Version 2.0.9
Enhancements & Bug Fixes
- Supported new API documentation: https://<your_domain>.firewalla.net/api/docs
- Supported "excluding" certain keywords when searching for data.
- You can now stay logged into the MSP portal for 30 days instead of just 24 hours.
- Fixed several issues in VPN Mesh, Rules Block Mode, and Flows searching.
- Fixed some UI styles.
Version 2.0.8
Enhancements & Bug Fixes
- For the Business plan, the number of boxes for each mesh network is increased to 10.
- Fixed the issue of deleting a user with more than two VPN devices will cause crashes.
- Fixed the issue of the User's Info may fail to load if the mesh network it connected to contains offline boxes.
Version 2.0.7
1. VPN Mesh (early access)
Firewalla VPN Mesh allows MSP users who are managing multiple boxes at different sites to seamlessly connect all their boxes together. This allows devices at different sites to talk to each other just as if they were in the same room. For example, you can use VPN Mesh to connect your home to your office or to connect your subsidiaries in different locations.
- You can create multiple VPN devices for different users in your network, so they can easily connect to the mesh network using their laptops, phones, and more.
- Firewalla VPN Mesh differs from the Site-to-Site VPN feature because it's centralized and managed by the MSP container. The container will handle membership and the discovery of VPN mesh nodes, whereas Site-to-Site VPNs are manually configured and usually need to connect to one central server.
Limitations:
- Professional MSPs can create up to 1 VPN mesh, and Business MSPs can create up to 3. Each mesh network can have up to 3 boxes in it.
- VPN mesh is only supported on boxes running in router mode with version 1.976 and above. Learn more about the 1.976 release.
- Flows, Rules, and Alarms on VPN Mesh Networks (including VPN devices and users) are not available yet. These features will be supported in the upcoming releases.
Known Issue:
- If there are WireGuard site-to-site VPNs created on the boxes, the VPN mesh network can be established, but the boxes may have trouble connecting to each other. Please remove the site-to-site VPN profiles on both the server and client site boxes to ensure stable connections.
This feature is currently in early access; if you have any feedback or suggestions, feel free to make a post in the Firewalla MSP forum. Learn more about Firewalla VPN Mesh.
2. Live Inventory
Inventory allows you to manage the Firewalla boxes associated with your MSP account. In this release, we've added more stats to this view, including WAN throughput, CPU usage, and Memory usage. These stats are updated in nearly real-time, so you can easily spot anomalies as soon as they occur.
3. Access Management
For Business MSPs, we're introducing the ability to invite more users (up to 10) to give them full access to your MSP portal. Hover your mouse over the top right corner of the MSP UI, and click MSP settings to see a new section named Members. Two types of roles are supported:
- Owner: the one who bought the MSP instance. The Owner has full access to the MSP portal, and they can control the access of others by adding or removing members.
- Member: members are invited by the MSP owner. After being invited, they'll have full access to the MSP portal except a) the ability to add or remove members, and b) the ability to view or change the payment and plan info.
Enhancements & Bug Fixes
- Able to grant Firewalla Support Team access to the MSP portal for troubleshooting. Go to MSP Settings -> Help & Support, and click Allow Support Access, then the Firewalla support team will be able to troubleshoot your MSP portal on your behalf.
- Supported Internet Connectivity Alarms and Large Upload Alarms.
- Fixed the issue of the Port Scan alarm not being displayed correctly.
- Fixed some navigation issues when switching between views.
Version 2.0.6
Enhancements & Bug Fixes
- Supported displaying Large Upload Alarms.
- Fixed the issue of the web crashing when searching for certain keywords.
- Fixed the issue of incorrect destination port information in blocked flows.
- Fixed a few typos and display issues.
Version 2.0.5
Enhancements & Bug Fixes
- Revised the navigation menu on the left panel.
- Able to show the public IP address and MAC addresses of Ethernet ports and Wi-Fi interfaces on each box.
- Fixed the issue of missing box information in alarms.
- Fixed the issue of the blocking option not being fully displayed when blocking a flow.
Version 2.0.4
1. New Dashboard
Revised the main dashboard based on your feedback
- The number of Online/ Offline Boxes
- System Alerts: Some of the noteworthy system events. For example, if a box goes offline and is not online yet, an alert will be shown on the dashboard.
- Daily Blocked Flows
- Top Boxes by Blocked Flows
- Top Boxes by Security Alarms
- Top Regions by Blocked Flows
- Activities: Latest actions taken by you or any other users.
2. System Events
In addition to User Activity events, in this release, we've added a new type of event: System Events. If a box goes online or offline, it will trigger a System Event and be kept for 30 days. More system events are upcoming in future releases.
Events can now be found on the left navigation panel, so if you are under the view of a box group or an individual box, only the events related to the scope you've chosen will be shown in the list.
3. Changing View by Box Group
On Firewalla MSP, the pages can be filtered based on the box you've selected. Now we've supported changing the view by Box Group to help you stay focused. If you click the dropdown button on top of the page, you can view all the pages including the dashboard, alarms, device, and flows of any selected group.
This feature is to scale the number of boxes that can be managed by one MSP account.
Version 2.0.3
1. Event History
When using Firewalla MSP, you and other admins may make changes from time to time, such as creating and updating a rule. Firewalla is now able to log these actions as Event History for 30 days. More events including creating and updating target lists are upcoming in future releases.
Events History can be found on the top right corner of the web page. If you can't find any recent events triggered by you in the last 24 hours, you can click "View All Events" to see the full event history list. Each event can show you the following:
- Event Name: the action taken
- Scope: which boxes are affected
- Status: how many boxes are applied/ failed to apply
- Description: detailed information
- Source: who is taking the action
- Timestamp: when is the action taken
2. Ability to Change Password
When you first log in to Firewalla MSP, it will guide you through setting your own password. Now if you want to change your password after login in, you can go to your Account -> Account settings -> Access -> Password, click change password, then enter your old password and new password to change it.
3. Target Lists Enhancements
On Firewalla MSP, you can create target lists owned by MSP instead of individual boxes. In order to make the "Owner" concept more clear and easy to manage, we've set up a few constraints:
- When managing target lists under the MSP global view, you can see all the lists owned by MSP and Firewalla. These lists can be used to create rules across different boxes and box groups.
- If you switch to an individual box's view (by clicking the MSP name on the top left corner), you will be able to see all the lists owned by MSP, Firewalla, and the box, you can also use them to create rules.
- You can create MSP-owned target lists under the MSP global view, or create box-owned target lists under the box view. Once a target list is created, the owner cannot be changed.
Version 2.0.2 & earlier
1. Global Rules
Apply the same rule to all firewalla boxes (or a group of firewalla boxes) at the same time.
When you create a rule on "all devices" from MSP UI, the rule will be synced to all boxes in your inventory. Global rules can not be managed on individual boxes. Any newly joined boxes will be applied with the global rules automatically.
2. Flows of the last 30 days
You can now navigate and search for the network flows of the last 30 days. The default 30 days can be extended to even longer in the future at an additional cost.
Go to the Flows page, and click the time & date picker on top of the flows list, the UI will prompt you with a panel with a list of the pre-defined time range, last 60 minutes, last 24 hours, and last 30 days, it helps you to define the scope of the flows you are looking into; to locate a specific hour, click "custom" and specify the date and the hour, then click "OK" to confirm.
3. Box Groups
You can now group firewalla to apply rules and manage them together.
Go to your "Inventory" (on the left side panel under your company's view), click on Box Groups -> Create Box Group, give the group a name and then select the boxes you'd like to group together, click Create.
Box Groups helps you to manage rules for different entities or deploy your rules in different phases. When creating rules, you'll need to define the box scope and the device. When a box group or "all boxes" is selected, the rule must be applied to "all devices."
Please note that global and group rules are considered "MSP- managed rules," and they can not be edited on individual boxes once created.
4. Two-Factor Authentication
Two-factor authentication prevents others from accessing your account with an additional layer of security. Firewalla MSP now supports setting up an authenticator app as your verification method to protect your account.
We recommend using cloud-based TOTP apps such as 1Password, Authy, Google Authenticator, or Microsoft Authenticator.
5. Temporary Access
If you are an MSP admin who helps manage customers' Firewalla boxes, you can turn on Temporary Access on any box to get full control of it using the Firewalla App on any mobile phone.
Turn on temporary access on MSP UI and use any app to scan the code generated. You'll be able to make complex network configurations or troubleshoot on a customer's box using the mobile app, without having to go through the pairing process or have physical access to the Firewalla box.
(This feature requires App 1.51 beta version.)
6. Export Data
MSP now supports exporting the device list and alarms data into CSV files. We may include more types of data in the future.
7. More 3rd-party integration to security lookup
Same as the Security Lookup List on the app, you can now do the lookup on more 3rd-party platforms directly from the flows list, including Virus Total, Shodan, AbuseIPDB and etc.
8. Target list limit increased to 2000 targets in a list
Some of our MSP beta users have suggested expanding the capability of the target list feature to include more targets in one list. With the latest release, the limit is now increased to 2000 targets per list.
Comments
11 comments
Looking forward to addition of MFA as that is critical to secure something like this.
Likely we will have MFA in next update.
I can report that MFA is working well on 2.0.2. I use 1Password and the login is pretty seamless for me.
But I did hit another major bug in 2.0.2 and I just opened a case about it. If you attempt to create a new rule through MSP and it fails to install on any of the boxes (it automatically attempts to install it on All Boxes), then you can’t edit the rule or delete it. MSP reports the same error as the app, that the rule can’t be edited on individual boxes.
Ticket #51955 opened.
Hello, i just started with my first Purple added today and noticed a detail around target lists.
By looking at one of the rules which contained a target list, for example one called "malware ...etc", the "matching" lists an ID and not the name.
I think you might introduce an improvement related to the Event History. For example it would be useful if it showed not only rules edition, but also password change, 2fa changes, box adition/deletion and actions over alarms, because this way you can gain insight over possible insider threats or human error. Thanks and keep up the good work.
The matching part is likely a bug, I've forwarded to the team already.
Event history suggestions does make sense, will ask the team to make them happen in a later release.
Hi, thanks for the reply.
I wonder if Firewalla Red is supported on MSP platform. Tried to add mine but it is not listed in the available boxes.
Right now I don't have my blue at hand so cannot test with it.
Thanks.
For some unfortunate reason I lost my MFA to the MSP platform, how could I have this reset?
Thanks!
I just got into MSP and it is a great idea, though will we be able to manage WAN and V/LAN networks in a coming update? For one of our remote offices, I was luckily able to go through temporary access and turn off DHCP on LAN so it wouldn't cause a mess on my network. Though, I could see this easily being overlooked when adding a Firewalla to an existing network and getting DHCP requests between two DHCP servers the next day.
I have switched phones and l no longer have my MFA to login. How can I resolve this?
@eli, contact support
I tried getting MSP for a single use, and all I ge is the Firewalla Dashboard. Is that how it works?
Please sign in to leave a comment.