Firewalla app adds AmneziaWG VPN for blocked networks

Firewalla has released version 1.68 of its mobile app, adding an AmneziaWG VPN Server.

The new server joins OpenVPN and WireGuard in Firewalla's VPN lineup and is intended for networks where standard VPN traffic is blocked or restricted.

Based on WireGuard, AmneziaWG alters traffic patterns so they resemble common UDP protocols rather than typical VPN connections. This can help users maintain a private connection on networks that would otherwise detect and block traditional VPN use.

The feature is in beta and requires Firewalla Box version 1.982 or later. It is available on compatible Orange, Gold Series, and Purple Series beta devices, while the app release is available to beta users on iOS and Android.

On Gold Series hardware, AmneziaWG can run at 1.5 to 2 times the speed of OpenVPN. The protocol also adds obfuscation by changing packet headers with extra data, though this may use slightly more bandwidth and be slightly slower than standard WireGuard.

"AmneziaWG is about giving users true online freedom," said Jerry Chen, Co-founder of Firewalla. "Even in networks where conventional VPNs are blocked, users can connect securely and privately without compromise."

Device controls

Version 1.68 also updates Firewalla's Device Active Protect feature. It introduces Default and Strict modes, adds an option to reset the learning process on supported devices, and can automatically isolate devices when used with the Firewalla AP7.

These changes are designed to give users tighter control over how individual devices behave on a network. The app can now apply more granular policies as Firewalla expands its management tools for homes and small businesses.

Interface update

The app interface has also been revised. Firewalla has introduced a simplified bottom navigation bar for Home, Devices, and Alarms, and added custom avatars to make users and devices easier to identify.

Rules and shortcuts have been repositioned for easier access, while time-based controls have been expanded. Users can monitor internet activity, create app group limits, and apply usage restrictions through Disturb settings, which now support time-based disruptions and more target types.

Network management

Devices connected through the AmneziaWG VPN Server appear within a local VPN network that can be managed through the app. Users can view network flows, receive alarms, and apply rules either to the whole VPN network or to individual connected devices.

The app also supports on-demand activation, allowing devices to connect automatically when they switch to mobile or Wi-Fi networks. Trusted SSIDs can be exempted, and advanced users can set MTU values for each client profile.

Standard production boxes support up to 25 VPN clients, while Gold Pro devices in beta or early access support up to 200. Profiles can be shared by QR code or configuration file, and safeguards are in place to prevent the same profile from being used simultaneously across multiple devices.

Setup for the new VPN option is handled through the app, where users can enable AmneziaWG, add clients, and generate profiles or QR codes for connection through the AmneziaWG client app. Port forwarding may be required in double NAT or CGNAT environments.

Firewalla has operated since 2016 and serves home and small business customers in more than 100 countries.