VPN Routing for XXX Sites

I bought a Firewalla for family members in a state where internet blackouts may happen. I’m trying to set up the unit to route only the XXX content through the VPN for them. There doesn’t seem to be an option for that in routing; the only option available for XXX is in rules. However, rules don’t appear to allow routing. How can I achieve the goal of routing just this content to the VPN?

I manage a similar setup for other sites by using a custom target list with all the domains I want to include, then set it up as follows:

  • Matching: my custom target list
  • On: devices to include
  • Interface: VPN client (your privacy VPN)

You can check the documentation here: https://help.firewalla.com/hc/en-us/articles/360061592433-Firewalla-Policy-Content-Based-Routing

@Jade
I considered that, but I’m not sure these folks can handle the technical side. I was hoping the default list would suffice. Currently, I can’t use it for routing. I wish they would allow it to be flagged like the other lists available in both rules and routing.

@Baer
Not sure if they have the gear, but if you could create an SSID that uses a VLAN, then you could create a VLAN on the Firewalla and establish a rule to route traffic from that VLAN subnet over the VPN interface.

When they want to watch adult content, they connect to ‘porn-Wi-Fi’; when they don’t need VPN routing, they can switch to normal Wi-Fi. Just a thought…

@Baer
Can you manage their Firewalla for them? If so, you could manage the target list and configure it in the app, so they wouldn’t need to do anything else.

Jade said:
@Baer
Can you manage their Firewalla for them? If so, you could manage the target list and configure it in the app, so they wouldn’t need to do anything else.

Yes, I just extracted the first 600 domains from a blocklist and hope I won’t have to have the conversation about what sites they visit for adult content.

Unfortunately, the categories in Routes are not the same as those in Rules.

I have no idea why.

Miko said:
Unfortunately, the categories in Routes are not the same as those in Rules.

I have no idea why.

Is there a way to request parity? I noticed that three lists are already duplicated.

@Baer
Sorry, I saw the subreddit name and thought it was u/firewalla that replied.

Baer said:
@Baer
Sorry, I saw the subreddit name and thought it was u/firewalla that replied.

Send them an email with your request. That’s what I did.

The simple truth is that blocking content is much easier than routing traffic. To block content, you only need a few key sites; however, to route traffic, you need to account for all possible (current and future) sites. The challenge is with future domains. This issue can become troublesome with popular sites and apps, which tend to be blocked or time-sensitive.

If the sites you need to route are straightforward, you can use a target list, but this will require ongoing management on your part.

@Taj
I understand. I’m trying to find a solution for some family members while I’m here for the holidays.

Your point about future domains is key, and that’s why having the same curated list from rules available for routes would really help.