Purple - pre-install planning



  • Avatar
    Michael Bierman

    Wow a lot of questions! Firewalla is loaded with cool stuff, so I can understand how it can generate a lot of questions. 

    Firewalla does an exceptional job on their documentation. Always good to look there as a starting point. If you are more inclined to have expert help, there are also people who can assist you in setting up whatever you need no matter how complex. The Facebook Group for example has some great expertise. 

    I want an 'internal' WLAN and 'external' WLAN which prevent 'guest' devices from accessing Sonos, Plex, NAS, the printer, etc. - do I understand that the options are either Network Segmentation (VLAN) or a Group with Rules? Any recomendations?

    You might need Wi-Fi APs that support 802.1Q and maybe a managed switch or two. The specifics will depend on your particular network. see https://help.firewalla.com/hc/en-us/articles/4408644783123-Building-Network-Segments

    I have little kids with computers managed by their schools - what is the best way to block specific urls/domains at the device level via the FWP? My reference is the parental software I load onto the kids' tablets I own and manage where I can control time, specific apps, etc. - but this will not work on school-managed devices. I can actually parent so I'm less concerned about the kid using it after 9p and more concerned that he is 'doing homework' but actually surfing YT

    You can set access time for all internet (e.g. between 7am and 7pm) for the kid's devices. You can do that in one step if the devices are assigned to a Group. You can also use Parental Control or individual blocks (e.g. an app like ticktok). 

    What is the best way to provision ephemeral WLAN access? Background - my white trash inlaws have to add their 37 devices to my WLAN for a 4 hour visit. What is the best way to allow access
    like a hotel (likely not 'Quarantine New Devices' because I want to share SSID/PW and not deal with approving each device)?

    Out of the box, Firewalla has New Device Quarantine which can limit what new devices can do. There are all kinds of things you can do with VLANs and guest portals. Depends on what equipment you have or are willing to get. Depends on how elaborate you want this to be. 

    Ideally I can 'disable' only those devices at the end of the day then 'enable' them the following day for multi-day visits. I also want to tag them so I can easily delete them after my visitors leave. Can I set up a W-VLAN before they arrive? A pre-determined Group? Other?

    With the right APs you can have guests join a network with whatever limits you wish. As for renewing each day, etc. like a hotel, you would need a captive portal which is available with something like unifi Wi-Fi APs.

    QoS - on my Amplifi HD I can select 1, 2 or 3 so I can set my work laptop as 1 and my kids multiple devices as 3 - what is the best way to do this on FWP?

    With Firewalla you choose:

    • target (IP address, IP range, domain, region, etc.), 
    • device(s), Group(s), or network segment(s)
    • Priority 
    • Upload/Download limits (optional) 
    • Schedule (optional) 

    And prioritize. However, in most cases, it isn't necessary. I would call out exceptional things like zoom or video streaming and let Firewalla handle most traffic at least until you get a sense of how your network is doing.

    I currently use 'groups' on the Amplifi HD to 'organize' devices instead of for its proper use. It's for stuff like knowing the IP Addresses of all Sonos devices or Nest Protects or whatever. What is the best option on FWP to create 'groups' that have no real purpose - or does a better UI preclude this need?

    I'm not sure what your goals are here. Maybe you can be more specific. 

    Wired v. Wireless - what should I know about selecting VLANS, Groups, etc and wired v. wireless implications?

    There are firewalla articles that cover all of this in detail. In brief:

    • Wired will always be faster than Wi-Fi and perhaps a bit more secure. 
    • See the article on Segmentation to learn more about VLANs. 
    • In Firewalla, Groups are a quick way of putting the same Rules, Routes, and other controls on a group of devices rather than having to repeat the process individually. 

    There is no SD Card in the SD slot - what is the purpose??

    Extra file storage, docker, etc. On Blue Plus you must have an SD card to run FW so it comes with it. Purple doesn't require an SD card. Gold has no SD card slot but has USB ports.

    Smart Queue v. Rules v. Routes - huh??

    These are three different things.

    | How do I 'backup' my entire config?

    You have a sort of backup using the Migration tool. https://help.firewalla.com/hc/en-us/articles/360015356093-How-to-migrate-data-from-one-Firewalla-Box-to-another-

    I recommend having two devices paired to your Firewalla as an added precaution. https://help.firewalla.com/hc/en-us/articles/115004369774-Adding-a-new-phone-to-manage-an-existing-Firewalla

    Comment actions Permalink
  • Avatar
    joe squalo

    Thanks @Michael!

    Comment actions Permalink

Please sign in to leave a comment.