How to Setup Mesh Routers Simple and DHCP modes on Firewalla App

Authored by: Support.com Tech Pro Team

1. Introduction

How to Setup Mesh Routers Simple and DHCP modes on Firewalla App

2. Resolution

[This article applies if you are running your Firewalla in Simple and DHCP mode only, this does not apply to Router mode in Firewalla Gold ]

We absolutely love the newer generations of meshed routers. We use them at home and at our office.

However, we have noticed some strange things happening when Firewalla connects the mesh network, such as not being able to access the internet or loading a website is very slow. This is mainly due to the conflict between satellite boxes and Firewalla. Our recommendation of the solution is, disable the monitoring of satellite mesh devices in the Firewalla app. This won't affect Firewalla's monitoring of devices that are connecting to the satellite boxes via Wi-Fi.

If you are running the Firewalla Gold in router mode, all you need is to turn on Bridge or AP mode on your mesh. There is no need to do anything extra.

To disable monitoring of satellite devices:

1. Tap on "Devices" icon.
2. Find the satellite devices from the list, usually, the devices name is like "Google", "Linksys", "Orbi or Netgear", "Orbi / Orbi Pro".
3. Tap on the device name, scroll down to the bottom of the page, swipe the "Monitoring" button to turn it off.

When a device's monitoring is turned off, in the device list UI, you should see a blue icon, which indicates "monitoring off", next to the device name.

Some vendor mesh routers may need additional configuration to use a certain feature, or bypass some known issue, they are listed below by vendor.

• Google Wifi
  - Connectivity issue
  - Use VPN Servier
• Linksys Velop
  - Network slowdown
  - Use IPv6
• TP-Link Deco (M5)
• Eero
• Wifi Extenders in General

Google Wifi / Nest Wifi

For Google Wifi, we recommend using the DHCP mode. See this article.  The workaround for simple mode only works for some users. 

If you still want to try your luck with simple mode, try these workarounds: 

Firewalla simple mode is compatible with some Google Wifi deployments using workarounds from below. We know some Google wifi deployments will require DHCP mode instead of simple mode. 

* Note: There is quite a lot of confusion when talking about Google Wifi. Here we are referring to the latest router from Google as Google Wifi Not the older router from Google also called Google Onhub: Currently, Google Onhub is not compatible with Firewalla.

Connectivity issue:

If you are running into connectivity issues, there are several tricks you can try:

• Turn off Guest Wifi
  We have recently heard one issue with Google Wifi + Guest Wifi. If you running into issues, please turn Guest Wifi off.
• Turn on the Family Mode
  by tapping on the family mode button. We have found google Wi-Fi  built-in DNS may crash. The family mode will curcumvent this issue. We are working on a better solution. Another solution is to manually set DNS server on the device. 
• Changing DNS to Customized DNS
  We also worked with one customer on the issue related to a slower DNS problem; if you encounter this, please do not use Automatic mode in DNS; use the option to manually give the DNS address. According to Reddit, this is a possible Google Wifi Bug.
  Tutorial on How to Change Google DNS to Custom 
• Turn off Wifi Point Usage Stats, Turn off Google Wifi Cloud Services 

• If the problem persists, try the experimental mode. In the Firewalla app, select "Monitoring", and under the mode option, select "Experimental Simple Mode".
  We have one customer who confirmed this works.

To Work with Firewalla VPN Server:

To work with the Firewalla VPN Server feature, we recommend turning off its port mapping capability. Turn on UPNP feature instead. Detailed instructions are as follows:

1. Turn off Firewalla monitoring globally in Firewalla App

1. Open Google Wifi App, Settings → Network & General → Advanced networking, remove all
   DHCP IP reservations and Port forwarding. Then turn on UPnP. 

1. Turn OFF and ON VPN feature in Firewalla App. In this step, Firewalla will automatically create a UPnP port mapping on Google WiFI port 1194.
   (Ignore "Need Manual Step" info in the app if you see it in the VPN settings page, it's a bug. Optionally you can reset the profile and password to clear the "Need Manual Step" flag.)

1. Test if OpenVPN works.
2. Turn Firewalla monitoring back on
3. Test if OpenVPN still works.

Linksys Velop

Firewalla simple mode is compatible with Linksys Velop.

Network slowdown:

If you encounter issues with slowdowns, please turn off express forwarding via Connectivity Configuration. De-select Express Forwarding.

Use IPv6:

When the ipv6 feature is turned on, you 'may' need to disable Linksys ipv6 SPI firewall.

TP-Link Deco (M5)

Some customers have said the TP-Link Deco (M5) will work with Firewalla's Simple mode.

Eero

Firewalla simple mode is NOT compatible with Eero v1, please use Firewalla DHCP mode instead.

Eero V2 should be compatible. The newer Eero Pro Wifi 6 units may need to go to DHCP mode instead, please see this guide.

ASUS Mesh

We have some customers reporting issues with Asus Mesh in Simple mode, and we are investigating. If you have issues with it, please let us know. If you don't have any issues with it, please let us know that too. (help@firewalla.com)

Wifi Extenders in General

These are strange beasts. We have seen these extenders remap device MAC addresses. If you have seen your device keep on changing MAC arresses or have strange devices it is likely these extenders dynamically remapping device MAC addresses. Also, it is a good practice to turn off monitoring on the extenders.