Firewalla: Focusing on Groups and Users
By popular demand, we're diving deeper into the consumer-friendly features of the Firewalla Purple and AP7 we introduced in our previous post, “Privacy Tool Spotlight: Firewalla Purple and AP7”. We highlighted it as one of the simplest yet most powerful privacy and security upgrades you can make to a home network.
Today we’re focusing on one of its standout exclusive features: VqLAN (Virtual Quarantine LAN). Think of VqLAN as an easy way to create secure, isolated “safe zones” for your devices.
VqLAN lets you place certain devices into their own separate space. They can still talk to each other and reach the internet, but they cannot reach the rest of the devices in your home. Best of all, you do not need to mess with complicated network settings or learn technical stuff. It is perfect for regular families who want better security without the headache.
Why This Matters for Everyday Homes
Modern homes are packed with gadgets: smart lights, security cameras, smart plugs, work laptops, phones, tablets, and more. On a normal home network, everything can talk to everything else. That means if a cheap smart bulb or thermostat gets hacked, it could reach your computers, printers, or files.
VqLAN creates simple safe zones that stop problems from spreading. Your devices still work normally, but they stay protected in their own bubble.
Key benefits of a VqLAN:
- No need to change your network or any settings.
- Works right alongside your regular home Wi-Fi.
- Devices in the same zone can still talk to each other and use the internet.
- Everything else on your home network is blocked.
- You can turn it on or off with one tap in the Firewalla app.
- Works especially well with devices connected to Firewalla’s own Wi-Fi (AP7 or Orange).
Quick tip before we continue: Firewalla lets you easily rename every device. Go to the Devices tab, tap any device, and give it a friendly name like “Living Room Light” or “John’s Laptop.” This makes everything much easier to manage later.
Example 1: New Device Quarantine (Automatic First Line of Defense)
This is one of the simplest and most powerful ways to use groups on Firewalla.
Turn on New Device Quarantine and every unknown or new device that connects gets automatically placed into a special Quarantine Group. You get an alarm, full visibility, and can decide what to do with it (approve, block, monitor, or move to another group).
Quick setup (in the app):
- Go to the main page → + More → New Device Quarantine → Turn it on.
- Done! Unknown devices (visitors, new IoT gadgets, neighbors piggybacking, devices with randomized MACs, etc.) are isolated by default.
What you get: Turning on the option creates a new Quarantine group with all network access blocked. When a device is automatically added, you receive an alarm so you can review it. You will also have the chance to give it a clear, meaningful name before moving it to another group. If you are setting up many devices at once (such as during initial network setup with an existing Wi-Fi name and password), you may want to keep this option off until everything is connected and configured as you like.
Example 2: Keeping Your Smart Home Devices Separate
Smart lights, cameras, and plugs are convenient but often the weakest link in home security. They can have poor protection and constantly connect to the internet. Here is an easy way to isolate them while keeping them fully functional without needing to touch every device:
Simple setup steps (all inside the Firewalla app):
- Go to Devices → Create a new Group called “Smart Home Devices.”
- Add your smart bulbs, cameras, plugs, and similar gadgets to this group.
- Open the group settings and turn VqLAN on.
- For extra safety, turn on Device Isolation. This stops the devices in the group from talking to each other. They can only reach the internet.
For smart home hubs like Apple HomeKit, Google Home, or similar: Keep the main hub and the lights or cameras it controls in the same group so they can work together.
If your phone is in a different group (for example, your personal user profile), you can still control everything using the Allowed Devices option. This lets you create a short list of exceptions. For instance, you can allow your phone to talk to the smart hub or specific lights and cameras even though they are in a separate safe zone. It gives you the best of both worlds: strong protection plus the convenience you need.
What you get: Your smart lights and cameras work perfectly for you, but they cannot reach your phones, laptops, or personal files. If one device ever gets compromised, the problem stays contained.
Example 3: Protecting Work Devices at Home
Many people now use work laptops or phones at home. You probably do not want any risks from those devices spreading to your family’s stuff.
Simple setup:
- Create a group called “Work Devices.”
- Add your work laptop, phone, or office equipment (connect them to Firewalla Wi-Fi).
- Turn VqLAN on for that group.
- You can also add extra rules like blocking gaming or enabling safe search with just a tap.
What you get: Your work devices stay separate from the rest of your home network while still having full internet access. Your personal files and family devices stay protected.
Example 4: Users
Firewalla’s Users feature goes one step further. Instead of grouping by device type, you group everything around each person in your home. It is like creating a personal profile for everyone.
This is especially helpful for families. You can put all of one person’s devices (phone, tablet, laptop, game console) under their name. Then you can apply rules or turn on protection for that person with just a few taps.
Setup steps (all in the Firewalla app):
- Go to Devices → Tap Create User.
- Give the user a name (for example, “Sarah” or “Kids”).
- Add their devices to the profile. You can do this by hand or set it up so devices join automatically when they connect to a certain Wi-Fi network.
- In the user settings, turn VqLAN on.
- For extra privacy, turn on Device Isolation so their devices cannot talk to each other. They can only reach the internet.
Real-life examples:
Kids’ Devices: Create a “Kids” user and add their tablets, phones, and game consoles. Turn on VqLAN and Device Isolation. The kids can still use the internet and play together, but their devices stay completely separate from your work computer, family photos, or printers. You can also add parental controls for screen time and content.
Guest User: Set up a “Guests” profile. When friends or family visit and connect to your guest Wi-Fi, their devices automatically go into this profile. Turn on VqLAN so they can browse the web but cannot see or reach anything else on your network.
Adults in the House: Give each grown-up their own user. This keeps everyone’s personal devices separate while still letting you easily allow access when needed (like printing from a phone to the family printer).
What you get: Everyone has convenient internet access, but with real protection. A hacked kids’ tablet cannot explore the rest of the network. A guest’s phone stays safely contained. The app also shows you exactly who is doing what.
Groups and Users work together nicely. You can combine them for even more control.
Bonus Tips
- Easy exceptions: Use the Allowed Devices option whenever you need something to cross between safe zones. For example, allow your phone to reach the printer, a smart home hub, or a specific camera even if they are in different groups.
- Check it works: Look at the app’s activity log to see that unwanted connections are being blocked.
- VqLAN works best for devices on Wi-Fi. For wired devices, make sure they go through the Firewalla box or a managed switch directly connected to the Firewalla Purple or AP7.
VqLAN gives your home network serious protection using simple, everyday tools. No expert knowledge required.
In upcoming posts, we will cover more helpful features like advanced rules, blocking ads and trackers, parental controls, and VPN setups with the Purple + AP7 system.
Remember: We may not have anything to hide, but everything to protect.
