u/Firewalla-Ash

You can create a VPN Group to connect to multiple external VPN services. If one connection drops, Firewalla will fail over to the next one.

For more details on VPN Groups: https://help.firewalla.com/hc/en-us/articles/360023379953-Firewalla-VPN-Client#01JN50QA7NS9WJZMQEP4S902WP

• A new Rules card for more visibility
• "Family" is now "Controls", with more quick control options for your network.

Question to you: Do you think "Ad Block" or other features should also belong in Controls?

Without DAP, you'd need to manually examine network flows and maintain allow rules for each of your devices. While it may work initially, it's not practical to keep up to date.

DAP does the hard work for you. Just go to Protect > Device Active Protect and turn it on.

Commonly asked questions:

Can DAP isolate my device on the local network?

• Yes, with Firewalla AP7 and App 1.68 or later, DAP can automatically enable Device Isolation if it determines that it does not need local communication.

Why are my devices ineligible for DAP?

• Only certain "simple" IoT devices are eligible for DAP. Devices with more complex online activities are NOT eligible, such as smartphones, computers, tablets, etc.
• Even IoT devices that appear simple may not be eligible because of their complex behaviors.
• Over time, DAP may eventually move ineligible devices back into the Learning phase.

For more details on how DAP works: https://help.firewalla.com/hc/en-us/articles/44061066094867-Device-Active-Protect-Dynamic-Microsegmentation-Block-everything-and-allow-only-what-s-needed

Strict Mode allows devices to enter the Active phase. This means that DAP has a full understanding of device behavior and will not allow most sites. (Compared to the Optimizing phase, which may allow more sites than needed.)

Learn more about DAP here: https://help.firewalla.com/hc/en-us/articles/44061066094867-Device-Active-Protect-Dynamic-Microsegmentation-Block-everything-and-allow-only-what-s-needed

Current content controls are embedded inside the "Family" button, and many important things like NRD filtering are behind "Target Lists" under Rules.

In App 1.69, we are going to make this simpler by combining all the important content filtering under "Controls" (replacing the Family button), and you can easily manage global rules.

(We are not removing anything, just making things easier to find and turn on.)

Here's a quick mock of the new design. Please let us know what you think.

What else would you want to show here? It may be hard to make it configurable, so the first phase will be automatic.

(The buttons would be dynamic, based on the most recently used. The first icon is your recent device, the second is recent group/user, the third is recent feature or speed/performance related, and the fourth is a feature that is hidden or disabled.)

MSP Active Protect now uses Firewalla AI and can provide more accurate key information for Security Activity or Abnormal Upload Alarms, and reduce even more false positive Alarms.

We've also added the WAN throughput, CPU, and Memory Usage on the Single Box MSP dashboard and a new Alarm AI Summary for Email Notifications.

(Note: Firewalla AI is optional. AI-generated content may not always be accurate or complete — always verify important information before taking action.)

Check out the full details here: https://help.firewalla.com/hc/en-us/articles/49811464349075-MSP-Release-2-10-New-Single-Box-View-Email-Notifications-Merge-with-My-Firewalla-more#h_01KQD24VRYEZA35PNAE765A5MP

Alarms help notify you of anomalies in your network. It's important to always review these on time and to investigate the destinations your devices access.

Coming soon in MSP 2.10.2 and App 1.69, we'll be improving your Alarm experience so that Firewalla AI can better analyze Alarms and evaluate risks.

Learn more about Zero Trust: https://help.firewalla.com/hc/en-us/articles/36325500638739-A-Secure-and-Better-Network-with-Firewalla-Part-4-Zero-Trust-Network-Architecture

Learn more about Handling Alarms: https://help.firewalla.com/hc/en-us/articles/48455312216595-Handling-Specific-Firewalla-Alarms

User Identity is important in Zero Trust and Enterprise Security because it helps you decide what each user can access. (MAC Address identification will work, but it is a weak way to identify users since MAC can be changed or randomized to appear as something else.)

With AP7 or Orange Wi-Fi, you can identify devices so they are dynamically sent to their User:

1. SSID: Create separate SSIDs and passwords for each user. (Best for small setups or fewer users, since too many SSIDs will reduce performance)
2. PPSK: Use a single SSID and unique personal keys for each user. (Doesn't support WPA3, and not supported on Orange)
3. WPA3-Enterprise: Use a single SSID and set Usernames and Passwords for each user, properly authenticating logins with Firewalla's RADIUS server. (May not work with IoT devices)

Since networks can be very diverse, most of the time you will need to mix the above methods to fit your network.

• More on User Identity: https://help.firewalla.com/hc/en-us/articles/23857921094675-Firewalla-Feature-Users#h_01HMCPKB509WNMD8GBBDMK3FJR
• More on Zero Trust: https://help.firewalla.com/hc/en-us/articles/36325500638739-A-Secure-and-Better-Network-with-Firewalla-Part-4-Zero-Trust-Network-Architecture#h_01KQABQ5A2HY5Y4K9KPNBE1WRB