How to Install Firewalla Gold

Authored by: Support.com Tech Pro Team

1. Introduction

How to Install Firewalla Gold

2. Resolution

STEP 1: Download and Install Firewalla App

STEP 2: Get to Know the Hardware

• Firewalla has 4 fully-routable ethernet ports, numbered 1,2,3,4
• Port #4, the one with the yellow square is the default WAN port in the Router Mode, it is also the default port for Simple and DHCP mode.
• The Serial Console can be used in the future to access the unit’s console.  Please DO NOT connect ethernet cables to this port.
• When you first receive the box, all the ports have dust covers on them. If you are not using a port, please leave the cover on.
• The Gold will always power on by itself when power is applied to the unit.  

• The power button is only used when you want to shut down the unit. (Long press the button for 5 seconds to shut it down)
• A red security dongle with the Firewalla logo is plugged into one of the USB ports.  It is used for box pairing and activation. Please DO NOT remove it. 
• HDMI is not used at the moment.
• The reset button can be used for rebooting the unit, it is NOT for Factory Reset. 

The Gold is passively cooled, so please place the unit in a well-vented area.

The Aluminum case conducts heat well, so it will feel hotter when you touch it.  From our manufacturer "the surface temperature will reach 60°C / 140°F when the room temperature is 31°C / 88°F and all CPU cores are 100% loaded".

STEP 3: Wire Up the Box

Before wiring up the box, you need to decide on the following:

Do you want to use Firewalla Gold as your main router?

• Yes, set up as a router - Router mode (recommended)
• No, add to the existing network
  
• Simple/ DHCP mode, no need to rewire. 
• Transparent Bridge Mode 

If you plan to mount the Firewalla Gold before pairing, please make sure you take a photo of the QR sticker on the bottom, you will need that to pair the unit. Mounting plates will cover it up.

STEP 3-1: Yes, set up as a router (Router Mode) - Recommended

We highly recommend using the Firewalla Gold in router mode. In this mode, the Firewalla Gold will become your main router and it will manage your network inline between your network and your ISP modem/router.

Not all networks are the same, and not everyone has the same service providers. To make your life simpler, we start the "Router mode configuration guide" to demonstrate how Firewalla boxes can be running as routers in different ways. 

The main advantage of the router mode is: 

• Firewalla will be able to manage your traffic inline.
• All the routing functions of your network will be done by Firewalla, and your Wifi router can use the extra CPU cycles to provide you with better Wifi.
• Each LAN port can be configured later as an individual network segment or one big segment.
• Firewalla Gold is optimized to use this mode.
• Unlike Simple/DHCP modes, this mode does not have compatibility issues.
• If you have triple-play services over VLAN's setup required by your ISP, please see this guide. 

Scenario A. You have an ISP-provided integrated modem/router

Connect Gold's WAN Port to the LAN Port of Modem/Router, then connect your devices to Gold's LAN ports. 

1. You will need extra wifi devices such as a wifi router, wifi mesh router, or access point (a wifi-only device) to connect to Firewalla. It is best to run these devices in Access Point mode. 
2. To avoid double NAT in your network, turn off the routing function of the modem/router (change it to Bridge mode). 
3. If you do not have an extra WIFI router and do not want to purchase an extra WIFI router, please go to Simple or DHCP mode.

Scenario B. You have your router connecting to an ISP modem

Connect Gold's WAN Port to the LAN Port of Modem, then connect the router's WAN port to one of the LAN ports of Gold. After connection, please configure your router into AP mode or Bridge mode.   

Scenario C. You have a mesh network 

Connect Gold's WAN Port to the LAN Port of Modem, then connect the primary device (not the satellite device) 's WAN port to one of the LAN ports of Gold. After connection, please change the mesh router into AP mode or Bridge mode. Check out our guide on specific brands/models.

If you have a Google Wifi Mesh Network ( Here is an additional Guide ).

STEP 3-2: No, add to the existing network (Simple/DHCP mode)

Simple and DHCP mode is best to be used if you just want to augment your network with the security monitoring capability of the Firewalla. These two modes do not require you to rewire your network.  

• This article describes how the simple DHCP mode works.
• This article has the compatibility guidelines for simple/DHCP/and mesh routers.
• The Gold's DHCP mode is a bit different, please see this guide for Gold DHCP mode 
• Each LAN port can be configured later as an individual network segment or one big segment.
• When in Simple/DHCP mode, the normal LAN ports will have a different network than the Simple Mode / DHCP mode.  (They are not bridged)

Scenario A. You have an ISP-provided integrated modem/router

If you are using the modem/router combo provided by your ISP,  you just need to connect the Firewalla box's Ethernet Port 4 to one of the LAN ports of the modem/router.  

Scenario B. You have your router connecting to an ISP modem

Connect the Firewalla box's Ethernet Port 4 to one of the LAN ports of the router. Make sure the mobile phone running the Firewalla App during installation is connected to the WIFI network provided by the same router that the Firewalla box is plugged in.  

Router mode is much more efficient to handle this scenario.  You don't have to worry about router compatibility and tell Firewalla how your network is configured.

Scenario C. You have a mesh network 

Connect Gold's Ethernet Port 4 to the LAN port of the primary device (not the satellite device).  After installation, please disable the monitoring of the satellite devices in the Firewalla app after app installation.  You will find more Mesh Router Guide here.  

Router mode is much more efficient to handle this scenario.  You don't have to worry about router compatibility and tell Firewalla how your network is configured.

Scenario D.  Advanced Simple Mode

If you want the Firewalla Gold to monitor multiple networks (this is not the usual configuration, most of you will not need this), please see this guide https://help.firewalla.com/hc/en-us/articles/360053353753 

STEP 3-3: No, add to the existing network (Bridge Mode)

Firewalla Transparent Bridge Mode is a way of placing a Firewalla device physically in the middle of an existing network without modifying the IP address of the network. Use bridge mode if:

• If your network is not compatible with the Firewalla Simple Mode and you don't want to use the DHCP mode.
• Preserve existing router functions due to compliance or complexity of replacing the router.
• Filter traffic without creating additional networks.

Scenario

Connect Gold to the LAN Port of a Router, then connect your devices to Gold's other ports. All network flows passing through Firewalla will be monitored and controlled. 

Learn more about bridge mode. 

STEP 4: Pairing Firewalla App with the Box

Before pairing, 

1. Reboot the modem/router before installing Gold in router mode. Some service providers may require you to do this when using a new router. 

2. Make sure your mobile phone has internet access. If you are setting up the Gold in router mode, and your phone is still connected to WiFi, switch to cellular mode. 

3. Turn on the DHCP function on your router if you have turned it off before. Otherwise Gold may not be able to get its IP Address from it. 

Open the Firewalla App on your phone, tap on the "+" icon, and choose Firewalla Gold, the App will guide you to wire up the box. 

When Firewalla Gold is found, the App will ask you to scan the QR code on the bottom of the Gold box. 

Known issue: The Firewalla Android App may accidentally pick up the wrong code (serial code) next to the QR code, you can use your finger to cover up the serial code before scanning.  

Next, select the model based on the wiring you did in STEP 3. Once the mode is set, and the Box is wired up correctly. Firewalla will automatically set up the network.

STEP 5: Get Started

• Migrating From Red/Blue
• Firewalla Gold commonly asked questions and known problems
• Network Configuration and Segmentation using the Network Manager 
• Device Groups
• Manage Rules
• Network Segmentation Usecases
• Getting Started With Your Firewalla
• Troubleshoot guide (coming soon)
• Try our beta web interface
• Other Firewalla Gold documents

How to Mount the Unit

Firewalla Gold - Original

1. Locate the two screw holes reserved for the wall mount rack on the cover of the Firewalla box. Take note of the directions of it.
2. Place the wall mount rack upon the cover in the direction as the photo shows. Tighten up compatible screws to lock the system to the rack.
3. Adjust the box with the wall mount rack to the wall and lock it to pre-punched holes in the wall by tightening up the above-marked screws on the top side.
4. Tightening up the other screws on the bottom side. Check to make sure the screws are matched and fixed stably. 

Firewalla Gold - Rev B

1. Locate the four screw holes on the wall mount rack and lock it to pre-punched holes in the wall by tightening up the screws.
2. Locate the four screw holes on the cover of the Firewalla box, and tighten up with the four screws highlighted in yellow color.
3. Turn the box over, and insert the screws into the four gourd-like holes in the middle of the wall mount.
4. Check the placement of the box, once you are satisfied, pull the box downward and secure four screws into the small end of gourd-like holes.