There are two Firewalla models that support short-distance Wi-Fi:
- Firewalla Purple has a built-in Wi-Fi interface. This interface will appear as two logical interfaces; one can be used as an access point for short-distance Wi-Fi, and the other can be used in WISP (Wireless Internet Service Provider) mode to provide a WAN connection.
- Firewalla Gold and Purple SE boxes can work with the Firewalla Wi-Fi SD. This Wi-Fi interface can be used as a backup internet connection or as a temporary LAN segment. It cannot be used on both WAN and LAN networks at the same time. Here is a detailed guide on Wi-Fi SD.
This is a guide on how to enable Wi-Fi on Purple:
1. Wi-Fi LAN Network
With Purple, you can create a pocket-sized AP. This allows you to connect devices to your Purple via Wi-Fi, and all connected devices will be managed and secured by Firewalla. This is ideal for:
- Sharing a single Internet connection with a laptop, tablet, and phone during a hotel stay.
- Collaborating securely while working at a coffee shop or using other public Wi-Fi.
- Sharing a secure connection with officemates at your startup. :)
1.1 Separated LAN Networks
To connect your devices to Firewalla's local network using Wi-Fi while keeping the Ethernet and Wi-Fi LAN devices separate:
- On the Network Manager page, tap Edit → Create Network
- Tap Wi-Fi Network and enter:
- A Wi-Fi Name (SSID)
- A Password (Firewalla will generate a random password for you. You can change it or tap
re-generate to randomize a new one)
- Tap Create. You can also tap Advanced Network Settings to enter the network detail page and change IPv4, IPv6, DNS servers, and other settings.
- Tap Save to save the network configuration.
In this configuration, each network will have a separate IP range of its own. It can be a way to secure Wi-Fi devices from Ethernet devices.
1.2 Bridged LAN Networks
You can also create a shared network where Wi-Fi and Ethernet devices share a single range of IPs. This is called a bridged network and is preferable when you want to easily connect to any given device at will.
- On the Network Manager page, tap Edit → LAN Network
- Select Wi-Fi Interface to bring up the Wi-Fi settings. You'll need to assign:
- A Wi-Fi Name (SSID)
- A Password (Firewalla will generate a random password for you. You can change it or tap
re-generate to randomize a new one)
- Tap Done -> Save to save the network configuration.
Wi-Fi Settings
Channel Selection:
By default, the Channel Selection method is Automatic. If this doesn't work for you, you can tap to change the selection method to Manual. The app will then list all the available channels so you can select a better channel to avoid Wi-Fi congestion.
Maximize Compatibility:
Purple Wi-Fi will allow 2.4 GHz-only connections (including IoT devices that only support 2.4 GHz connections). Please note that Internet performance may be reduced when turned on.
2. WAN / WISP Connection
With Purple, you can configure a network WAN connection with Wi-Fi. This is ideal for:
- Connecting to hotel or business Wi-Fi.
- Using your phone as a backup Internet connection at home.
- Connecting to a Wi-Fi-enabled LTE modem.
This allows you to connect your Purple via Wi-Fi to any Wi-Fi and then share that connection securely with all your devices. It supports the most commonly used Wi-Fi security protocols: WPA, WPA2 Personal, and WPA2 Enterprise. WPA3 is not supported for now.
Configure a WAN / WISP Connection
Purple allows a maximum of one Wi-Fi and one Ethernet WAN connection for a total of two WAN connections. This Multi-WAN feature supports both load balancing and failover modes.
Currently, Purple does not support initial setup with a Wi-Fi WAN. If you'd like to use Wi-Fi as your only WAN connection, set it up with an Ethernet cable first, then add a Wi-Fi WAN connection or switch the WAN Network to Wi-Fi.
Please note, WAN connections via Wi-Fi are only supported in Router mode. If you are using Simple/DHCP/Bridge mode, only Wi-Fi LAN is supported.
Follow the steps below to connect Purple to the Internet by joining a Wi-Fi network:
- On the Network Manager page, tap Edit → Create Network
- Tap WAN Connection via Wi-Fi and Firewalla will start to scan for available Wi-Fi networks nearby
- Select a Wi-Fi network and enter the Wi-Fi password if required. Tap Join.
- If you are trying to join a hidden network, tap Other… at the bottom of the list, enter the Wi-Fi name and password, then tap Join.
- Tap Save to apply the network configuration.
Editing a Wi-Fi WAN Connection
You can convert a WAN connection from Ethernet to Wi-Fi:
- Go to Network Manager and tap the WAN connection. Tap Edit.
- Tap the Wi-Fi icon, then select a Wi-Fi network (or choose Other and enter the SSID manually).
- Enter the password if required.
- Tap Save to apply the network configuration.
To change the Wi-Fi used for your configured WAN:
- Tap Edit, tap the Wi-Fi Name, then pick the Wi-Fi you'd like to join from the list and save.
- Previously joined Wi-Fi SSIDs will be saved for this WAN connection as My Networks. Firewalla will auto-join these networks if they are nearby.
- You can tap the "i" icon to edit the Wi-Fi network, or tap Forget This Network to remove it.
-
2.4 GHz Only Lock: If you are connecting the Firewalla box to a Wi-Fi network with mixed channels (5GHz & 2.4 GHz), and 5GHz is not stable, you can tap the "i" icon and turn on 2.4 GHz Only to lock Wi-Fi networks to 2.4 GHz-only to increase the stability of Wi-Fi WAN connections. Please don't enable this feature unless your Wi-Fi SSID supports 2.4 GHz, or it may fail to connect.
- DHCP Options: DHCP Option 60 (Vendor Class Identifier) and DHCP Option 61 (Client Identifier) on WAN connections are supported. As part of the 1.53 app release, we've provided a flexible way of configuring DHCP Options on both WAN (client options) and LAN (server options) networks. You can see a video tutorial or read more about this feature in our Firewalla App Release 1.53 notes.
3. Mobile Mode
You can use both Wi-Fi connections at the same time. Use the WAN/WISP Network to connect to the Internet and Purple's Wi-Fi Network (LAN) to connect multiple devices and maintain policies, VPN connections, and more across all your devices.
In this configuration, you do not need any Ethernet connections.
Configure Mobile Mode
When you travel with Firewalla Purple, follow the steps below to set up a Wi-Fi to Wi-Fi connection:
Before you go:
- It's best to pair the Purple with the Firewalla app before traveling. Currently, Purple does not support initial setup with a Wi-Fi WAN. If you'd like to use Wi-Fi as your only WAN connection, set your box up with an Ethernet cable first, then switch the WAN to Wi-Fi or use failover mode.
- Make sure your Purple is running in Router mode. Other modes don't support WAN Wi-Fi.
-
When you arrive:
- Plug the power cable into Firewalla Purple to power it on.
- Open the Firewalla app and tap the Firewalla Purple. Wait for the app to discover the device.
- After the Purple finishes booting, the app will show you a banner "Set up a Wireless Connection." Tap Get Started to follow the guide.
- Tap any Wi-Fi network you'd like to join. It can be the public Wi-Fi at Starbucks or the Wi-Fi provided by a hotel. Enter the password if required.
- After connecting the Firewalla box to the Internet, the app will guide you to create a Wi-Fi network for your devices to connect to the Firewalla box.
Note: If the public Wi-Fi you joined requires captive portal authentication, Firewalla will require you to join Firewalla's local network first, then guide you through the authentication process.
If Firewalla fails to detect the captive portal login, please follow this instruction to connect manually: What to do if the ISP requires captive login/authentication via web?
To run Purple Wi-Fi WAN and Wi-Fi LAN at the same time, both must use either 2.4ghz or 5ghz – no mixing.