We started the Firewalla project to create a secure network. This secure network should not only be stationary and should follow you even when you are outside, traveling, or having a cup of coffee.
Introducing the Firewalla VPN Server:
- The Firewalla VPN Server runs directly on your Firewalla box.
- It is used to help you encrypt network traffic and prevent eavesdropping when you are on the road or at Starbucks.
- You get the same level of security protection as if you are at home, provided by Firewalla.
- Your network traffic will always look like it is coming from your home.
- There is no cost to this service.
What this VPN Server is NOT:
- You cannot use this service to bypass Netflix restrictions (unless you are traveling and have a Firewalla at ‘home’).
The Firewalla VPN server supports two different open-source protocols:
WireGuard VPN Server
WireGuard is a newer (when compared with OpenVPN) VPN protocol, and like OpenVPN it’s also open source. This protocol is simpler than OpenVPN and can have a higher encryption rate.
- It supports multiple profiles, and each profile can be a virtual device.
- It supports viewing VPN network flows.
- WireGuard profiles are unique to each device.
- Firewalla WireGuard does have richer visibility than OpenVPN.
To enable the WireGuard VPN server:
Go to VPN Server on the Firewalla app and tap the WireGuard button to turn it on.
If you are using Firewalla in Simple or DHCP mode and your main router has UPnP enabled (as most routers do), Firewalla will do everything for you. If your router doesn’t support UPnP, you will need to manually set up port forwarding on your home router. Tutorial: How to set up port forwarding for VPN Server
To connect your mobile device or computer to the Firewalla VPN server, you’ll need a VPN profile to set up the VPN Connection. On the Firewalla App, tap Setup → Add a Client, and a client will be created automatically. Tap the client and it will show you a profile and a QR code.
To connect to the WireGuard VPN server:
To connect your mobile device or computer to the Firewalla VPN server, you will need to install the WireGuard app on your mobile or desktop device. Here is the installation guide provided by Wireguard.
There are two ways to use the WireGuard app to connect your device to WireGuard VPN Server:
- Create from file
- Create from QR code
Here is an example of the WireGuard app on iOS:
Firewalla also supports WireGuard Site-to-Site VPN, allowing you to access shared devices such as file servers, printers, and video cameras bi-directionally between any two sites managed by Firewalla. Learn more about site-to-site VPN.
Active VPN Connections
If you have the VPN Server feature enabled, the Firewalla App can show you how many active VPN connections are connected to your Firewalla box, where they’ve been connected from, and how much data has been transferred between your Firewalla box (as a VPN server) and the VPN clients.
Per-device management for WireGuard VPN clients (Gold & Purple Only)
For devices that are connected to the Firewalla WireGuard VPN server, you can manage them just like your local devices. The VPN devices will show up on the device list. If you tap any of them, you can view their network flows and basic info as well as apply any rules or features individually.
- This feature is available for Wireguard VPN devices only.
VPN Alarm & Notification
Once the VPN is set up and enabled, Firewalla will send you an alarm every time a device is connected to your VPN Server. In case someone gets ahold of your profile and password, you will be notified when they use your VPN service.
Learn more about WireGuard VPN Server.
Firewalla Gold Plus Pre-sale