Firewalla Managed Security Portal (MSP) is our web interface designed for security and infosec professionals to manage multiple Firewalla boxes easily. Learn more about MSP here, and sign up at firewalla.net/plans.

MSP 2.8 Release

1. New Features
   1. Ask FireAI
   2. Import Target Lists from 3rd-party
   3. VPN Client Support
   4. New VPN Protocol - IPsec
   5. Local Flows 
2. Enhancements
3. Bug Fixes

New Features

1. Ask FireAI

Following its launch in the Firewalla app, the Firewalla AI Assistant (Ask FireAI) is now available in the MSP Interface. Learn more about Ask FireAI.

FireAI helps you quickly understand alarms, unknown domains, and unfamiliar devices—directly from the MSP portal. It’s the same smart assistant introduced in the app, now supporting your web-based workflows.

• Available for all boxes managed by MSP, including the Blue Plus. 
• Activates only when used—no background processing.
• No personal data is sent to the cloud or used for training.
• AI responses are helpful but not guaranteed to be accurate—use your judgment for important decisions.

On MSP UI, Ask FireAI is currently available for:

• Abnormal Upload, Large Upload, Gaming Activity, Video Activity, Porn Activity, and New Device alarm. If you don't understand why you received an alarm, ask FireAI to explain it.
• Domains in network flows, reports, and the main dashboard. If you see flows to unfamiliar domains, ask FireAI to explain them.
• Devices. If you find a device on your network that you don't recognize, ask FireAI to help identify it.

Firewalla MSP users can access an additional reserve pool via their shared container during high-demand times. Learn more about Ask FireAI rate limiting.  

2. Import Target Lists from 3rd-party 

In this release, we've added support for importing target lists from 3rd-party owners! We've included a handful of popular, open-source lists that can be easily imported for use in rules. 

To import a 3rd-party target list:

1. Go to your MSP global or group view.
2. On the left navigation panel, click on Target Lists.
3. Click Import Target List.
4. Select the lists you'd like, then click Import.

Note:

• Firewalla does not test external target lists imported from 3rd-party owners. The lists are imported exactly as published. See the list of supported target lists here.
• Due to security reasons, we currently do not support importing target lists via URL. 
• These lists are synced to your MSP instance regularly after being imported.

3. VPN Client Support

To make it easier to manage VPNs, we've added VPN Client support! From an individual box on MSP, you can now:

• View and manage all VPN Client configurations and status.
• Create, edit, or delete 3rd-party VPNs using protocols such as OpenVPN, WireGuard, and AnyConnect.
  • Site to Site & Remote Access VPNs are read-only on MSP UI. To connect boxes, we recommend MSP Mesh VPN. 
  • Please note that VPN connections created on MSP are not editable on the app, but you can still turn them on/off, apply them to your devices via the app.
• Create, edit, or delete VPN Groups.
• Manage VPN settings, such as:
  • Connect or disconnect devices to a VPN or VPN Group
  • Internet Outbound Policy
  • Internet Kill Switch
  • Force DNS over VPN

To get started with VPN Client: 

1. Go to an individual box on MSP.
2. On the left navigation panel, click on the VPN Client icon.

4. New VPN Client Protocol - IPsec

In this MSP release, we now support IPsec as a VPN protocol (only available for Gold series boxes) for 3rd-party VPNs. Due to its complexity, IPsec can only be configured via the MSP interface. 

For setting up IPsec, please consult these guides:

• How to set up IPsec VPN with Unifi UDM
• How to set up IPsec VPN with AWS
• How to set up IPsec VPN with pfSense

If you'd like more tutorial guides, please email us at help@firewalla.com. 

Note: IPsec is only available with Firewalla as the VPN Client to a 3rd-party VPN Server.

5. Local Flows

In MSP 2.8.0, we've added support for local flows, giving you better visibility into traffic between devices on different networks or wireless devices connected to the Firewalla AP7.

To view local flows:

1. Go to the Flows tab on the left navigation panel.
2. Click on the Local tab at the top of the Flows page.
3. Click on a flow to see more details.

Note: Local flows are supported on Purple and Gold series boxes running router mode and version 1.980 or later.

Enhancements

• Supported canceling MSP subscriptions. If you are the owner of your MSP, you can now go to MSP Settings → Plan & Payment to cancel your subscription at any time.
• Supported the Allow action on blocked flows.
• Supported displaying a dynamic data transfer chart on the Flows page for individual boxes, which updates based on your filtering results.

Bug Fixes

Fixed in MSP 2.8.1:

• Fixed an issue where the QR code for adding boxes might not be recognizable when the web browser is in dark mode. 
• Fixed an issue where the Destination IP could incorrectly display the Source IP value for inbound flows. 
• Fixed an issue where the Destination IP column showed domains instead of IP addresses in the exported CSV file. 
• Fixed an issue where VPN connections would not reconnect with the updated configuration if changes were made while the VPN was connected.
• Fixed an issue where the UI may crash if the user frequently switches between different schedules in the rule editing dialog.

Fixed in MSP 2.8.0:

• Fixed a bug where the mute settings may be sorted incorrectly. 
• Fixed a bug where (in rare cases) changing a rule's scope may cause the rule to be ineffective. 
• Fixed a bug where sometimes the matching target may be shown as "-". 
• Fixed a bug where creating a rule using a beta target list may fail because the box is not on the beta branch. 
• Fixed a bug where the guest network may disappear after changing its configuration. 
• Fixed a bug where rules matching IP + protocol are not accepted. 
• Fixed various UI display issues.