- Firewalla App version 1.50 is supported on iOS and Android.
- Box version 1.974 is supported on Firewalla Gold, Purple, and Blue Plus
- DNS Service - Unbound
- VPN Client: AnyConnect
- VPN Client: WireGuard Site to Site VPN
- Flexible Alarm Handling
- Last 12-month data usage
- Alarm/Flow Category Feedback
- Network Diagnostics
- Port Forwardings on IP Addresses
1. DNS Service - Unbound (Requires box version 1.974)
Firewalla now supports another DNS service: Unbound. It is a validating, recursive, caching DNS resolver, it is installed locally on the Firewalla box, which helps increase your online privacy and security.
Unbound is part of the DNS Service feature along with DNS over HTTPS. To apply Unbound to your devices, tap the DNS Service button at the bottom of the main page, turn on Unbound and select the devices/groups/networks to apply to. You can also go to the detail page of any device, tap "…" on the control button panel, tap DNS service, and select Unbound.
Note: Any specific device/group/network can only be applied with one of the DNS services at a time, including Unbound, DNS over HTTPS, and Family Protect.
2. VPN Client: AnyConnect (Requires box version 1.974)
In addition to OpenVPN and WireGuard, the Firewalla VPN Client is now supporting AnyConnect. For those of you who are using AnyConnect to connect your devices to your company/school, you can now create a VPN connection on the Firewalla box and then connect any of your devices (or your entire network) to it with one tap.
If your VPN service provider requires Multi-Factor Authentication, just turn on the option and the app will ask for a one-time password when connecting to the VPN.
If your VPN service provider allows you to generate your One-Time Passwords using a Secret or a QR code, just tap One-Time Password, and select Auto-Fill, then fill in the secret or tap the "[-]" icon on the right to scan the QR code provided by the VPN service provider, then save the configuration. Firewalla will auto-fill your OTP every time when connecting to the VPN, no more entering OTPs.
3. VPN Client: WireGuard Site to Site VPN
Note: WireGuard is not supported on Firewalla Red and Blue.
Similar to OpenVPN, Site to Site VPN using Wireguard protocol allows you to access shared devices such as file servers, printers, and video cameras bi-directionally between any two sites, but with a higher encryption rate and better performance. Learn more on WireGuard VPN Server.
To create a site-to-site VPN connection using WireGuard, on the Firewall app, go to VPN Client -> Create VPN Connection -> Site to Site VPN -> Select the server box you'd like to connect -> Select WireGuard.
4. Flexible Alarm Handling
Many of you have told us you want more flexibility in handling alarms, so we've extended the options for you. Now if you tap the Mute or the Block button of any alarm, the Firewalla app will let you decide which target to match, and whether to apply the policy to the devices, group/network the device belongs to, or all devices in your network.
Alarm handling is made much more flexible while remaining easy to use.
The app is also updated with the ability to choose which target to match and where to apply when blocking a network flow from the Flows page.
5. Last 12-month data usage (Requires box version 1.974)
Firewalla is now able to show the data usage of the last 12 months, you can tap on each month to drill down and see the daily detail. This allows you to trace back and compare your data consumption with the previous months.
If you have the "monthly data plan" feature enabled, the monthly cycle will be calculated based on the reset date of your data plan.
Learn more about Bandwidth Usage Monitoring.
6. Alarm/Flow Category Feedback (Requires box version 1.974)
Firewalla uses an extensive network of intelligence feed to categorize your network flows, and it will block/alert you when those flows fall into a certain category. The system is large and dynamic, and categorization can sometimes have "false positives".
Due to this, we are now providing the ability to Report Incorrect Categories. If you find the domain/IP Address in an alarm or a network flow is marked as an incorrect category, you can tap the category and submit your report, Firewalla will review your feedback and use it to improve our categorization system.
7. Network Diagnostics (Requires box version 1.974, Purple & Gold Only)
We all know how frustrated it feels when experiencing Internet outage. To enhance the troubleshooting process, we are providing a new network diagnostic tool that can get detailed network information of the box via Bluetooth or the local network when the internet is down.
Tap "Diagnostics" on the banner of "Internet Connection Lost", and the app will open a page listing the status of the ethernet port, IP address/gateway, and the connectivity test results on each of your WAN networks. If you need any help from our support team, you can just take a screenshot, or tap on the "Share" button in the top-right corner to send the information to our team for more support.
8. Port Forwardings on IP Addresses (Gold and Purple only)
Some devices may have multiple IP addresses associated with the MAC address, in this case, Firewalla may not be able to discover them as normal devices. However, we are now providing the ability to create port forwardings/ a DMZ host on these IP addresses. On Network -> NAT Settings -> Port Forwarding, tap "Add Portwarding" -> "Forward to…", select IP Address, and then you can enter the IP address.
In addition, we also supported specifying "Allow" sources when creating port forwardings and DMZ. Similar to creating rules on a local port, you can choose to only allow the traffic from certain target lists, IPs/IP ranges, or any trusted regions. Allow rules will be created accordingly.
- Wi-Fi Access Point supports Maximum Compatibility for 2.4 GHz only Wi-Fi devices
Maximize Compatibility will allow 2.4 GHz only connections, including some IoT devices that only support 2.4 GHz connections. Please note that the internet performance may be reduced when turned on.
- For Firewalla Purple users, the ability to edit Wi-Fi networks (SSID or password) is supported. You can now go to your Wi-Fi WAN connection, tap Edit -> Wi-Fi network, select any of the networks under My Networks and tap the "i" icon to edit it.
- In VPN Client, 3rd-Party VPN profiles are now editable. You can go to any 3rd-party VPN detail page and tap Edit on the top right corner to edit any field, after saving your change, the devices you've applied to will remain unchanged.
- Supported specifying protocol when creating rules matching domain, IP address, and IP ranges.
- Supported the ability to turn off DDNS. (Requires version 1.974 and above)
Please be aware that when DDNS is turned off, you'll need to manually manage your public IP address if you are running internet service at home.
- Supported creating rules matching target lists and local ports.
- Able to show the blocked reason when a flow is blocked by Ad Block feature.
- Fixed the issue of incorrect live throughput chart on bridge networks.
- Fixed the issue of not being able to create rules on certain top-level domains.
- Fixed the issue of no high packet loss event when the loss rate is relatively high.
- Fixed the issue of the WireGuard VPN server not working properly with dual wan load balance mode.
- Fixed the issue of not being able to migrate IP reservations across boxes.
- Fixed the issue of the live throughput chart disappearing occasionally (iOS).
- Fixed the issue of App crash or hang when opening a large App log file (iOS).
- Fixed the issue of incorrect display of the peer site networks in the VPN profiles (Android).
- Fixed the issue of no DNS warning when DNS over VPN is turned on (iOS).
- Fixed the issue Box name not being updated promptly after changing it.
- Many minor UI bugs