Articles in this section

See more

Manage Alarms

Avatar
Melvin Tu
  • Updated
Follow

To support Firewalla key features like cybersecurity protection and parental control, the little red box analyzes network traffics and raises alarms to notify the user with related activities, such as:

  • Connecting a new device
  • Possible cyber attacking 
  • Abnormal uploading
  • Playing a game
  • Watching video
  • Accessing adult content website
  • Connecting to VPN Server
  • Malware Download
  • Open Port

 

Here are some tutorials on how to handle Alarms. Unless specified, alarms are default allow until blocked.

 

Alarm Settings

Tap on "Tuning" icon on the top right corner of alarm UI to enter Alarms Settings Page.

Alarm Settings is where you configure two things:

  • whether you want the box generates a certain type of alarm or not
  • whether you want to receive App notification or not

You can create or delete alarm settings directly under Alarm Settings -> each Alarm Type.  Or you can do it when click "Allow" button in alarm page. 

There are 2 sections in alarm settings, General Setting and Specific Setting.

General Setting is applied to all devices. 

  • Send Both Alarm & Notification:  Both alarm and App Notification will be generated.
  • Send Alarm Only:  Only alarm will be generated, but you will not receiver App Notification.
  • Mute All: Neither alarm nor App notification will be generated.

Specific Setting is where you define the exception, to mute Alarms on a specific device and/or on a specific domain. 

Tutorial: How to mute Alarms on a device when accessing a certain subnet?

mceclip0.png     mceclip0-1.png

 

Alarm Handling - Allow

The "Allow" button on alarms UI means, you understand the activity and are OK to archive it.

Under the alarm that you want to Allow, tap "Allow" button. Determine whether to allow for one time only, a specific domain, or a certain kind of activity, then tap on the choice.

mceclip2.png     mceclip3.png

  • Allow this time - this option will archive this alarm one time.  Similar behavior happens again in the future, you will still receive alarms.
  • Allow domain / Allow xxx activity - these options will archive not only this alarm, but also archive all similar alarms you see in the alarm list.  In addition to that, these options will create a new rule in alarm settings under the corresponding category alarm's "specific setting" section.  Similar behavior happens again in the future, you will not receive any alarm.

For example, if you choose to "Allow Chris' Laptop to access *.googlevideo.com", Firewalla will generate a specific mute rule in Alarm Settings -> Video Activity, which results no alarm will be generated and sent when Chris' Laptop access *.googlevideo.com. 

mceclip8.png     mceclip9.png

 

Alarm Handling - Block

The "Block" button on alarms UI means, based on the alarm details, you determine it is unsafe to access the site, you want to block it for future access. 

Under the alarm that you want to Block, tap "Block" button. Determine whether to block this device / all devices from accessing an IP address, a specific domain, or a certain type of activity, then tap on the choice.

mceclip14.png     mceclip13.png

  • All blocking options will archive not only this alarm, but also archive all similar alarms you see in the alarm list.  
  • All blocking options will also create a blocking rule to the little box.  Similar activity happens again in the future will be blocked automatically by Firewalla.  The generated rule can be seen in "Rules" UI.
  • The difference between block domain / block site / block IP address boils down to the number of IP addresses to be blocked (Domain > Site > IP address). 

To view generated blocking rules, checked out this article: learn more about Rules.

 

Alarm Handling - Detail

If you need more help on this alarm, just click the alarm once.  It brings up an alarm detail page, more information related to the alarm can be seen here, such as site registration, location of the server, previous 6-hours data transfer between your device and that site, and even Firewalla intelligence service suggestion regarding to this transfer. 

When determining whether an alarm is "good" vs "bad", it is both a science and an art. 

Tutorial: How to handle abnormal upload alarms 

mceclip11.png 

 

Alarm Handling - Archive

As mentioned above, the action of either Allow or Block will archive all matched existing alarms.  If you want to review these alarms, they can be found at the bottom of the alarm list.

mceclip6.png

 

Alarm Handling - Delete

If you'd like to delete an alarm, tap on "…" on the top right corner of the alarm, you'll find the action of "Delete alarm permanently".

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk