Introducing Trusted LAN
A trusted LAN is a network segment that's fully under Firewalla's protection, on which you have full visibility and control of everything flowing through that network.
- You know what devices are on that LAN.
- You have full control of which devices can get on the LAN.
- Besides your devices, no one else can talk to devices on that LAN.
- You also have full control of what's coming in and going out of your network.
- Your network, your rules.
Your home network is a trusted LAN.
What if you are traveling with the family? or working remotely with a team?
Where do you need a Trusted LAN?
Everywhere.
You need a trusted LAN when you are:
- At home or work
- Using public wifi ... like Starbucks
- Traveling and use a hotel or Airbnb Wi-Fi
- At a co-working space, where your network is mixed with other companies
Why do you need a Trusted LAN everywhere?
- Public & Shared Networks: Public Wi-Fi is often impossible to resist. Here, your network traffic is often mixed with others, and there is no way to guarantee this network is secure. The same When you are on business travel or using an Airbnb, you are using a private but shared network out of your control.
- Your devices need to securely talk to each other, just like you are at home. We turn on file sharing and remote access at home or work and forget to shut these down when we go to a public network. This leaves those files open for anyone who wants to take a look.
Even when you are traveling outside of your home network, here are some things you can do:
- Security protection, adblocker, and other features can be set up once and used no matter what network you are on.
- When traveling with family, kids' devices can be blocked from sites and apps you don't want them visiting.
- Block the wifi host's ability to see where you are going on the internet by securing your DNS over HTTPS (DoH).
- Share a single trusted connection across all the devices you trust.
- Connect to assets at another location via VPN (e.g. home, an office) such as a music server or sensitive business data.
- Create a private network within a co-working office to secure Intellectual Property amongst employees at the same site or connect securely to employees at locations around the world. If you have a dedicated office, the Firewalla Gold is also a good choice.
How to create a Trusted LAN?
- Run a Firewalla in router mode. This will allow the Ingress Firewall to block all traffic to the foreign network.
- Firewalla Purple is simpler since it is smaller and can be carried around if you are traveling. It allows you to create a Trusted LAN anywhere that has a Wi-Fi connection or an ethernet connection. And if there is no Wi-Fi or ethernet, use your phone's personal hotspot to share a connection.
- A Firewalla Gold will also work if you have a remote site or a shared workspace.
- Create a network segment using Wi-Fi or another ethernet port.
- Create rules on the segment to protect your devices further.
- If you want to connect back to home or work, then use VPN Client to create a tunnel to the home network. (example: site-to-site VPN)
- Use the policy-based routing feature to selective route traffic to a local ISP, a third-party VPN, or another Firewalla box.
FAQ
How is the "Trusted LAN" different than just using the Firewalla VPN Server when outside of the home network?
The Firewalla VPN server is a way to send all traffic home, it does not have the concept of a LAN. This works nicely if you have one or two devices that do not interact with each other. In case you want devices to talk to each other, such as file sharing, then you will need the "trusted LAN".
Comments
2 comments
If your home internet service has a lot of bandwidth for downloads, but little for uploads, the VPN will be slow as you are effectively asking your home box to upload traffic to you.
This is correct and why I have a fiber optic connection that allows upload speeds same as download.
Please sign in to leave a comment.