuitive. Will there be a way to create (various) user-created filters that removes "mundane" IP traffic from the traffic list generated in "Insights"? Various filter lists could be created with Destination IPs and ranges of destination IPs to include or exclude. A filter list could also be added to be selecting the Destination IP addresses on the web page and adding them to a given filter so that the Destination IPs are included or excluded when the filter is applied. I imagine using this more to exclude mundane IP traffic so I can see the more unusual accesses in the Insights list. Many thanks,
@richard, make sense. Will ask our developers to create an issue on this.
This is AWESOME. I just installed my firewalla 2 weeks ago and running the iOS interface on my ipad was making me so crazy that I was going to inquire about returning the device!
An obvious addition I hope will be the general ability to manage the network settings through the web. Right now, it seems like the web interface is primarily a portal to view info
Areas that I especially like:
The Devices screen! This is SO MUCH easier than looking through the device list on the ipad! I love being able to click on the device and getting full details on it. But, why can't we edit the network information for devices here? It looks like we can add rules, but I'd like to manage the DHCP reservation here. The device screen seems like an obvious location to go to to manage these settings. For instance, I have a bunch of devices that need to have reserved IP addresses. Doing that on the iOS interface was frankly a collossal PITA, but on the web interface, it could be dramatically easier if you allowed editing there
Having it locally would have a massive boost in responsiveness. FWG to AWS to desktop, round trip is unwarranted.
The web server on the local FWG could be updated as per existing schedule or with a separate package and versioning.
Please do think about having it locally.
Hello folks,
I love the firewalla web interface (with its limitations) and I use quite often. But I am struggling stupidly to manage more than one box from the firewalla web interface.
If I press over "manage boxes" I have no option to add a second box. Neither I can from the phone app main screen. How is it done? Thanks.
You will have to login via the other box to manage it. The web interface to manage multiple units is not yet ready for prime time (as of the time of this message)
Thanks for the prompt reply. While I am unsure about what you mean by that, the only way I found is to use an incognito mode to open the second one. I thought It was implemented, thanks.
Cheers.
I really appreciate Firewalla devoting resources to a having web interface in addition to the phone apps for many reasons, including having a larger screen to view more information at once, exporting logs/events/etc, and what looks like a big picture goal of a user being able to import configuration settings lists such as the block list, and generally being able to save time.
My compliments to the Firewalla devs for adding onto your existing development workloads what seems like an entirely new dimension of development, and making it all look easy in the process lol, considering how well formed and smooth it is already, particularly given how young this new long-term development effort is.
Thanks! I look forward to continue trying new features and watching it grow.
Please continue to invest time and resources to allow the Web interface to have all of the features and not just complement the mobile GUI, but allow full autonomy and independence. Myself and I believe many tech-savvy users use web GUI interfaces for many applications and servers and would benefit greatly from a well-defined and independent, feature-full web GUI.
Thank you!
I love the work on the web interface. Will a different login method ever be implemented? I spend a good portion of my day in an area without my phone. At times it would be nice to sign-in with user and password. Having another form of 2FA would be nice. Thanks!
I really enjoy the Purple and Gold products and look for better ways to use them for myself and others. That said, I have noticed that the MSP interface shows an events view that is missing on the desktop browser interface designed for non-MSP folk. However, the events are visible in the mobile app.
This is an issue as internet events used to generate alarms that the admin could take action on, but now do not seem to raise any alarms. They are noted as events, but there is no other notification. Such events are just noted silently and hope they are discovered by someone looking.
One more vote here for making the Web interface the primary control source for Firewalla. The phone screens are too small. Very difficult to read. Not much room for a lot of information.
The WebUI has lots of room. And my computer screens are much easier to read and interact with. The current WebUI is well behind the phone interface. Hopefully you can get it up to speed shortly.
And making the login process easier would be great. And allow the login to be semi permanent would be a big improvement.
Could not agree more with the last comment. Upvoted
And let me leverage this same comment to request the inclusion of target list management within the mobile app. It is a big pain not being able to include one new IP to one list on the go, because they can only me modified through web interface or MSP. Thanks.
Please sign in to leave a comment.