New Device Quarantine allows you to automatically monitor and control unknown, potentially dangerous devices on your network. With this feature turned on, new devices will be automatically placed into a Quarantine Group and an alarm will be generated.
- Control devices that randomize MAC addresses (e.g. clever kids trying to get around your rules and policies)
- Monitor all unknown/new devices for unusual or suspicious behavior.
- Apply custom "rules" and "routes" to these devices
What's new in this newsletter:
- Identifying unknown devices
- Locking down devices that have MAC randomization turned on
How do I enable New Device Quarantine?
- Go to your box's main page.
- Scroll down and tap on the "+ " more button.
- Tap on New Device Quarantine and turn it on.
- Go back to the main screen and tap on Devices. You'll see a new Quarantine Group.
- If you have a Gold or Purple, you can apply this feature to specific networks.
How can I customize my Quarantine Group?
The Quarantine Group comes with two pre-defined rules to block new devices from accessing the Internet and other segments of your network. Otherwise, you can treat the Quarantine Group like any other device group:
- Add or modify the default rules
- Add or remove members from the group
- Set Routes for traffic from the group
- Send the group's traffic over a VPN using the VPN Client
What do I do with quarantined devices?
New Device Quarantine allows you to keep tabs on new devices and limit their risk profile, giving you the time and confidence to decide if they're trustworthy. Let unknown devices run for a while and use Firewalla to observe what their normal behaviors are.
If you decide to trust a device, you can easily release it from quarantine by simply navigating to the Quarantine Group, swiping left on the device, and tapping "Leave Group".
How do I identify unknown devices?
When a new device appears on your network and it isn't apparent what it is, you can try:
- Looking at its network flows for clues
- Checking the MAC address to see who its vendor could be
- Double-checking for new IoT devices that may have joined your network by invitation
- Checking for patterns in the time the device joins or leaves the network
You can always block the device and see what is broken.
How do I control devices with MAC Randomization?
Clever kids might try getting around your rules by turning on MAC randomization on their devices, which periodically changes a device's MAC address. Firewalla will recognize a device as new each time its MAC address changes.
This makes New Device Quarantine a good way to enforce your policies, since new devices will be automatically limited by the rules you set for your Quarantine Group. However, we recommend disabling the random MAC feature on your device as a best practice.
This newsletter is a shortened version of our article explaining New Device Quarantine. For more details about this feature, read our full article on Firewalla New Device Quarantine.
This is part of our Firewalla Weekly Newsletter. You can sign up here https://firewalla.com/weekly.