What are "Open Port" Alarms?
Open ports are UDP or TCP ports on your routers that are open to the world and can accept connections from the outside.
Firewalla Open Port Alarm is triggered by detecting ports opened by UPnP protocol.
The main purpose of UPnP is to punch a hole in your router's NAT. NAT is a service that translates a public IP into private IP by mapping ports at the transport layer ... (because IPv4 addresses are running out). This translation blocks incoming traffic to your home (somewhat like a poor man's Firewall).
For example, you have a NAS (network attached storage) device and you want to access it from outside. There are two ways to do it:
1. You manually open a port to that NAS device by doing a port mapping;
2. You use UPnP.
Why this is a problem? UPnP is silent. It is like, you buy a Roomba vacuum, and at night this Roomba vacuum will automatically open your door so the service people can help it clean out the trash, and closes it when they are done.
Some malicious software will use this capability to allow a remote attacker to gain control over devices on your network.
In general, UPnP is not bad, without it, things like video conference, VoIP, gaming may just be slower. We are not discouraging you to use it, but the first step is awareness. What this alarm does is pretty simple, it allows you to "know" which service on which device is opening ports.
Here are some applications/services often seen to open ports on home devices:
How to identify 'good' vs 'bad'?
Firewalla can only identify the name of the service, and the duration of the port to be opened.
When you receive such an alarm, it is your choice to block it or leave it there. Most services will close the open port when it is done. If you trust the service, just ignore the alarm. For example, WhatsApp is an end to end encrypted communication service. When you use its voice call or video chat, you may receive an open port alarm.
But those that permanently open itself to port 80 or 443 or 22 is asking for trouble. If you have concerns or you don't know what the service is, block it. You can always remove it from blocking rules afterward.