MSP Active Protect is an extension of the Firewalla Box’s Active Protect. 

By leveraging extended data visibility (30-day or 180-day flows) and machine-learning-based Firewalla Intelligence running inside your MSP instance, MSP Active Protect can help you analyze your network’s behavior and optimize your alarms.

MSP Active Protect is currently in the beta stage. Since alarms can be generated or archived in multiple ways, we continue refining how the analysis results are presented. During the beta stage, the algorithms used are much less aggressive.

This feature is only available with Firewalla MSP Professional or Business. Try 3 months for the price of 1. Cancel anytime.

In MSP 2.10.2 or later, MSP Active Protect requires Firewalla AI.

MSP Active Protect

Imagine you have a smart security camera outside your home. When you arrive home each day at 6PM, your camera detects this motion and uploads the data to its cloud. The Firewalla App then sends an alarm indicating an abnormal upload from the camera. Since the Firewalla App only retains flow data for 24 hours, your daily arrival always appears abnormal.

Firewalla MSP, however, offers 30- or 180-day data retention, providing more information for Firewalla Intelligence to analyze. MSP Active Protect can analyze your security camera’s upload behavior over the past 30 or 180 days to identify normal patterns.  

It adds two new features:

• Alarm Optimizer: Automatically archives alarms identified as normal behavior. This feature improves the accuracy of your alarms and reduces false positives. 
• Advanced Behavioral Alarm: Generates new alarms and identifies new anomalies. This feature ensures that you focus on the important alarms and take notice of behavioral anomalies.

How to enable MSP Active Protect

In MSP 2.10.2, you'll need Firewalla AI enabled on MSP. Click Protect on the left navigation panel and enable Firewalla AI. Note that Firewalla AI is a global MSP feature and must be enabled on all boxes.

• Firewalla AI is optional. AI-generated content may not always be accurate or complete — always verify important information before taking action. Learn more about Firewalla AI here. 

Once Firewalla AI is enabled, MSP Active Protect is enabled by default. Click Protect on the left navigation bar to turn on/off Alarm Optimizer and Advanced Behavioral Alarm. 

• Only available to boxes in 30-Day and 180-Day Flows seats.

The Protect page will display charts for the number of alarms archived or generated over the past 30 days. The Alarms page will also display a Security Alarm Summary chart on the right side. It shows:

• Advanced Behavioral Alarms: Alarms triggered by anomalous network behavior.
• AI Auto-Archived: Alarms that Firewalla AI has automatically archived.
• Needs Review: Alarms that AI has analyzed but not archived, requiring your attention and action.

Click on the chart to filter the alarm list by type, helping you focus on what matters most. 

If Alarm Optimizer is enabled, a Show Critical Alarms button will appear next to the alarm settings, displaying all alarms that Firewalla AI has analyzed and recommended for blocking. 

While AI flags these connections as suspicious, always review the details and use your own judgment before deciding to block any connection.

Firewalla AI Analysis

If Alarm Optimizer is enabled, Firewalla AI will actively analyze all Security Activity and Abnormal Upload alarms, evaluate risk, and identify suspicious connections.

For alarms analyzed by MSP Active Protect, the alarm details may include:

• AI Assessment: Whether the activity is considered Suspicious, Possibly Suspicious, or Low Risk.
• Recommended Actions: For Security Activity alarms assessed as suspicious, AI will recommend blocking the connection or investigating further.
• Firewalla AI Analysis tab: Displays a summary of the AI analysis, key intel about the connected destination or source, and reference links so you can verify the findings before taking action.