Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

If your AP7 won't pair - check your DNS and ad blocking settings

Follow
Avatar
Jay

I recently received my Firewalla Orange, and decided to upgrade to WiFi 7 with 2 of the AP7s shortly thereafter.  My setup of the AP7s was somewhat frustrating for a few hours, so I'll give you the short version of the story, then the longer troubleshooting steps I did along the way in case it helps anyone.

My network setup includes locally hosted DNS servers inside my LAN that perform DNS lookup and ad blocking for the entire network.  My firewall (NOT FIREWALLA) is setup to give these DNS servers as part of the DHCP negotiation when a host is getting on the network.  My Firewalla is behind this different brand of firewall, in Bridge Mode.

Bottom line - If you have a setup like this and you're setting up any number of AP7s on your network, read the MAC address off the bottom of each AP7 and add a static DHCP entry to your router / firewall for it, and make sure to give those entries public DNS IP addresses to use (such as 1.1.1.1 and 8.8.8.8).

TL/DR below:

Apparently the AP7s need to reach out and do something with external DNS, at least in my setup's case.  Before I figured this out, I watched the first AP7 go into pairing mode (blinking white light on the front of the unit), get recognized by the Firewalla on my network, get a DHCP address, and never pop up in the Firewalla App as an AP ready to pair.  I tried all of the following:

- Making sure the AP was not in the New Device Quarantine (which, strangely enough, it never was... does Firewalla implicitly trust its own devices and bypass the quarantine rule?)

- Hard factory reset the AP with pinhole on the bottom (at least 10 times)

- Connecting the AP7 directly to the LAN port on my Firewalla, bypassing the rest of my LAN, switches, etc.  (I realized afterward that this would never have worked, because this meant the locally-hosted DNS servers that the AP got in the DHCP negotiation wouldn't be accessible.)

- Going into the DNS servers and disabling the ad-blocking

- Creating a static DHCP entry for the AP7, and giving the static DHCP entry one server from the ad-blocker DNS and one from external (8.8.8.8) as an alternate

None of these worked.  Only when I gave it strictly external DNS servers would it finally notify me that it was ready to pair.  I imagine if you are using your Firewalla in Router mode, and using it for your DNS and ad-blocking, you wouldn't have these issues.  However, for more advanced users, I'm sure at least one person has a setup similar to mine and will find this information useful.

0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Firewalla

    May I know what your DNS settings are? 

    Here are the sites required by firewalla https://help.firewalla.com/hc/en-us/articles/4600829248403-Domains-used-by-Firewalla

     

    0
    Comment actions Permalink
  • Avatar
    Jay
    • Edited

    I'm using standard Pi-Hole with stock rules.  This has been my setup for quite some time, and Firewalla functions just fine on a regular basis.  That would lead me to believe those sites are not being blocked by Pi-Hole, at least for normal everyday Firewalla interactions.

    Also note that it would not work with DNS pointed at Pi-Hole even when I had ad-blocking disabled.  I HAD to give it external DNS IPs for it to work.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post