Firewalla Box Release 1.975 + App Release 1.52

Follow

Comments

18 comments

  • Avatar
    Nathan Thee

    Firewalla Gold Early Access

    Is anyone else in early access having issues with hundreds of thousands, if not millions, of blocked flows? I went from beta, which was working normally, to the early access, and keep getting hundreds of thousands of flows and nearly as many blocked flows. No rule changes at all, and almost all of them report they are blocked by DNS.

    This is after flashing the Firewalla Gold, starting fresh, and setting up all previous rules as I had the before.

    1
    Comment actions Permalink
  • Avatar
    Support Team

    You may tap the "Blocked" in the box main screen and then tap "Top Blocked", it should be able to tell you more details.

    Some IoT device may generate lots of requests if it is quarantined.

    0
    Comment actions Permalink
  • Avatar
    LoRdNeX

    Love that you guys are putting more backup and restore features in. But is there a way to tell it to refresh the backup? I mean if it just pulls the last box's initial setup then it won't restore very much. If that's not the case, at what interval does the backup image get updated with configuration changes?

    I would think it would be better to have the option to "Snapshot" a configuration for a specific box model. then either be able to restore that "Snapshot" to the original box because of a bad configuration, or a new box so you have less needed configuration. I'll post this in my original Feature Request at the following link as that is probably a better place for the full discussion.

    https://help.firewalla.com/hc/en-us/community/posts/5057442750739-Create-Snapshot-for-Backup-or-Restore

    0
    Comment actions Permalink
  • Avatar
    John Schneider

    Really appreciate the Custom DNS Entry Rules!

    0
    Comment actions Permalink
  • Avatar
    Roberto Morales

    Not sure if I am doing something wrong but I dont have the WOL option when I look at the status of an individual device. I changed from beta to early access to get box version 1.975 and be able to test WOL. I am in app version 1.52 (40). Any pointers on what to do?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Roberto, WoL is supported on the latest early access App. Can you go to your TestFlight, upgrade the Firewalla app to version 1.52(80) and try again? 

    0
    Comment actions Permalink
  • Avatar
    Roberto Morales

    I can’t seem to find the upgrade option in the test flight app. Can you provide instructions to do so. Thanks

    0
    Comment actions Permalink
  • Avatar
    Roberto Morales

    Got it. I was able to upgrade in my iphone. I was not able to upgrade in my ipad..

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    I'm having similar problems as Nathan Thee. Most of my IoT devices are not working, Google Speakers just complain that they cannot reach the internet.

    I'm pushing over 4 million flows for the past 24 hours, 92% blocked.

    I opened a Support Ticket.

    1
    Comment actions Permalink
  • Avatar
    Nathan Thee

    Chris Thomas, I tried it again earlier this week with the same result. I even went through and started fresh. Didn’t migrate anything at all and still the same result.

    1
    Comment actions Permalink
  • Avatar
    Chris Thomas

    @Nathan,

    Appears to be affecting my networks which Block egress by default. Disabling the "Block Traffic to Internet" on my networks seems to resolve the issue. It appears that the dns queries are now being blocked, where as before, they were not. Adding a specific rule to permit all traffic to remote port 53, does not seem to resolve the issue.

    1
    Comment actions Permalink
  • Avatar
    Chris Thomas

    Box 1.975 update has completely broken my locked-down networks because the "Block Traffic to Internet" rule is now blocking the response for DNS queries which do not specifically match a firewall allow policy.....

    Example

    I have a firewall policy that permits traffic to vmware.com

    With "Block Traffic to Internet" policy enabled, I can resolve vmware.com, but not download.vmware.com ...

    This means every firewall policy I've written around top level domains (microsoft.comwindowsupdate.comvmware.comroku.comhomeseer.com, etc etc etc) is now completely non-functional because my devices cannot resolve the sub-domains.

    I also cannot resolve the 'firewalla hostnames of other devices on my network.  I.e., NVR software cannot connect to my camera's because it cannot resolve hostname (backyard-wyzecam.fwg).


    Please completely revert this behavior, this is no good.

    1
    Comment actions Permalink
  • Avatar
    Chris Thomas

    Is this behavior change documented in the release notes?  I cannot find it.

     

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    @chris, let me create a ticket for you and we can take a look at your system.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @chris, our developer suggest you to double-check, make sure the allow rules are on the same level as the blocks. If you block something at the network level, the allow rules should be on the same network. If the block is on the same device, the allow should be on the device as well.

    0
    Comment actions Permalink
  • Avatar
    Nathan Thee

    @Firewalla, I am experiencing the EXACT same thing as @Chris. To the T. I sent in a question about this a month ago and never heard anything back other than what you're already said above. The fact that I can go from a completely functional FWG to non-functional, simply by installing the beta or early release, doesn't seem to make sense.

    If the rules not working because of a software change, I think that should have been noted when released. Please help, because I fear when pushed to the stable release, there won't be anything I can do.

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    @Firewalla,

    It was working fine until 5am when the Firewalla Gold applied this update and rebooted.

    I have a ticket open, your team has remote access to my firewalla if they need to verify how my policies are arranged.  We can turn back on all of the "Block Traffic to Internet" policies that I paused and watch the blocked sessions climb into the millions in a couple of hours.

    1
    Comment actions Permalink
  • Avatar
    Nathan Thee

    @Firewalla, I turned on all the "Block Traffic to Internet" rules as well. In the past two hours I have 1.2 million flows and 1.1 million blocked flows.

    0
    Comment actions Permalink

Please sign in to leave a comment.