App Release 1.48 is available on iOS / Android.
- Custom time for pausing rules
- Scheduled emergency access (1.973 only)
- Kid Lock: unlock App using Face ID, Touch ID or PIN
- Ethernet Port Link Speed Display (1.973 only)
- Directional ALLOW Rules
- Wi-Fi Management (Purple only)
- Link Aggregation (Gold only)
- Multiple IP Addresses on WAN Interface
1. Custom time for pausing rules
You are now able to customize the duration when pausing rules. Just Tap Pause Rule -> select Custom… -> pick any duration -> tap Done.
A rule can also be paused for "Today", which means it will be paused until the end of the day.
2. Scheduled emergency access (1.973 only)
Some of you use emergency access to give temporary access to sites; to make this process more secure, we are now providing you with the ability to schedule Emergency Access. Similar to pausing rules, emergency access can be turned on for 15 minutes, 1 hour, always, and more importantly, any custom time you'd prefer. At the end of the specified period, Emergency Access will automatically be turned back off. No more forgetting to turn off Emergency access.
3. Kid Lock: Unlock App using Face ID, Touch ID, or PIN.
On App Settings -> turn on Kid Lock. Lock the app with Touch ID, Face ID, or PIN Code to prevent kids who share or have access to your device from getting into the Firewalla App and changing settings.
Learn more about Firewalla Parental Control.
4. Ethernet Port Speed (1.973 only)
On Box Settings -> About -> Port Speed, you'll find the link speed of all the connected ports. If your Internet connection seems slow for any reason, you may check if your ethernet speed is capped at 100 Mbps or lower.
5. Directional Allow Rules
Firewalla is introducing directional ALLOW rules. The Direction for allow rules can be:
- Outbound only: This is now the default option. It allows traffic from your devices to the target, but not the other way around.
- Bi-directional: It will allow all traffic between the target and your local device. If a rule is set to bi-directional, others from the outside will be able to access your local devices. This may increase security risks, so if you are not sure about it, we recommend you use the default option.
Blocking rules are bi-directional unless specified in Targets.
Note that existing rules were automatically converted to Bi-directional to match the old defaults and ensure continuity and nothing breaks with this migration. You may want to review and improve how your rules are set up given this new functionality.
6. Wi-Fi Management (Purple only)
Firewalla Purple has a built-in Wi-Fi interface. This interface will appear as two logical interfaces; one can be used as an AP (Access Point) for short-distance Wi-Fi, and the other can be used in WISP (Wireless Internet Service Provider) mode to connect to APs with the most commonly used Wi-Fi security protocols: WPA, WPA2 Personal, WPA2 Enterprise. WPA3 is not supported for now.
7. Link Aggregation (Gold only)
Link Aggregation is now supported on Firewalla Gold. For those of you who are eager to get network speeds over 1 Gbps, multiple ethernet ports can now be aggregated into one to provide you with a higher speed. For example, if you need 2 Gbps of bandwidth to transmit data, you can create a Link Aggregation Group (LAG) containing two of the gigabit ports on Firewalla Gold.
LAG can be used with LAN ports or WAN ports with a modem that supports link bonding.
To create a LAG, under Network manager, tap Link Aggregation -> Create Link Aggregation Group.
- Up to three ports can be configured in a LAG. Up to two LAGs are supported.
- Static LAG configurations are not supported. LACP (802.3ad) only.
- For the box versions under 1.9731, VLANs are not supported on all LAGs.
8. Multiple IP Addresses on WAN
For those of you who are given multiple static IP addresses by your ISP, Firewalla now supports configuring additional IP addresses on your WAN connection. By assigning multiple IPs on a single WAN, you can forward different ports to different IP addresses, and set DMZ host on any specific IP addresses.
For now, up to 5 additional IPs are supported on one WAN interface.
1. New icon for devices connected via VPN (WireGuard only)
New icon to easily identify devices on the WireGuard VPN network.
- Fixed the issue of showing incorrect direction for blocked flows
Fixed the Multi-WAN failover setting: Failback should be ON by default
- Fixed the issue of Block ICMP(Ping) is turned On by default in Bridge Mode
- Fixed several UI issues
- On Android app, if you create a Link Aggregation Group and assign the LAG to one of your existing local networks, all the rules and IP reservations on the local network will be lost. This issue is already fixed on the latest android app release.