Firewalla: New Device Quarantine

To enable this feature: tap on the "+" button on the main screen, and turn on "New Device Quarantine"

With New Device Quarantine turned on, all new devices joining the network will be automatically placed into a Quarantine group, and an alarm will be generated. You can: 

• Control the quarantine group with any rules/policies (controlling adult content, to games) and use smart queues to rate limit devices (available on the purple/gold)
• Have full visibility of the quarantined devices.
• Freely remove devices from the Quarantine group.

Please note that for devices that change MAC address at random (e.g. iOS 14+), Firewalla will recognize them as a new device every time the MAC address is changed. So you can leverage this to prevent devices to get around with specific blocking rules and build a super guest network for home and work. If you don't want your device to be quarantined every once in a while, you'll have to disable the random mac feature on your device.

To turn on this feature:

• Go to your Firewalla main screen.
• Tap on the "+ " more button.
• Tap on New Device Quarantine and turn it on
• Go back to the main screen, tap on Devices, a Quarantine group will be created on your devices list.
• This feature can be turned on for specific networks on Firewalla Gold and Purple.

To configure this feature:

New Device Quarantine creates a Quarantine group, with a set of pre-defined rules to block new devices from accessing the internet and other segments of your network.

• Block Traffic from & to Internet
• Block Traffic from & to All Local Networks (Gold/Purple Only)

Like any other device group, the rules applied to the "Quarantine Group" can be customized.  You can add or modify the default rules.  You can add or remove members from this group like any other firewalla device group.

If the Quarantine group is deleted, the feature will be turned off, and vice versa. 

All devices being quarantined will join the device group: Quarantine. To leave the group and release the device from quarantine, you can simply swipe left and tap "Leave Group". 

Notes:

Since the quarantine group is a virtual group, firewalla will not be able to control traffic from the new devices to your LAN. If you do want to control LAN access, please see network segmentation. 

Please do remember if you have "quarantine on" when you are installing new devices. We've seen too many cases, where new devices are quarantined and failed to be installed on the network.