To support Firewalla's key features, such as cyber security protection and parental controls, your Firewalla box analyzes network traffic and raises alarms when it detects certain activities, such as:
- Connecting a new device
- Possible cyberattacks
- Abnormal uploads
- Playing a game
- Watching videos
- Accessing adult content
- Connecting to the Firewalla VPN Server
- Malware downloads
- Open ports
- Internet connectivity updates
- SSH/HTTPS hacking attempts
- And more!
Read on to learn how you can manage and customize Firewalla alarms to meet your needs:
Here's a short video tutorial on alarm management:
When reviewing and responding to alarms, please note:
- Unless specified, activities are allowed by default until they're blocked.
- All alarms will be automatically deleted in 30 days, including archived alarms.
- Not all blocks will result in alarms. We only show blocks that may be of value to you.
Alarm Handling
Tap the Alarm icon on your Firewalla box's main page to find a list of alarms from the last 30 days.
Alarm Detail
Tap an alarm once to bring up an alarm detail page with information like:
- Device IP and name
- Site registration
- Server location
- Data transfer between your device and that site over the past 6 hours
If you want to learn more about the website or the IP address your device is communicating with, you can tap on the domain or IP address, and choose to look up more security info about the destination/source on a 3rd party website.
You can Block, Mute, or Archive an alarm to fine-tune what kinds of activities the alarm system will send you an alarm about.
Block
By taking the Block action, you tell your Firewalla system that the activity it has detected is NOT safe and you want to block it in the future. To Block, tap on the "Block" button.
A dialog will pop up and let you choose a target:
- The IP Address
- The domain and subdomains
- All sites in the corresponding category
The difference between blocking a domain, a site, or an IP address boils down to the number of IP addresses being blocked (Domain > Site > IP address).
After you select a target, you can then choose to apply the rule to:
- The device
- The group or the network the device belongs to
- All devices
When you block something:
- The current alarm and all similar alarms you see in the alarm list will be archived.
- The system will create a Block rule.
- All similar activities will be blocked automatically by Firewalla in the future.
- The generated rule can be seen in Rules. To view, edit, or delete it, learn more about Rules.
Mute
By taking the Mute action, you tell your Firewalla system that you don't want to receive alarms about similar activities in the future. Under the alarm that you want to Mute, tap on the "Mute" button.
A dialog will pop up to let you choose a target:
- The IP Address
- The domain and subdomains
- The alarm type
Then, you can choose to apply the policy to:
- The device
- The group or the network the device belongs to
- All devices
For all Gaming Activity and Video Activity alarms, you can quickly choose to mute the alarms on all devices for 1 hour or until the end of the day. This helps you to temporarily turn off these activity alarms so you don't have to remember to turn them back on. If you want to permanently mute these alarms, tap on "Always Mute" to further configure the action.
When you mute something:
- The system will create a "Mute" setting in the corresponding alarm category's Specific Settings. You will not receive alarms for similar activities in the future.
- The current alarm and all alarms matching the Mute setting you created will be archived.
- To undo the mute action, you can delete the corresponding setting in the alarm category's Specific Settings, or find the archived alarm and tap "undo mute".
For example, if you choose to "Mute domain googlevideo.com, apply to device Macbook Air", Firewalla will generate a specific mute rule in Alarm Settings -> Video Activity. No alarm will be generated and sent when Macbook Air accesses *.googlevideo.com.
You can also mute alarms by selecting a Target List. For example, if you want to mute alarms from a list of IPs used by Ring services but don't want to create mute settings for each IP individually, you can create a target list of those IPs and then make one mute setting for that target list on your Ring devices. Read more about how to do this below or in our 1.54 release notes.
Archive
When you Archive an alarm, you remove it from the alarms list and put it into the Archived Alarm list.
- As mentioned above, Muting or Blocking will archive all matching alarms.
- When you archive an alarm, similar activity in the future will still trigger an alarm.
- If you want to review archived alarms, you can find them at the top right corner of the alarms page.
Delete/Archive All
If you'd like to remove an alarm from the alarms list, tap on "…" on the top right corner of the alarm and tap on "Delete alarm permanently." You can also tap Archive / Delete all alarms to clear all the alarms in the alarms list at once.
Please note that even if you don't do anything, all alarms will be deleted automatically in 30 days.
Filtering
If you have a lot of alarms but are only interested in a few alarm types, you can use Alarm Filters to make a list showing only certain types of alarms. The filter will be kept on your app even after you quit, so the filter items will remain selected whenever you launch the app.
All alarms will be generated normally, so if the filter is reset to "All Alarms", you'll be able to see all of the alarms.
Feedback
If certain alarms are causing problems like being too frequent or not easy to understand, you can provide feedback on that alarm and share your insight with us. To give feedback, tap on "…" on the top right corner of the alarm and tap on "Provide feedback."
Alarm Settings
Tap the Alarm Settings icon on the top right corner of the Alarms screen to further configure your alarms.
Sensitivity Tuning
Firewalla's intelligent core constantly analyzes your behavior and sends you alarms when it detects activity that’s out of the ordinary. These algorithms offer you an extra level of protection that you can control.
In Alarm settings, we've provided you with an option to tune Alarm Sensitivity so that all behavioral alarms will be generated less or more frequently. You can choose between:
- Moderate: the default sensitivity set by Firewalla
- Low: behavioral alarms will be generated less frequently
As of 1.51, only abnormal upload, video activity, and gaming activity can be tuned. Additionally, you can tune each alarm type separately.
Specific Settings
When you tap on an alarm type under Alarm Settings, there are 2 sections in alarm settings, General Setting and Mute Setting.
General Settings are applied to all devices.
- Send Both Alarm & Notification: Both an alarm and an app notification will be generated.
- Send Alarm Only: Only an alarm will be generated, but you will not receive an app notification.
- Mute All: Neither an alarm nor an app notification will be generated.
Mute Settings are where you can define exceptions.
- Mute Settings will appear under the Mute list. Currently, settings cannot be modified. If you want to modify a setting, you'll need to delete it first and then recreate it.
- You can modify Mute Settings from the Alarm Settings page by tapping on the type of alarm you'd like to mute, then selecting a mute target and the devices to which you'd like to apply the mute setting. You can also select a Target List to mute alarms based on a custom list of destinations.
- Additionally, you can modify Mute Settings from an alarm notification by tapping the Mute button and selecting "Always Mute". From there, you can select your mute target and the devices to which you'd like to apply the alarm mute setting.
Comments
15 comments
When you click on Mute in the alarm list, why does it sometimes give the option to mute for the device only, and other times give the option to mute for all devices?
Great question. I'd like to know too.
For activity or informational alarms, such as video/gaming activity, device online/offline, Firewalla provides the options to mute/block for the specific device. For security alarms, including abnormal upload alarms, the options are set to mute/block for all devices.
The reason for this limitation is that the configurations related to security alarms are considered to be more restricted than other alarms, and we couldn't provide all the combinations of IP/domains + device/all devices on the pop-up dialogue. It's a trade-off.
A more flexible version of the alarm handling design is on the way. Please be patient.
If I am not mistaken, Alarms allow '*.domain.com" syntax but rules do not.
It would be nice if the syntax were the same (and more clear in the UI).
From a user perspective, if I can be alerted to something at anything at a domain I should be able to make that into a rule.
@Michael
Sorry for the confusion, this is a display bug on Android App. Will fix it.
In fact, Mute and Block function both support "*.domain.com". If you type in "domain.com", it will be translated into "*.domain.com" and saved to the box.
Thanks @Melvin! iOS issue too.
If I get a "Security Activity" alarm that auto blocks an IP from accessing a local device because it is marked as suspicious. What happens when I "Mute Similar Activity" for "all devices"? Will the suspect IP continue to be blocked or will I just not receive a notification?
"Mute" is like ignore ...
If the action was blocked, you should not get a mute action. (only archive will show). And you can unblock if you tap on the alarm.
That does not appear to be happening.
@melvin do you get an “unblock” option on notifications if security activity? And does that apply to the one device or all?
@rob, this is likely a bug in the web interface, will ask developers to clean this up.
@Michael, Auto blocks apply to all devices. We don't provide an unblock option on the alarms because it is relatively risky to do it. But you can go to rules -> all devices -> active protect rules, and delete the blocking rule created.
Hi, for about 2 weeks I couldn't control the Firewalla app and I found all these alarms, now it shows about 365, but at least a hundred I solved them manually, so they were at least 460.
Since they are almost all "Malware Activity" security alerts and since I certainly cannot control the individual sites that are indicated to me by the Firewalla as dangerous, could it not be automatically established that the Firewalla automatically blocks all sites marked as dangerous?
Why will I block them all manually, but if I have to do it for 460 alarms I'll never finish, so you can't create an automation whereby these sites are automatically blocked?
Obviously, the solution cannot and I do not want it to be to silence the alerts, but I want to make them act automatically, without the need to intervene manually.
Is there an auto-delete/archive setting in place? Or do alerts keep building over time with no limit?
@Raul, it will be auto-deleted in 30 days.
Please sign in to leave a comment.