Firewalla Box Release 1.971 Multi-WAN, Smart Queue + Rate limit, Device Quarantine

Follow

Comments

27 comments

  • Avatar
    Binh Ton

    I am waiting for beta release.  I don't want to mess up the box.  Is there a page keeping track the bug progress?  When do you think it'll be released to beta channel?

    1
    Comment actions Permalink
  • Avatar
    Chris Cochran

    How do you enable "device quarantine"?  It is not clear from this article and I cannot seem to find the switch in the alpha software on ios.

    0
    Comment actions Permalink
  • Avatar
    Ramon Rodriguez

    Do I need to have the firewallla gold in router mode to be able to use smart queue or rate limit? I can't see the option or menu in the app. I have the firewalla gold in experimental simple mode, an have enabled early access.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    You will need to be in router mode for smart queues + rate limit to work.

    0
    Comment actions Permalink
  • Avatar
    Jeremya

    Really looking forward to this! Multi-WAN is going to be so nice to have. Right now I'm manually swapping ethernet uplink cables into and out of the Firewalla when we need to switch which ISP we're using. :D

    As others have requested, can we get an ETA on when this will be generally available?

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    There are still a couple of bugs on the early access at the moment (10/9/2020), once those are fixed we will push it to beta

    0
    Comment actions Permalink
  • Avatar
    Angel

    I have an issue with MULTI-WAN on Early access. right now there are 2 WAN connections. they are in load balanced. Connection A 70% and connection B 30%. I don't know why but the Firewalla is getting the DNS traffic from connection B. if connection B fails instead of rerouting the DNS requests through connection A. The whole network goes down because the firewalla is trying to send the DNS through connection B and it can't. Is there a workaround for this or should I use Failover until beta release??

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Angel, I have created a ticket for you,  so we can follow up.  Is the A/B DNS different? they are ISP DNS or public DNS like 1.1.1.1?

    0
    Comment actions Permalink
  • Avatar
    Angel

    @Firewalla, if I change the connected devices to a public DNS like 1.1.1.1 or 8.8.8.8 it works but I want to use the firewalla as DNS server because I think if I skip it maybe it could skip some blocking features. Do you block the websites and domains through DNS requests?. If not I can easily modify the DHCP to give 1.1.1.1 as Pref.

    0
    Comment actions Permalink
  • Avatar
    K Kaji

    @Firewalla, I'm running Firewalla 1.971 in Advanced Simple Mode. It's working well so far, but today I got unusual alarms "newalarm.title.ALARM_DUAL_WAN". Network connections are likely working without any problem. Do you think this is kind of serious alert?

    0
    Comment actions Permalink
  • Avatar
    Angel

    Hi Kaji,

    That happened to me. You need to make sure you have the App with the latest update on your phone.

    Greetings,

    0
    Comment actions Permalink
  • Avatar
    K Kaji

    Hi Angel, Thanks for your comment! I didn't notice that new App version was released. I just updated to the App 1.40 on my iOS, and it seems going well.

    Best regards,

    0
    Comment actions Permalink
  • Avatar
    Robert

    Seems like Device Quarantine will be useful to discourage IOS user from re-enabling their Private Address to get around rules. But then again, this setup would not be compatible if have guests on your network.

    1
    Comment actions Permalink
  • Avatar
    Bernie Doehner

    I started playing with VPN Server and multi-WAN (load balance) on the same box (gold early access, 1.971). Looks like it is only using ISP 1 connection though for outbound traffic or and for the VPN server end point. Will it be possible to load balance connections to a VPN Server running on a Gold?  If not, will VPN server and multi-wan at least work in failover mode?

    0
    Comment actions Permalink
  • Avatar
    Support

    @Bernie It is very likely the DDNS that is used by the VPN server to register its public IP address is mapped to the secondary WAN, which is a private IP address and not public routable unless there is port forwarding configured on the uplink router. If both WANs have public routable IP addresses, the VPN server should work no matter if it is failover or load balance.

     

    0
    Comment actions Permalink
  • Avatar
    Jeremya

    @Firewalla, can we get another estimate on the Beta release date?

    0
    Comment actions Permalink
  • Avatar
    Hartmut Drechsel

    Device quarantine will be a very useful features, looking forward to receive the fw vers 1.971 in stable release channel;

    I assume so, but I would like to ask and verify: will a new device, connecting to a vlan-tagging AP and arriving in the subnet of the vlan, also be auto-assigned to the quarantine group?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The device quarantine function applies to the whole network

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @jeremya, we are extremely close ... could be any day now. 

    0
    Comment actions Permalink
  • Avatar
    Angel

    Hi @Firewalla, after the latest update with Early access. Suddenly the network stops and everything freezes and get super slow. There is internet access but the Firewalla semms to be overloaded or something. I can access the firewalla gold from outside and works fine but the monitor says there is no traffic. Also i stoppped the monitoring, Active protect, etc. and still same issue. After restarting the Firewall starts working but after 3 minutes back to where it was. Is there a way to go back to Beta or Stable???

    1
    Comment actions Permalink
  • Avatar
    Binh Ton

    Looks like 1.971 was released to Beta channel.  My box was updated last night.  No issue so far.

    0
    Comment actions Permalink
  • Avatar
    Jeremya

    I can't seem to update to the beta from the current full release. Initially when I tried, it gave me a message about not having enough storage space. I went in and deleted the only thing I could think of, the DNS Cache. After that it allowed me to start updating to the 1.971 beta, but after 5 minutes or so it popped up a message saying it couldn't complete.

    Is there more I need to do to prepare for updating to Beta?

    0
    Comment actions Permalink
  • Avatar
    Arlo Miller

    SO MUCH AWESOMENESS HERE!  I’m so excited!

    Multiwan
    Not ready yet for me to use it, but if you develop this further, I would love to see if it could replace my Peplink 305 that I use at work.  https://www.peplink.com/products/balance-305/

    The main thing with Multiwan that the Peplink device can do that Firewalla can’t has to do with the rules for load balancing.  Specifically, on the Peplink you can have it load balance with Persistence.  This makes it so that if a device starts a secure session with some destination, that traffic always goes out through one WAN connection.  Critical for many secure web services.  MANY of the cloud based services that we use at work will terminate the session if the traffic from a device changes from WAN1 to WAN2.  the host figures you are connecting from two separate sites simultaneously and gets upset.  

    FWIW, i think Pepwave has implemented load balancing EXCEEDINGLY well and makes it really simple, so i think its worth your while to look at how they do it.

     

    Smart Q:

    This is cool!  I’m playing with it now.

    Quarantine:

    Loving this!  I’m wondering if this/along with device groups could possibly make setting up VLANs obsolete?  

    0
    Comment actions Permalink
  • Avatar
    Shawn Damon

    Can I use quarantine on devices that joins my main lan ...and those that are on Guest VLAN can continue getting access.

    0
    Comment actions Permalink
  • Avatar
    mobius strip

    For users' general knowledge and understanding, can Firewalla devs comment on the subject discussed in the Community support section linked to below?

    Your educational efforts added on top of functionality are part of what makes Firewalla awesome by the way.

    Thanks!

    "Firewalla Ubuntu 16.04 EOL"

    https://help.firewalla.com/hc/en-us/community/posts/360052992553-Firewalla-Ubuntu-16-04-EOL 

    0
    Comment actions Permalink
  • Avatar
    Daniel

    I just got updated to 1.971 (38902612).
    Is that a new version?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    This is a new version and it fixes compatibility issues with 1.972 (if you move from 1.972 to 1.971)   We do this before 1.972 goes to beta :)  so we are pretty close with another set of awesome features!

    0
    Comment actions Permalink

Please sign in to leave a comment.