Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Unifi USG / Firewalla configuration

Follow
Avatar
Ching Liu

Hi,

I'm enjoying the Firewalla Blue on my basic home network - it's was very effective. I've now upgraded my network to a Ubiquiti Unifi system which is fantastic and has transformed the network experience. I have added the Firewalla Blue onto this, and generally it all seems fine.

However, as expected, all traffic stats from the Unifi Controller shows that everything is going through Firewalla rather than each individual device. Is there a way to configure the Firewall network (I'm not great with network settings) to have this transparency?

Thanks!

24

Comments

53 comments

Sort by Date Votes
  • Avatar
    Panos Ips

    Is this feature will be available on blue model also?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We have not fully designed the feature yet.  But, in theory, bridging between networks is a physical layer behavior, so none of the one port devices (red/blue/blue+) will work. 

    0
    Comment actions Permalink
  • Avatar
    Tom Holland

    Agree with other posters, would like to be able to use FWG in transparent bridge mode between UDM-Base (border router + unifi controller) and Unifi Switches/APs.  Also, like some of the other posters, I utilize multiple VLANs so having VLAN awareness would be necessary.

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    There is a possibility that this feature may be coming in 1.973.  The code is done, just need to polish it a bit.

    8
    Comment actions Permalink
  • Avatar
    Ching Liu

    Wow! That's great - thank you Firewalla for listening!

    0
    Comment actions Permalink
  • Avatar
    sk0rp10

    Amazing. Thanks @firewalla . Needless to say, just shout when you want us to test 1.973 beta

    0
    Comment actions Permalink
  • Avatar
    Richard Riffel

    Outstanding @firewalla.  Great communication and service.  Eagerly awaiting 1.973 here!

    0
    Comment actions Permalink
  • Avatar
    xOperator

    Wow! great news

    0
    Comment actions Permalink
  • Avatar
    Tipperary

    Plus one for this feature request! I'm about to pull the trigger on buying the Gold but I'm eager to see how the experience is with this added functionality.

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    A bit more information for all of your interested. And likely after we push 1.972 to beta, we should be able to start a preview on this bridge mode.

    The transparent bridge mode will be a layer 2 bridge.   When the bridge mode is on, there will be no concept of WAN (it is a bridge), and features that involve complex routing will be disabled (primarily Policy Based Routing)

    4
    Comment actions Permalink
  • Avatar
    Martin Dahlem

    I am also lloking forward to this, as I am also using the UDM-Pro and would like better view together with FWG

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Bridge mode will be there for sure;  Hopefully right after 1.972 is out.  

    The bridge mode we are talking about is an "L2" bridge.  Meaning, some of the complex routing functions will NOT work when in bridge mode. (example, PBR, and VPN Client).   Besides this, it should be pretty transparent to be placed between your existing router and AP. 

    3
    Comment actions Permalink
  • Avatar
    Firewalla

    Anyone have issues if the bridge mode will only utilize two ports on the gold? one in and one out?

    1
    Comment actions Permalink
  • Avatar
    xOperator

    I wouldn't have any issues with that

    0
    Comment actions Permalink
  • Avatar
    sk0rp10

    L2 with one in / one out port is better than not having it of course! however - I'd suggest considering one in / all (or selected ports) out in L2 switch mode. This way we wouldn't waste any precious ETH ports on the gold :) 

    1
    Comment actions Permalink
  • Avatar
    Richard Riffel

    The idea of multiple ports out is a good one - it would avoid having a switch after the gold to recover the ports, but if that compromises performance vs one in and one out i'd live with it.   Would the other ports be not functional, or simple not bridge through?

    0
    Comment actions Permalink
  • Avatar
    Tom Holland

    Personally have no issue with only utilizing two ports as my next downstream hop is a switch anyways.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Richard, we don't know yet.  the other ports just assume they are not usable if you bridge things.  There may be creative ways to utilize them. 

    As of using them as a switch, it is possible as well, but it is likely to be very inefficient.  Meaning, a router is a router, and a switch is a switch.  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If you are interested in the transparent bridge feature, please vote or comment here.  We are serious on making it happen in 1.973 https://help.firewalla.com/hc/en-us/community/posts/1500000822462-Firewalla-Transparent-Bridge-Mode-1-973-candidate-

     

    2
    Comment actions Permalink
  • Avatar
    Andrew Hersee

    Up vote. This is really positive news, I've not had my Firewalla Gold plugged after some initial tests when it arrived from the kickstarter due to needing a bridge mode. Really looking forward to being able to use it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Andrew, the bridge mode is already released, and as of today (6/22/21), the app is now in production

    https://help.firewalla.com/hc/en-us/articles/1500012304202-Firewalla-Transparent-Bridge-Mode-Beta-

    0
    Comment actions Permalink
  • Avatar
    Andrew Hersee

    Awesome thanks. I've now configured my Firewalla to Bridge mode and can begin to use it :-)

    0
    Comment actions Permalink
  • Avatar
    Rom

    Planning to get the UDR but need to know how to properly situate it within my network.

    Currently, I have Firewalla Purple (Purple), in router mode - WAN connected to ISP and LAN connected to Eero. Replacing Eero. As per this document, I can use ISP <-> Purple in Bridge Mode (WAN port to ISP) <-> U Dream Router connected to Purple's LAN. HOWEVER, the document for Transparent Bridge Mode states that I should not connect the ISP to the FW Purple's LAN in bridge mode.

    Any suggestions?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post