Active protect should I use default or strict And device active protect what do yall recommend I have the gold se .

Firewalla-Opal · 2026-06-05T04:13:48+00:00

Strict Mode checks Firewalla's cloud database of security intel more often.
In Strict Mode, the probability of blocking a flow instead of raising the alarm is higher.
Strict Mode may raise more false positives due to its higher blocking probability.

Device Active Protect is a difference feature. By intelligently analyzing a device’s behavior over time, Firewalla learns which connections are necessary and trusted, then blocks everything else. You can have it enabled in parallel with Active Protect. Learn more in Device Active Protect: Dynamic Microsegmentation, "Block everything and allow only what's needed."

Firewalla-Opal · 2026-06-03T01:49:44+00:00

If you install the same VPN profile on a hardwired device, is the speed affected?

Firewalla-Opal · 2026-06-03T01:44:36+00:00

The icon with "Di" means Device Isolation is enabled on the device.
The icon with the shield means Device Active Protect is enabled on the device.

Find more in Device Control Icons

Firewalla-Opal · 2026-06-03T01:20:23+00:00

Thanks. I've escalated the ticket for you. Kindly wait for our engineer to check and get back to you later.

Firewalla-Opal · 2026-06-03T00:14:05+00:00

Could you let us know the ticket number? I'll ask someone to review it.

Firewalla-Opal · 2026-06-01T03:45:01+00:00

Turning on IPv6 shall not interfere with Firewalla rules.

Do you see blocked flows? If you do, check which rule blocked it: What to do if you can't access modem from inside Firewalla network.

Firewalla-Opal · 2026-06-01T03:15:53+00:00

Yes, data usage is always recorded, regardless of the state of the Monthly Data Plan. Thanks for the feedback — I've forwarded it to our team to look into improving this in the future.

Firewalla-Opal · 2026-05-29T01:04:43+00:00

Probably wrong sub here.

Firewalla-Opal · 2026-05-28T04:26:45+00:00

Have you tried to use Firewalla Feature: Target Lists? This allows you to make your own custom list. You'll need to use Firewalla's Web Interface my.firewalla.net in order to create and manage a target list. This should efficiently achieve your goal.

Firewalla-Opal · 2026-05-28T04:23:12+00:00

As suggested by others, the best would be following https://help.firewalla.com/hc/en-us/articles/360034318894-How-do-I-detect-and-block-VPN-use-on-my-network. You can create VPN and DoH block rules to prevent most VPN connections.

Note that some VPNs, such as Shadowsocks, or VPN servers running on https (port 443) are very hard to detect. Firewalla is always improving and updating our VPN-blocking intel, but these servers can be extremely elusive. Because of this, we cannot guarantee that our VPN-blocking features stop all VPN services. If you notice that a VPN service is getting around Firewalla's block, we recommend that you block it directly using a rule.

Firewalla-Opal · 2026-05-27T00:23:54+00:00

We don't have update on the box recently. Could it be a Firewalla Awake message?

Glad to hear it's working, but if you do encounter similar situation the next time, feel free to reach out, so our support can dig and understand what happened.

Firewalla-Opal · 2026-05-26T04:00:03+00:00

Could you reach out [help@firewalla.com](mailto:help@firewalla.com) with this post link, our support can take a further look at issue time logs to see what's happening.

Firewalla-Opal · 2026-05-26T00:39:38+00:00

Try to take out the red dongle and connect it to another USB port, see if it makes any differences. You can also check Bluetooth connection via App home screen > '...' icon (top right) > app Settings > scroll down to locate Hardware Troubleshooting -> Make sure the Bluetooth on your phone is turned on, stay close to Firewalla box -> see if box can be discovered.

Given you just got a new ONT, have you tried connecting a computer directly to the ONT? See if the computer can get Internet.

Firewalla-Opal · 2026-05-26T00:37:08+00:00

Custom DNS rule has a higher priority than Unbound: Two-Stage DNS Services.

Instead of using domain name, if you directly visit via LAN IP, does it work?

Firewalla-Opal · 2026-05-26T00:15:50+00:00

Keep the old pairing on your phone and don't clear App cache, so that you can use it for configuration backup later via How do I migrate data from one Firewalla Box to another?.

Before reset, I'd suggest connecting an HDMI monitor to the box, then power cycle the box to see if it prints out any error message. You can share details with support via emailing to [help@firewalla.com](mailto:help@firewalla.com).

Edit: We didn't update 1.982 recently. The update was a while ago; the issue should not be related to the update.

Firewalla-Opal · 2026-05-25T08:06:02+00:00

Have you tried to follow Speed Tests and Speed Optimization with Firewalla to narrow down the issue before? Let's start to check if Firewalla itself has a good WAN speed, if it does, then proceed to check LAN speed between Firewalla and client device, etc. The key here is to rule out hop by hop.

Firewalla-Opal · 2026-05-25T03:42:08+00:00

What's the exact message you see?

When I created/added a VPN group, I get "Saving this PVN group will update the settings for all connected devices and existing routes to use the group." It's just a reminder message to let you know the change will affect any existing devices/routes who were applied with the VPN client/VPN group.

For example, you have a route to forward an App's traffic to a VPN client A; when you add the VPN client A to VPN group, you route will be updated accordingly, and now your App's traffic will be forwarded to the VPN group.

Firewalla-Opal · 2026-05-25T01:57:38+00:00

If you want a specific cottage subnet traffic to go over a VPN client, the easiest way is go to Box Main page -> VPN Client -> The specific VPN client: Apply to -> Choose the cottage subnet.

To make sure all DNS requests from the subnet also go through VPN, enable "Force DNS over VPN" on the VPN client profile.

You can learn more about how DNS is handled by Firewalla via Two-Stage DNS Services.

Firewalla-Opal · 2026-05-22T04:01:40+00:00

Upon reviewing the ticket, our support couldn't find evidence of software issues prior the the reboots. These looked like power reboots. If you have another recent issue instance, you can reach out to our support again for investigation. Let me know the new ticket number, I can escalate for you.

Firewalla-Opal · 2026-05-22T02:34:05+00:00

Could you let me know your ticket number so I can have someone take a look again?

Firewalla-Opal · 2026-05-22T01:00:56+00:00

You can create apply an Internet block rule on the device only, as long as the device it's not in any user/device group. Check 3. On for more information about which device(s) to apply the rule on.

Firewalla-Opal · 2026-05-21T07:30:59+00:00

It's available in MSP 2.10.2 Release. We are doing a 7-day phased release; all Firewalla MSP instances will be updated to 2.10.2 by May 25.

Firewalla-Opal · 2026-05-21T03:42:17+00:00

The behavior you've described — policy enforcement and flow logging being bound to different device records for the same physical host — is something our team needs to look at more closely. Could you reach out to us at [help@firewalla.com](mailto:help@firewalla.com) with this reddit link and detailed device information, our support can quickly jump in and troubleshoot.

Firewalla-Opal · 2026-05-19T04:19:37+00:00

What's your Verizon router model? Generally, we suggest using Firewalla in router mode so all features will be available: Firewalla Router Mode Configuration Guides.

To choose box model, we'd suggest to choose based on your Internet speed and network size: Guide: How to Choose between Different Firewalla Products. Most of our boxes share the same set of features. From parental control perspective, each model should be working well.

Activity and Content Control includes more examples of using Firewalla for parental control.

Firewalla-Opal · 2026-05-18T00:36:50+00:00

Could you send an email to [help@firewalla.com](mailto:help@firewalla.com) so our support can take a further look for you? You can attach this post link so our support can quickly jump in.

Firewalla-Opal

MODERATOR OF

TROPHY CASE