NetHound logoNetHound

Level 2

Add a Firewalla Purple inline with a dedicated access point

This level creates a new protected network path instead of trusting the old one. It is a larger project, but it gives you much better control over how traffic is enforced.

What this level changes

Level 2 moves you from “set a safer DNS value” to “force traffic through a security appliance.” The Firewalla sits inline so the protected devices cannot reach the internet without passing through the new control point. The dedicated access point matters because you want kids’ devices using the new path, not the old unmanaged Wi-Fi.

Planning checklist

  • Map the current path from modem to router to Wi-Fi.
  • Identify any old ISP Wi-Fi that would remain an easy bypass.
  • Decide which SSID will become the protected family network.

Implementation steps

  1. Place the Firewalla Purple between the internet handoff and the downstream network you want protected.
  2. Confirm the Firewalla is deployed inline, not only observing traffic off to the side.
  3. Connect a dedicated access point behind the Firewalla and bring up a clean protected SSID.
  4. Name that SSID clearly so you can distinguish it from the older unmanaged network.
  5. Move the kids’ devices and your test devices onto the new protected SSID.
  6. Enable the relevant Firewalla family or category-blocking policies for that network segment.
  7. Disable, isolate, or at least stop using the older Wi-Fi path that sits outside the new control point.
  8. Run the NetHound test from the new SSID and compare the results with the older network path.