Using Firewalla with pfSense

Follow

Orcrist

• February 17, 2025 16:02

I installed a pfSense firewall less than a year ago and am using it as an edge firewall at my home.  I have it connected via three trunk ports to my internal switch/router which connects my APs and some wired devices together.  I bought the pfSense because it looked like the best all around firewall, but it has terrible/no parental controls.  I want to use the Firewalla for it's parental controls but can't replace my whole system.  Could I use a Firewalla in bridge mode connecting the trunk ports on my pfSense to the ports on my switch and seamlessly get parental controls implemented?  Would the Firewalla interfere with the VLANs in use or any other functions?  I know this isn't the most cost effective approach, if I could do it again I would have just started with the Gold Plus Firewalla but I don't feel like I can throw away a 6-month old 4200...

0

• 

  Firewalla

  • February 17, 2025 16:52

  Yes, bridge mode should work. Please see https://help.firewalla.com/hc/en-us/articles/1500012304202-Firewalla-Transparent-Bridge-Mode

   

  0

  Comment actions Permalink
• 

  Orcrist

  • March 20, 2025 18:44

  I have a couple of follow on questions.

  1 - How does Firewalla identify devices in bridge mode?  Normally it uses DNS (says it creates a name for every device in local dns), but since it won't be allocating names is it IP/MAC only?  Can it defer to an upstream DNS to resolve the dns-assigned names?

  2 - Can Firewalla still do normal things like block unknown devices, manage device groups, etc, in bridge mode?

  0

  Comment actions Permalink
• 

  Firewalla

  • March 20, 2025 19:28

  1. Firewalla predicts the name of the devices using multiple methods, DHCP is most accurate. Firewalla doesn't resolve DNS actively to detect device names.

  2. See the bridge article I send earlier, it has all the things bridge mode can't do 

  0

  Comment actions Permalink
• 

  Orcrist

  • March 20, 2025 20:10

  I did read that entire article, but it does not mention how it handles client identification in bridge mode.  If Firewalla does not serve DHCP or DNS, how does it identify clients, both in the UI and for policies such as parental controls?

  0

  Comment actions Permalink
• 

  Firewalla

  • March 20, 2025 22:04

  Firewalla can listen to DHCP, and there are many other ways to identify devices. Are you encountering any issues where devices are not getting correctly labeled?

  0

  Comment actions Permalink
• 

  Orcrist

  • March 21, 2025 01:48
  • Edited

  No - I am planning at the moment.  I use an internal DNS server for internal resolution.  I currently use my internal DNS for all device identification and manegement so I was curious if that would carry over.

  0

  Comment actions Permalink
• 

  Firewalla Team

  • March 21, 2025 03:21

  Firewalla identifies devices based on the device's MAC address, which is more reliable than the device name. That's also the key to how blocking features take effect.

  If you would like to use your internal DNS server, you can set it on Firewalla. Here is a guide to help: How to I configure specific DNS servers

  0

  Comment actions Permalink

Please sign in to leave a comment.