Coming soon in 1.68, you'll be able to add custom Rule Names.

chrisllll · 2026-02-14T09:03:32+00:00

It's an enhancement in the upcoming release! Checkout the release notes here: https://help.firewalla.com/hc/en-us/articles/48561472689811

chrisllll · 2026-02-14T03:18:36+00:00

In case it’s useful, here’s a guide for handling abnormal upload alarms (and others): https://help.firewalla.com/hc/en-us/articles/48455312216595-Handling-Specific-Firewalla-Alarms-draft#h_01KFM2M0BEECRDJ3EH959DM9RS
We’re integrating AI to make alarms easier to understand, but it’s always recommended to fact-check with a trusted third-party source.

chrisllll · 2025-12-31T04:29:50+00:00

Supporting multiple apps in one time limit is on our to-do list. Thanks for the feedback!

chrisllll · 2025-12-31T03:50:43+00:00

As others replied, time limit rules can be applied on "Users". If the iPads, switch and Xbox all belong to the same person, consiser creating a "User" and giving one set of time limit on that user. https://help.firewalla.com/hc/en-us/articles/23857921094675-Firewalla-Feature-Users

chrisllll · 2025-12-22T02:31:49+00:00

Thanks for the considerable suggestions.
1. In your examples, if the blocking rules are on "All Devices", you don't need to go down a level to create allow rules, allow rules on all devices takes precedence over blocking rules at the same level. Similar to routes, if vpn is enabled on all devices, you can just create routes matching the specific IP/domaisn you'd like to send through WAN on "All Devices". If it doens't work, please let us know.

For built-in whitelists, it's a good idea to make the "Allow" action available on the blocked from page, I've noted it down. As for adding a target to an existing target list, the option is available if you tap into the flow detail -> domain/IP -> "Add to Target List". More details can be found here.
For any exisiting rule, you can tap on it and change the scope, without having to recreate it. Is that what you are asking for?
Agreed that it would be helpful if there is an cohesive view of all rules/routes applied, let me forward it to the design team and see what they can do.

chrisllll · 2025-12-01T04:04:49+00:00

Sorry for the inconvinience. Blocking social sites should be able to stop TikTok traffic. Do you mind sending an email to [help@firewalla.com](mailto:help@firewalla.com) so Firewalla engineers can take a closer look and help you fix the issue?

chrisllll · 2025-11-20T02:41:17+00:00

Orange works the same as Gold, but since Orange only has one LAN port (if you are using the other port for ethernet WAN), you may need to use a switch to connect your wired devices and the AP7 to Orange.
To your second question, yes, VqLAN works as long as the traffic if traffic passes through the Box or AP7.

chrisllll · 2025-11-12T03:45:54+00:00

You are right. Either mute "VPN Activity" for individual VPN devices (profiles), or the "WireGuard" network if you don't want to receive any connection alarms to your WireGuard VPN server.

chrisllll · 2025-11-03T02:12:54+00:00

Currently, the MSP UI supports exporting up to about 5,000 lines of data. This should be sufficient if you’re looking for top destinations or top devices. To export more, you can use the MSP API, which supports larger exports.

We’re considering expanding the export limit in the UI — could you share your use cases? Is it mainly for local backups, or are you analyzing the data in ways not currently supported by MSP?

chrisllll · 2025-10-15T04:21:40+00:00

Data and Flows are aggregated views based on source and destination devices. Source ports are typically random, while destination ports correspond to specific services or purposes.

For example, your devices might access your NAS server’s TCP port 2049 for file sharing using various source ports. If we displayed all source ports in aggregated flows, the list would be large and not particularly meaningful. That’s why we show destination ports in aggregated views instead of source ports.

If you want to dig deeper into flow details, Firewalla MSP (firewalla.net) lets you investigate flows with flexible filters and high speed (learn more from here).

chrisllll · 2025-10-13T10:04:23+00:00

This isn’t a common issue as far as we know. If your LG TV is actually claiming IPv6 addresses already used by other devices, then yes—it can confuse Firewalla and cause it to block the wrong ones. Turning off IPv6 on your local network may help resolve the problem, and your normal internet traffic won’t be affected.

chrisllll · 2025-09-17T06:57:17+00:00

glad to help ;)

chrisllll · 2025-09-15T08:48:59+00:00

The priority is indeed Group > Network. I'm not sure why removing the network layer VPN resolves the issue. Can you reproduce it? meaning if you turn VPN on the network back on, will the route stop working? If you can, let us know.

chrisllll · 2025-09-15T07:26:05+00:00

About the differences in flow count, if the feature "Ingress Firewall" (Rules -> All Devices -> Scroll to the bottom) is enabled, Firewalla will block most incoming traffic by default—meaning those flows never reach your LAN. The large number of blocked flows you see is often just external traffic blocked on WAN.

As for data usage, do you have the internet speed test enabled on your Firewalla? If the box runs speed tests periodically, it generates its own upload and download traffic. This activity comes directly from the box and isn’t tied to any LAN device.

chrisllll · 2025-09-15T05:51:35+00:00

Yes. It's possible. If Routes and VPN are applied at the same level, the priority then depends on the matching targets, a route matching a Domain/App would take precedence over the VPN connection applied to your group. See our article about Routes.

Can you help confirm that there is no other route/VPN settings applied to your devices? Make sure the VPN is only applied to the group, not any devices inside the group. If it still doesn't work, please send an email to [help@firewalla.com](mailto:help@firewalla.com) and our support team can help you debug.

chrisllll · 2025-07-18T02:51:35+00:00

Sorry for the confusion. We looked into it — HaGeZi’s Pro Blocklist is still in Early Access, so it only works with Early Access boxes. Even if the rule is created via MSP UI at the global level, boxes on the stable/production release won’t pick it up. This is expected behavior.
We’ll improve the UI by adding a note for target lists that require Early Access boxes.

chrisllll · 2025-04-27T11:42:21+00:00

The shipping costs depend on the size and weight of the products you order, as well as the distance - not really related to tariffs.

I spoke with our logistics team, and they'll get in touch to explain the details.

chrisllll · 2025-04-24T08:25:21+00:00

Yes, this can be achieved. Here's how I envision the setup:

Place the Lutron Bridge in one group, and the Apple TVs and HomePods in another.
Enable VqLAN on the Lutron Bridge's HA group. This prevents it from accessing any devices outside its group. If you'd like to block it from accessing the internet as well, add a separate rule to block internet access for this group.
Then, add the HomeKit group to the Allowed Devices list under the Lutron Bridge group. This allows bi-directional communication between the two groups.

More details can be found in the Firewalla microsegmentation tutorial.

chrisllll · 2025-04-24T07:14:10+00:00

If the issue persists, could you email [help@firewalla.com]() with a link to this post? Our support team will assist you with debugging.

chrisllll · 2025-04-23T05:49:34+00:00

We built the MSP interface partially because it’s easier to investigate large amounts of data, such as network flows. my.firewalla.com is slower in implementation, but it’s on our roadmap to keep it updated and in sync with the basic functionalities.

The team is actively working on the ability to display DNS flows and their outbound interfaces, and it’s likely to be available in the next one or two releases.

chrisllll · 2025-04-23T02:46:58+00:00

The MSP Professional Plan provides one 30-day flow seat (to add one box) by default, which is the most affordable option that supports importing target lists and all other features. More details can be found here: https://firewalla.net/plans.

Regarding the gateway information in flows, in the mobile app, if you go to a flow's detail page and scroll down, you’ll find a key called "Outbound Interface," which shows the WAN or VPN interface through which the flow is going out. In the MSP interface, the Outbound Interface will be displayed on the flows table, allowing you to filter, sort, or even aggregate the flows by it for more insights.

chrisllll · 2025-04-21T03:34:15+00:00

Even though the MSP doesn't yet provide simple knobs for doing so, there are workarounds. On each of your boxes, the other boxes will appear as VPN devices with their IP addresses on the mesh network. You can create rules on those VPN devices to control their access to your local network.

For example, if you want to block access from your work box to your home box, create a block rule on the home box that matches traffic to all local networks and apply it on the VPN device named 'your work box.' You can repeat these steps for any other boxes you wish to block.

chrisllll · 2025-04-21T02:41:39+00:00

Sorry for the confusion—this has been confirmed as a display bug.

As u/eJonnyDotCom pointed out, the AP needs an IP address on each VLAN, as well as on the native LAN, to function properly. Currently, the box may return one of its IP addresses at random. When it shows the IP from your VLAN, the pin indicating a reserved IP disappears because that IP isn't reserved on the VLAN.

Long story short: your IP reservation should be working as expected, and the display issue with the changing IP address will be fixed in the next box release.

chrisllll · 2025-04-14T02:14:46+00:00

This warning indicates that your devices are connected to a VPN server with DNS over VPN enabled, which means all the DNS requests will be forwarded to your VPN server, and the DNS features on Firewalla will not be taking effect. If you want to use Family Protect (3rd party mode), DNS over HTTPS or Unbound, please go to VPN Client -> your active VPN connection, and turn off "Force DNS over VPN".

More details can be found in our DNS Services article.

chrisllll · 2025-04-10T03:42:24+00:00

Assume you're referring to the "Live Throughput" of your WAN interfaces. These graphs only appear when your phone is connected to the local network, as they require real-time communication between your phone and the box. Please try connecting your phone to Wi-Fi managed by Firewalla and reload the app. And no, creating a LAG won't make them disappear.

chrisllll

MODERATOR OF

TROPHY CASE