- Firewalla App version 1.64.2 is now available to all prod users. This release includes several new features for the Firewalla Access Point 7. Learn more about App version 1.64.2.
- Firewalla App version 1.64.1 is available to all users. Learn more about App version 1.64.1.
---
App 1.64 Release
New Features
1. Local Flows (Requires box version >=1.980)
The app now supports displaying the flows across networks for Firewalla boxes with more than one local network configured. A chart on the box's main screen will show Data Transferred and the number of Local Flows for the last 24 hours. Tap the chart to see which device sends or receives the most data to or from other devices on your network.
To display local flows, your Firewalla unit must be in Router mode and have more than one local network configured. (Bridge mode will likely come in a later release.) Due to the memory limit, the detailed history of local flows is not supported on Firewalla Purple and Purple SE.
Local flows are displayed if traffic is between:
- Wired devices connected to different ports on the Firewalla unit and passing through Firewalla.
- Wireless devices connected to the Firewalla Access Point 7.
Local flows are not displayed if traffic is between:
- Wired devices connected to a switch and passing internally through it.
- Wireless devices connected to third-party (non-Firewalla) access points.
2. VPN Group for Failover (Requires box version >=1.980)
When connecting devices to a VPN, some service providers may offer multiple servers for failover in case one becomes unavailable. For boxes running in Router Mode, Firewalla now supports creating VPN groups, allowing you to create a VPN group that includes multiple VPN profiles for improved availability.
- Firewalla will connect to all VPN clients in the group at the same time. When the primary VPN profile fails, it will forward the traffic to the next available profile in the list.
- The order of the VPN profiles can be rearranged. Tap Edit in the top right corner of the VPN Group and drag and drop the profiles into the desired order.
Note: Port forwarding and Unbound over VPN are not currently supported with VPN groups; you may need to continue using individual VPN profiles for these features.
3. Firewalla AP7 Support (Requires box version >=1.980)
With App version 1.64 and Box 1.980, we are introducing Firewalla Access Point 7, which enables you to build a Zero Trust Network with Wi-Fi 7 and Firewalla.
More information can be found here: https://firewalla.com/ap7
Enhancements
1. iPad Landscape Mode (Experimental Feature)
In response to community requests, this release introduces iPad landscape support for Beta and Early Access users. As long as you are using both the Testflight App and your Firewalla box is in Beta or Early Access mode, landscape support will be enabled automatically and no configuration is needed. (This feature is experimental, we do not intend to release it to production soon.)
2. Display Roaming Event during Wi-Fi Test
To make the Wi-Fi test feature even better, we've added BSSID and Channel Info to the test. If you are walking around and your Wi-Fi connection has roamed from one AP to another, the graph will show the last four digits of the new BSSID and the channel your phone is connected to.
If you are using a Firewalla Access Point, the app will display the name of the Access Point instead. Tap the info icon to go directly to the Access Point's detail page.
Bug Fixes
- Fixed several display issues.
-
Recent Firewalla Access Point Releases:
- Version 0.1.101.1.5.48 is available to Early Access Access Points. Learn more about this release.
- Version 0.1.95.1.4.35 is available to all Firewalla Access Points. Learn more about this release.
- Version 0.1.95.1.3.140 is available to all Firewalla Access Points. Learn more about this release.
- Version 0.1.95.1.1.436 is available to all Firewalla Access Points. Learn more about this release.
Known Issues
-
Issue: With the box 1.980 update, the live throughput chart on the box's main screen may show an unusually high spike for about 1 to 2 seconds after opening the app.
How to Fix: This issue has been fixed in the latest app update.
-
Issue: When the New Device Quarantine feature is enabled on one network, the new device alarm notifications for other networks (where New Device Quarantine is not enabled) may also show that devices have been quarantined. This is a UI display bug.
How to Fix: This issue has been fixed in the latest box update.
-
Issue: Network flows may not be shown correctly on boxes set up recently.
How to Fix: This issue has been fixed in the latest box update.
-
Issue: Device Isolation or VqLAN is only available when the Firewalla AP7 is installed on your network and devices are connected to it. If a device connected to the AP7 with Device Isolation enabled switches to a different access point, the isolation button will be hidden. However, Firewalla will still block traffic to and from other networks for that device.
-
Issue: On iOS, "VPN client, VPN Group, applied to" will show "% devices" when the Firewalla Language is set to "System Defaults" and the phone language is Italian, Dutch, Spanish, or Japanese, or the Firewalla Language is set to non-English.
- Issue: [1.980] If you have an IPv6 DNS configured on the WAN interface, and when that DNS server hangs (not reply anything back), some Firewalla services may be slow to start or fail to start when booting up Firewalla.
Most feature in this release requires box version 1.980 or above, which is available on:
- Firewalla Gold, Gold Plus, Gold Pro, Gold SE, Purple, Purple SE, and Blue Plus Prod release
---
App 1.64.1 Release
These features are specific to the Firewalla AP7. (learn more https://firewalla.com/ap7)
New Features & Enhancements
New Features
1. Status Light Control
By popular demand from our community, we've added a toggle button for the AP7 status light.
- To turn it on or off, go to your box's main screen > tap Wi-Fi > Access Points tab > select an AP7 > scroll down > toggle the Status Light button.
Note: The light will still blink to indicate an abnormal status, even if it is turned off. Learn more about the status light definitions here.
2. Group Devices by Connected Access Points
You can now group devices by their connected access point on the Devices list.
- From the box's main screen, tap Devices > View Options (top right corner) > Group Devices by Connected Access Point to group devices by their Access Point and frequency band.
We've also added a new label that displays the band each device is using when sorting the list by signal strength.
- In the View Options, select Signal Strength to display the signal strength and band.
The Access Points tab of the Wi-Fi page now displays the number of devices connected to each AP7, including the band they're connected to.
- From the box's main screen, tap Wi-Fi > Access Points to view your Access Points and the number of devices connected to each band.
3. New Security Type - Mixed Personal
To make Firewalla Wi-Fi compatible with more devices, we've added a new security type for Wi-Fi: Mixed Personal. When selected, the 2.4 GHz and 5 GHz bands will use WPA2 Personal, and 6 GHz will use WPA3 Personal.
- To set the security type, go to your box's main screen > tap Wi-Fi > select an SSID > tap Edit (top right corner) > Security > Mixed Personal.
Mixed Personal will be the new default security type when creating an SSID.
4. 5 GHz Band Enhancements
Change 5 GHz Channel Width
The default maximum bandwidth of the 5 GHz band is set to 160 MHz. If you prefer to lower the width, you can now adjust it under the 5 GHz Band section on an Access Point's detail page.
- To change the width, go to your box's main screen > tap Wi-Fi > Access Points tab > select an AP7 > tap Channel Width under 5 GHz Band > select a width.
Firewalla will attempt to use the highest available bandwidth when possible, but it may be reduced if the selected channel doesn't support it or if it overlaps with radar signals in your environment.
Disable 5 GHz DFS Channels
When the 5 GHz Band channel selection is set to Automatic, Firewalla AP7 will include DFS channels to optimize network performance. DFS can increase the number of available channels for your devices, but these channels are also shared with radar systems (such as weather, airport, or military radar).
If you have devices that don't support DFS channels (e.g., Roku TV) or live near an airport or military base and experience radar interference, you can disable DFS on the Wi-Fi Settings page. This change will apply to all your Access Points.
- To turn DFS channels off, from your box's main screen > tap Wi-Fi > Wi-Fi Settings (top right corner) > toggle the 5 GHz DFS Channels button.
5. Toggle Wi-Fi On/Off
If you have Firewalla Wi-Fi created but not in use, you can now temporarily disable it from the app. This is great for Guest Wi-Fi when you're not having any guests over.
- To turn off Wi-Fi temporarily, go to your box's main screen > tap Wi-Fi > select any SSID > tap Edit (top right corner) > toggle the Wi-Fi switch > tap Save.
The SSID will stop being broadcast and any devices connected to it will be disconnected.
6. Storm Control
Storm control helps suppress broadcast and multicast traffic from flooding your network and degrading performance. This feature is currently in beta, and it's not enabled by default.
- To enable Storm Control, go to your box's main screen > tap Wi-Fi > Wi-Fi Settings (top right corner) > toggle the Storm Control button.
7. Port Speeds on AP7
If you experience any speed drops when your devices are wired to an AP7, you can now view the port speeds.
- To view port speeds, go to your box's main screen > tap Wi-Fi > Access Points tab > select an AP7 > tap Port Speed.
This will display the negotiated port speed for each Ethernet port. If the speed is lower than expected, check your wired device or consider changing the Ethernet cable.
Known Issues:
-
Issue: About a minute after making changes to any Wi-Fi settings, the disabled Wi-Fi may become discoverable to Wi-Fi clients.
-
Issue: The signal strength and label of the wireless Access Point may be displayed incorrectly. (iOS only)
How to fix: It will be fixed with the next app update.
---
App 1.64.2 Release
New Features & Enhancements
New Features
1. IP Reservation and Local Domain on AP7
By popular demand from our community, we've added the ability to reserve an IP address and use a local domain for Firewalla AP7 Devices.
- To reserve an IP address, go to your box's main screen > tap Wi-Fi > Access Points > tap on any Access Point > IP Address > choose Reserved.
- To use a local domain, go to Wi-Fi > Access Points > tap on any Access Point > Local Domain.
Note: Similar to a normal device, when reserving a different IP address for the AP7, it won't adopt the new IP until reconnected to the network or the current lease is over.
2. Blocked Local Flows Enhancement
Display Device Name and Icon
In app version 1.64.2, blocked local flows now show device names instead of private IP addresses for easier recognition. Basic device info is also displayed on the flow detail page, similar to normal local flows.
Enhancements
- Increased the microsegment limit from 20 to 30.
-
Added a warning for Wireless-Connected APs when signal is weak.
-
Supported for restoring access point configurations during Initial box setup. (Supported on iOS app 1.64, Android app 1.64.2)
Bug Fixes
- Fixed an issue where the app control list might display missing icons.
-
Fixed inconsistencies between signal status and signal strength values on wireless devices.
- Fixed several incorrect error messages.
Comments
20 comments
Love the local flows! Will this show all flows between all LAN/VLANS?
Local flows will show traffic between LAN and VLAN (port or VLAN based segments). The detailed flows are only available on Gold series. (purple, you can only see a summary)
If you have the Firewalla AP7 (coming in January), you will be able to see same LAN traffic.
Are local flows not available if utilizing transparent bridge mode?
I'm using Firewalla Gold Pro Beta Release, Box version 1.9790 and iOS app version 1.64 (125). Is there a way to migrate/force the box to upgrade to version 1.980 in order to take advantage of the Local Flows?
I need to research differences between Early and Beta release's.
Can you get them to add the protocol as well as the port number on these flows?
@DanM
Please see our Early Access Onboarding instructions to upgrade your box to 1.980.
Thank you. I have sent the email and am awaiting a response. I looked at my app Beta Program option and the only choice is "Leave App Beta Program". I am assuming an alternate option will show up either automatically or once I have received an email confirming acceptance into the Early Access Program. If incorrect, please advise.
Thank you.
EDIT, Update: 10 taps was recognized and transitioning. Thank you
@DanM
Yes, once you have been accepted into the EA program, you should be able to move on to step 2 of the EA Onboarding instructions:
Hi - I am in the EA program and have the 1.980 firmware update installed with the latest (1.64) EA app on my FWG Plus device. When checking the Local Flows I don’t see any activity even though I have 6 VLANs and multiple cross VLAN transfers. Is this a known issue? Tks!
Do you have the segments isolated? via rules? if not, are you aware of any LAN to LAN traffic?
Yes, my segments are isolated using VLANs with Rules. I also tested copying a file from one segment/VLAN to another and did not see any activity in the Local Flows though I see the transfer/activity show under Live Throughput. NOTE: I have opened a ticket for this at support@firewalla.com as well.
VPN Group, I would suggest adding an option to cycle or randomize which VPN is in use within a group, having a list of many VPN that rotate could help with privacy vs hitting the same one first all the time.
Are local flows only work if the flow is going across the firewalla’s network ports? For me it doesn’t seem to track devices that are communicating between each other on the same switch downstream. Only devices whose traffic is crossing Firewalla local lan ports is tracked. Is that correct? Running Firewalla Gold in router mode.
Unless you are using the firewalla AP7 and your devices are attached to it, Firewalla local flows (in fact all firewalls) can't see your local flows between devices outside of the firewalla.
You can see traffic between devices in your LAN only if they are on different subnets (and assigned a separate VLAN ID in the downstream switch) otherwise there is no way for FWG to distinguish this traffic. E.G. Inter-LAN traffic (will show in Local Flows) ,Intra LAN (between devices on the same VLAN/LAN) will not show.
When will 1.980 be released to Gold?
Love this new addition and I’m seeing expected local flows between two networks. I have a third network where my pi hole lives, but I don’t see local flows from my prod and guest lans to the third pihole lan. All are separate interfaces on the gold and all are different subnets. What am I missing? Thanks in advance
Hi FW team, do you have any plans to include the local flows information within the MSP console to see everything at a glance? Right now, I can see the overall bandwidth consumed on the MSP but the detail for local flows is not going to appear there, or maybe I missed something.
This would be an important addition so one does not have to go back and forth to mobile app when you are reviewing any network usage.
Example:
@Alejandro Sánchez,
Yes, local flows will be supported in MSP version 2.8.0.
Thats great thanks.
Please sign in to leave a comment.