Overlay network: VPN and internal communication with LAN

Follow

Darth Sonic

• July 13, 2022 12:36
• Edited

I own a Firewall Blue Plus. Now I am searching for a way to secure my IoT devices. One thing I want to do route traffic from IoT devices over VPN. I learned that all devices that want to use VPN must be placed in overlay network of Firewalla Plus. That is a lot of work to do, but okay.

My question is: Will I be still able to communicate with devices in overlay network out of the main network? So will I still be able to send commands to my IoT devices from my smartphone for example?

And a second question is: Will requests of these devices still be blocked if a rule matches when choosing not to "Force DNS over VPN"?

0

• 

  Support Team

  • July 14, 2022 03:41

  When "Force DNS over VPN" is off, the requests will be blocked if a rule matches.

  When "Force DNS over VPN" is on, DNS blocks will not take effect. (Other blocks still work, e.g. TLS, IP)

  In future release, we'll support DNS blocking even if "Force DNS over VPN" in on.

  1

  Comment actions Permalink
• 

  Firewalla

  • July 13, 2022 17:38

  First, do some research on VPN + IoT security. Meaning, in theory, VPN is a transport that hides your traffic from ISP's ... meaning, do you see your ISP as more dangerous than VPN providers?

  Q1: Overlay network is just a network, you should be able to see it from your main network. But for the blue+, the DHCP will run on the overlay with the blue+ as the gateway, so unless you static IP your device, they will always end up in the overlay network with the blue+ as the default gateway.

  Q2: Let me get someone to reply to you within 24 hours. 

  0

  Comment actions Permalink
• 

  swampy2b

  • September 06, 2022 22:21

  The easiest way to make use of routes on the blue plus is to run it in DHCP mode and follow the instructions on the website for keeping your primary and overlay networks on the same subnet. 

  0

  Comment actions Permalink

Please sign in to leave a comment.