MSP 2.9.1 is now available to all MSP users! 

Firewalla Managed Security Portal (MSP) is our web interface designed for security and infosec professionals to manage multiple Firewalla boxes easily. Learn more about MSP here, and sign up at firewalla.net/plans.

1. New Features
   1. Search Flows with Firewalla AI
   2. Wi-Fi Management for Firewalla Access Point 7
   3. User Support in MSP
   4. IP Reservations and Local Domains
   5. Disturb - New Parental Control Tool
   6. Network Editing for Bridge Mode
   7. Separate Multi-WAN Data Usage Tracking
2. Enhancements
   1. Mobile App Access Management
3. Bug Fixes
4. Known Issues

New Features

1. Search Flows with Firewalla AI

You can now search flows using Firewalla AI -- just type naturally, and Firewalla AI will automatically generate the correct search syntax for you. Learn more about Firewalla AI Assistant.

Type your query in the Flows Search Bar, then click the Firewalla AI button, or click the gradient-colored text that appears below your search (Shortcut: Ctrl/Command + Enter). 

For example, you could ask AI to check for "gaming on my laptop" or "all Reddit traffic since August."

• Firewalla AI is optional and not active by default. It does not run in the background. 
• While we strive for accuracy, AI-generated syntax may occasionally be incorrect or incomplete. If results don't look right, try asking FireAI again.
• No personal data is sent to the cloud or used for training.

2. Wi-Fi Management for Firewalla Access Point 7

If you have the Firewalla Access Point 7, you can now manage your Wi-Fi and AP7s from MSP:

• Create and manage SSIDs and microsegments, including settings like MLO, bands, and security types.
• View and manage Access Points, including settings like channel selection, TX Power, version updates, and more. (NOTE: AP7s can only be added to the box by pairing locally via the Firewalla App.)
• Manage box-level Wi-Fi settings, including band steering, DFS channels, and more.
• View and search devices by Wi-Fi and AP7 connection details.
• Manage VqLAN, Device Isolation, and Allowed Devices for users, groups, and devices.

To manage your Wi-Fi and AP7s, click the Wi-Fi tab from an individual box view with at least one AP7 paired. For a complete overview of AP7 functionality, see our Getting Started with AP7 guide.

3. User Support in MSP

Previously, Users were only partially supported in Firewalla MSP and were primarily used for VPN Mesh, which made managing Users on different boxes difficult. 

In this release, MSP now includes full support for Users:

• Create, edit, and delete Users for specific boxes within your MSP instance. 
• From the All Boxes view, the Users tab now displays all Users across your MSP instance, including VPN Mesh Users. 
• From an individual box view, the Groups tab now displays all Users on that specific box, with clear User icons to help distinguish them from Groups.
• Your existing VPN Mesh users will have their scope set to “VPN Mesh”, which is different from users on individual boxes.  Features including flows, alarms, rules, and additional editing options for VPN Mesh users will be supported in upcoming releases.

4. IP Reservations and Local Domains

Instead of only "pinning" an existing IP on a device, you can now reserve any IP address or local domain for a device in MSP. 

On any device detail page, navigate to the "Info" section:

• Click on the Local Domain to adjust the hostname and domain name.
• Click on the IP Address and choose between Dynamic, Reserved, or Do Not Allocate.

5. Disturb - New Parental Control Tool

Following its launch in the Firewalla app, Disturb is now available in the MSP Interface. 

Disturb is a new rule action that simulates a poor network experience. Firewalla will disrupt traffic to selected apps, making them less enjoyable to use and encouraging users to take a break on their own. Learn more about Disturb. 

• Create and manage Disturb rules directly from the MSP interface.
• Apply Disturb rules to All Boxes, Box Groups, or individual boxes (and to any device, group, user, or network within a box). 

6. Network Editing for Bridge Mode 

Back in MSP 2.7.0, we added Network Editing for boxes in router mode. In this release, we've expanded the feature to support all boxes in bridge mode, allowing you to create, edit, and delete bridges directly from the MSP interface. 

Please note that the main bridge network used for Internet connection is not editable in the MSP UI. 

7. Separate Multi-WAN Data Usage Tracking

Following App 1.66 and Box 1.981, you can now view separate Monthly Data Usage per WAN from the MSP Dashboard.

If the Monthly Data Plan feature is enabled on both WANs, the individual box view will display separate data limits and reset dates for each WAN, and Monthly Data Plan alarms will indicate which WAN exceeded its configured threshold.

Note: The Monthly Data Plan feature can only be enabled or disabled from the Firewalla App. Learn more about Firewalla's Data Usage feature.

Enhancements

• We’re renaming FireAI to Firewalla AI (or Ask AI) - MSP 2.9.1
  • In MSP 2.9.1, we introduced Firewalla AI Assistant, or FireAI. Unfortunately, a very large tech company contacted us because the name "Fire" was too similar to one of their existing products and could cause confusion, and suggested us to change our name.
• Added API support for getting and updating devices. Learn more https://docs.firewalla.net/api-reference/device/ 
• Added a Search History in the MSP Search Bar. Your last three searches can show up as quick shortcuts in the Search Bar, making it easier to revisit recent queries. Search history is stored locally in your browser.
• Added support for AP7 events in the System Events page.
• Added an optional Device MAC column to Flows and Alarms, enabling more precise device filtering.
• Improved VPN configuration file import by supporting comments within the file.
• Expanded domain validation to accept a wider range of domain formats in target lists.
• General performance improvements and UI refinements.

Mobile App Access Management (Requires App 1.67)

When a device pairs with your Firewalla box, it automatically gains full administrative access to all Firewalla features and settings. In this MSP release, you can now manage mobile access of all paired devices, ensuring each user only has the level of visibility they need in the Firewalla mobile app. Learn more about Mobile App Access Control.

To manage mobile access, from the All Boxes view, click Inventory > Mobile Access. Select any paired devices, and choose from three different access levels: 

1. Full Access: Full administrative control with access to all features and settings.
2. Limited: A simplified mobile app view for managing non-technical settings.
3. No Access: The device cannot view or control the box.

Limited only hides advanced settings. It does not fully block technical changes. Users who know where to look may still modify network rules or settings. We recommend assigning this level only to trusted users. 

The paired device must be using App 1.67 or later to support Limited and No Access. Older app versions will continue using Full Access, even when configured to something else on MSP.

Bug Fixes

• Fixed an issue where the web page may crash on the welcome page if there is no box added to the MSP. 
• Fixed an issue where redirecting from a device page to the flows page may incorrectly match devices with the same name.
• Fixed an issue where the GET Alarm API might return 404 if the source data is missing.
• Fixed port forwarding failures when using the same port across different WAN interfaces.
• Fixed an issue where the blocked flow detail may show “Blocked By: Unknown” for Time Limit rules.
• Fixed an issue where deleting a VPN Mesh network in MSP may not remove it from the box.
• Fixed missing group information for WireGuard VPN devices in the UI.
• Fixed an issue where certain UI elements might fail to refresh properly.
• Fixed table sorting behavior across multiple views.
• Other UI improvements and minor bug fixes.

Known Issues

• Issue: For some MSPs with old incompatible rules, under the All Boxes view, clicking “Rules” in the side navigation bar may cause the web page to crash.
  How to fix: This issue is fixed in MSP version 2.9.1.
   
• Issue: Boxes in Bridge Mode could incorrectly display an “Unable to Monitor” warning on devices that were actually monitorable
  How to fix: This issue is fixed in MSP version 2.9.1.
   
• Issue: When creating rules or target lists using TLDs (top-level domains, such as *.xyz), the UI may incorrectly display that the domain or target is invalid.
  How to fix: This issue is fixed in MSP version 2.9.1.
   
• Issue: Rules matching a target list owned by a single box may not display correctly in the "All Boxes" view. The target may appear with a name starting with “TL-” instead of the actual target list name.
  How to fix: This issue is fixed in MSP version 2.9.1.
   
• Issue: In Flow Search & Filters, using BlockedBy: Device Active Protect isn’t supported and may return no results.
  How to fix: This will be fixed in the upcoming MSP release. 
   
• Issue: In Alarm mute settings, the UI may display the group icon for both Users and Groups. 
  How to fix: This will be fixed in the upcoming MSP release. 
   
• Issue: After resetting a Firewalla App, its Mobile Access info won't be removed from MSP immediately.
  How to fix: The data will only remain 24 hours before being removed. 
   
• Issue: A Firewalla AP7 may not reset automatically after being deleted in the MSP UI.
  How to fix: Hardware reset the AP7 before pairing it again. This will be fixed in the upcoming MSP release.
   
• Issue: Flows may display incorrect results when the Timestamp column is hidden and the Blocked By column is shown.
  How to fix: This will be fixed in the upcoming MSP release.
   
• Issue: Editing options for VPN mesh users are not fully supported yet. A single VPN Mesh device may appear as multiple devices across different boxes, and moving these devices out of their VPN Mesh user from the App may cause incorrect displays in the MSP UI.
  How to fix: This will be fixed in the upcoming MSP release.