Introducing Trusted LAN
A trusted LAN is a network segment that's fully under Firewalla's protection, over which you have full visibility and control. This means:
- You know what devices are on the LAN.
- You have full control of which devices can get on the LAN.
- Besides your devices, no one else can talk to devices on the LAN.
- You have full control of what's coming in and going out of your network.
- Your network, your rules.
Your home network is a trusted LAN.
But what if you are traveling with family? Or working remotely with a team?
Where do you need a Trusted LAN?
You need a trusted LAN when you are:
- At home or work
- Using public wifi ... like Starbucks
- Traveling and using a hotel or Airbnb Wi-Fi
- At a co-working space, where your network is mixed with other companies
Why do you need a Trusted LAN everywhere?
- Public & Shared Networks: When you join a public or shared network without Firewalla, your traffic is often mixed with others. There's no way to guarantee that malicious entities on the same network won't try to contact your devices.
- Your devices need to securely talk to each other, just like you are at home. We turn on file sharing and remote access at home or work and forget to shut these down when we go to a public network. This leaves those files open for anyone who wants to take a look.
Even when you are traveling outside of your home network, here are some things you can do:
- Security protection, adblocker, and other features can be set up once and used no matter what network you are on.
- When traveling with family, kids' devices can be blocked from sites and apps you don't want them visiting.
- Block the wifi host's ability to see where you are going on the internet by securing your DNS over HTTPS (DoH).
- Share a single trusted connection across all the devices you trust.
- Connect to assets at another location via VPN (e.g. home, an office) such as a music server or sensitive business data.
- Create a private network within a co-working office to secure Intellectual Property amongst employees at the same site or connect securely to employees at locations around the world. If you have a dedicated office, the Firewalla Gold is also a good choice.
How to create a Trusted LAN?
- Run a Firewalla in router mode. This will allow the Ingress Firewall to block all traffic to the foreign network.
- Firewalla Purple is simpler since it is smaller and can be carried around if you are traveling. It allows you to create a Trusted LAN anywhere that has a Wi-Fi connection or an ethernet connection. And if there is no Wi-Fi or ethernet, use your phone's personal hotspot to share a connection.
- A Firewalla Gold will also work if you have a remote site or a shared workspace.
- Create a network segment using Wi-Fi or another ethernet port.
- Create rules on the segment to protect your devices further.
- If you want to connect back to home or work, then use VPN Client to create a tunnel to the home network. (example: site-to-site VPN)
- Use the policy-based routing feature to selectively route traffic to a local ISP, a third-party VPN, or another Firewalla box.
How is the "Trusted LAN" different from just using the Firewalla VPN Server outside the home network?
The Firewalla VPN server is a way to send all traffic home, and it does not have the concept of a LAN. This works nicely if you have one or two devices that do not interact with each other. If you want devices to talk to each other, such as file sharing, you will need the "trusted LAN".
If your home internet service has a lot of bandwidth for downloads, but little for uploads, the VPN will be slow as you are effectively asking your home box to upload traffic to you.
This is correct and why I have a fiber optic connection that allows upload speeds same as download.
Please sign in to leave a comment.