This app update is best paired with Firewalla 1.971.
In order to provide better control of the NAT functionality in the Firewalla Gold. We have consolidated all NAT functions under Network -> NAT Settings.
- NAT Passthrough moved from Settings -> Advanced to Network -> NAT Settings.
- Port Forwarding moved from Network -> WAN to Network -> NAT Settings.
If you have one Firewalla Box, when you first launch the Firewalla app, it will take you directly to the main screen of that Box. This feature was suggested by our Reddit users here.
1. Static Routes (Firewalla Gold)
The new Routes feature allows you to add static routes on the Firewalla Gold.
To route IP traffic destined for the network 188.8.131.52/24 to the next-hop router with the IP address of 192.168.55.120 connected to the local network LAN1. You'll need to specify 3 things below:
- Destination - 184.108.40.206/24
- Next Hop - 192.168.55.120
- Interface - LAN1
The ability to route certain traffic to the VPN network is not available yet, it will be supported in the future release with Policy-based Routes.
2. NAT Settings (Firewalla Gold)
We have moved NAT-based settings under the Network button. If you do not have advanced networks, there is no need to modify this.
Port forwarding is now under NAT settings. (Moved from WAN configuration)
Source Networks: If Source NAT is turned on, you can manually specify which networks (in addition to all the local networks) can access the internet through the SNAT gateway.
Note: Adding new source networks requires Firewalla Box version 1.972 or later.
DMZ: Select one device as a DMZ host so that it can be accessed directly from the outside of your network. An allow rule will be created on the device to allow all traffic from the internet as well.
Multi-WAN: If you have multiple WANs, Source NAT can now be turned on/off on each WAN connection separately.
3. Device Port Scan
Device Port Scan can be turned on/off on specific devices/groups/networks. This requires Firewalla Box version 1.971 or later.
4. Search domain & Local domain
- Able to set the local domain name for the entire network.
- Able to set different search domains for different local networks.
5. Advanced Options for WAN Connection (Firewalla Gold)
There are a few options that may be required by your ISP in order to get internet access. We've added these advanced options so you can configure them accordingly when creating a WAN connection:
- Change / Clone MAC Address of Ethernet Ports (Note: Changing the MAC address of Ethernet Port 4 is not supported yet)
- DHCP Option 60 - Vendor class identifier
- IGMP Proxy
- MTU/MRU for PPPoE
- You can now edit WAN DNS Server. (In addition to change LAN DNS server)
1. Block ICMP Ping (Firewalla Gold)
In Firewalla Box version 1.971 or later, ICMP Ping on WAN interface will be blocked by default, and you can manage this configuration in Box settings -> Advanced -> Configurations -> Block ICMP (Ping).
2. WAN Connectivity Test (Firewalla Gold)
The WAN connectivity test settings allow you to configure which target to use and how sensitive is the test. If Gold is configured in multi-WAN failover mode, the testing will decide if switching to the standby connection.
- Increased the number of ping test targets to 3.
- Able to edit the ping test count and success threshold.
- Able to change the default DNS test target domain.
- Issue: MAC can not be changed on Port 4 (WAN port).
How to Fix: https://help.firewalla.com/hc/en-us/articles/360060033813-Changing-MAC-Address-on-Ethernet-Port-4-Gold
- Issue: If you are setting up Firewalla Gold in DHCP mode, devices connected to the main router may not be able to access the Internet or be monitored by Firewalla, because the DHCP service on Gold's WAN port is not available.
How to Fix: E-mail us at firstname.lastname@example.org, our engineers will help you directly.