Firewalla Purple: Short Distance Wi-Fi

Firewalla Purple has a built-in Wi-Fi interface. This interface will appear as two logical interfaces; one can be used as an AP (Access Point) for short-distance Wi-Fi, and the other can be used in WISP (Wireless Internet Service Provider) mode to connect to APs with the most commonly used Wi-Fi security protocols: WPA, WPA2 Personal, WPA2 Enterprise. WPA3 is not supported for now.

1. Wi-Fi LAN Network
2. WAN/WISP Connection 
3. Mobile Mode

1. Wi-Fi Network

With Purple, you can create a pocket-sized AP. This allows you to connect devices to your Purple via Wi-Fi and all connected devices will be managed and secured by Firewalla. This is ideal for:

• Sharing a single Internet connection with a laptop, tablet, and phone during a holiday hotel stay. 
• Sharing a secure connection with office mates at your startup. :)
• Collaborating securely while working at a coffee house or other public Wi-Fi.

How to configure a Wi-Fi network with Purple:

1.1  Separated LAN Networks

To connect your devices to Firewalla's local network using Wi-Fi while keeping the Ethernet and Wi-Fi LAN devices separate:

1. On the Network Manager page, tap Edit → Create Network, 
2. Tap Wi-Fi Network, it will require you to enter:
   • Wi-Fi Name(SSID)
   • Password
     Firewalla will generate a random password for you, you can change it, or tap
     re-generate to random a new one.
3. Tap Create or you can also tap Advanced Network Settings to enter the network detail page, to change settings on IPv4, IPv6, DNS servers, and etc. 
4. Tap Save to save the network configuration.

In this configuration, each networks will have a separate IP range of its own. It can be a way to secure Wi-Fi devices from ethernet devices. 

1.2 Bridged LAN Networks

You can also create a shared network where the Wi-Fi and ethernet devices share a single range of IPs. This is preferred when you want to easily connect to any given device at will. This is called a bridged network. 

1. On the Network Manager page, tap Edit → LAN Network, 
2. Select Wi-Fi Interface, it will bring up the Wi-Fi settings. You'll need to assign for the Wi-Fi network:
   • Wi-Fi Name(SSID)
   • Password
     Firewalla will generate a random password for you, you can change it, or tap
     re-generate to random a new one.
3. Tap Done ->  Save to save the network configuration.

2. WAN / WISP Connection

With Purple, you can configure a network WAN connection with Wi-Fi. This is ideal for:

• Connecting to hotel or business Wi-Fi.
• Using your phone as a backup Internet connection at home.
• Connecting to a Wi-Fi-enabled LTE modem.

This allows you to connect your Purple via Wi-Fi to any Wi-Fi and then share that connection securely with all your devices.

Configure a WAN / WISP Connection

Purple allows a maximum of one Wi-Fi and one ethernet WAN connection for a total of two WAN connections. This Multi-WAN feature supports both load balancing and failover modes. 

Currently, Purple does not support the initial setup with a Wi-Fi WAN, if you'd like to use Wi-Fi as your only WAN connection, set it up with an ethernet cable first, then add a Wi-Fi WAN connection or switch the WAN Network to Wi-Fi.

Please note, WAN connection via Wi-Fi is only supported in Router mode, if you are using simple/DHCP/bridge mode, only Wi-Fi LAN is supported. 

Follow the steps below to connect Purple to the Internet by joining a Wi-Fi network:

1. On the Network Manager page, tap Edit → Create Network.
2. Tap WAN Connection via Wi-Fi, Firewalla will start to scan the available Wi-Fi network nearby, 
3. Select a Wi-Fi network and enter the Wi-Fi password if required, tap Join.
4. If you are trying to join a hidden network, tap Other… at the bottom of the list, enter the Wi-Fi name and password, then tap Join.
5. Tap Save to apply the network configuration.

Editing a Wi-Fi WAN Connection

You can edit your WAN connections. For example, If you'd like to convert a WAN connection from Ethernet to Wi-Fi:

1. Go to Network Manager and tap the WAN connection, tap Edit.
2. Tap the Wi-Fi icon → Select a Wi-Fi network (or choose Other).
3. Enter the password if required.
4. Tap Save to apply the network configuration.

If you'd like to change the Wi-Fi used for your WAN, just tap Edit, tap the Wi-Fi Name, and pick the Wi-Fi you'd like to join from the list and save.

Previously joined Wi-Fi SSIDs will be saved for this WAN connection as My Networks, Firewalla will auto-join the networks if they are nearby.

You can tap the "ℹ" icon → Forget This Network, to remove it.

3. Mobile Mode

You can use both Wi-Fi connections at the same time. Use the WAN/WISP Network to connect to the Internet and Purple's Wi-Fi Network (LAN) to connect multiple devices and maintain policies, VPN connections, etc. across all the devices.

When in this configuration, you do not need any ethernet connections.

Configure Mobile Mode

When you travel with Firewalla Purple, follow the steps below to set up a Wi-Fi to Wi-Fi connection:

Before you go

1. Best to pair the Purple with the App before traveling. Currently, Purple does not support initial setup with a Wi-Fi WAN, if you'd like to use Wi-Fi as your only WAN connection, set it up with an ethernet cable first, then switch the WAN to Wi-Fi or use Fail-over mode.
2. Make sure your purple is running in Router mode. Others don't support WAN Wi-Fi. 

When you Arrive

1. Plug the power cable into Firewalla Purple to power it on.
2. Open Firewalla App → tap the Firewalla Purple, wait for the App to discover the device.
3. After the Purple finishes booting, the App will show you a banner "Set up a Wireless Connection", tap Get Started to follow the guide.
4. Tap any Wi-Fi network you'd like to join, it can be the public Wi-Fi at Starbucks or the Wi-Fi provided by a hotel. Enter the password if required.
5. After connecting the Firewalla box to the Internet, the App will guide you to create a Wi-Fi network for your devices to connect to the Firewalla box and start being protected.

Note: If the public Wi-Fi you joined requires captive portal authentication, Firewalla will require you to join Firewalla's local network first, then guide you through the authentication process. 

If Firewalla fails to detect the captive portal login, please follow this instruction to connect manually: What to do if the ISP requires captive login/authentication via web?