Can you explain DHCP mode a bit better?
Does the DHCP mode turn the Firewalla into a DHCP server?
And secondly, if I am in that mode, is there a way to block access to new devices until approved?
-
DHCP mode is a mode to intercept traffic using an overlay network. See this for details
https://help.firewalla.com/hc/en-us/articles/115004292514-How-does-Firewalla-Intercept-Traffic-
https://help.firewalla.com/hc/en-us/articles/115004304114-Monitoring-DHCP-Mode
As of blocked access to a new device, until approved, we will likely think about it later. It is not difficult to do, but problem is, any policy enforcement will cause problems.
-
How would that cause problems? Seems simple enough to me... "Device X is requesting an IP and is unrecognized. Allow? Deny?"
Allow gives it an IP and it goes on it's merry way. Deny blocks it and "No Internet For YOU!"
I do this now by manually editing dhcpd.conf by hand (I don't hand out addresses freely, only approved devices get IPs and those are assigned by MAC).
OH, but maybe you mean it would cause problems in how you handle it via an an overlay instead. Maybe the answer there is to make it a pure DHCP server instead of an overlay, and have users disable DHCP on the router or elsewhere to avoid the issues of dueling DHCP servers.
I've been up too long, time to stop playing.
On a positive note, I LOVE the fact that I can power this off the USB port on my router. And so far, I love this thing, it's definitely one of the best kickstarters I've ever backed! -
Jeff, our issue here really is tailoring Firewalla to all consumers. We have seen users in our trials that blocks everything that pops up ... (we had to put a warning in some situations and say ... this may cause an issue if blocked wrong). So until our cloud side is mature, we are not going to turn the automation part into high gear. And yes, we do have some tensor flows going on, trust me, AI is a long way off from that thing in Matrix or the Borg.
-
So I'm going to have to turn on DHCP mode because it looks like my router is not supported for simple mode.
I can turn off DHCP on my router without an issue.
What do I do with all the fixed IP address devices on my current 192.168.2.X network? I don't want to switch them to DHCP so do I leave them on the current network and leave the Firewalla DHCP Network (FWN) for more Wifi and transient devices? I assume this means that the fixed IP devices won't be monitored? It does not look like there is a way to reserve/assign IP addresses on the Firewalla Network. I assume if I leave the printer on the fixed IP network, that it will still be able to talk to devices on the FWN?
Lastly, I assume I should leave the router and AP on the existing fixed IP network.
Thanks,
Saurabh
-
If you have fixed addresses that's already configured with your primary network, just leave them there. They just won't be monitored. There is a band in the DHCP mode network that's reserved, you can use those for sure. (192.168.218.2 -> 192.168.218.49).
On the printer part, depend on how the printer is discovered, if it is done using ethernet broadcast, then you won't be able to see it inside the FWN. If it is addressed via IP, then you should be fine. Give it a try and see.
If your printer is inside FWN, and your device is outside, it is a lot harder.
-
I'm ok leaving a bunch of these devices outside or migrating them over time. I assume the router and the AP should stay on the ...2.X network? Also, a bunch of the fixed IP devices are IOT devices: Wink Hub, Smart Switch, IP Camera,..., do you suggest moving them now, wait till the beta is complete, or never?
-
Yes, the router and AP should be old IP.
A better analogy for the DHCP mode (it is really not DHCP, DHCP just issue the new UP addresses) is we create a new network inside of your network. When this happens, you can either attach to your old network or the new network without switching cables around.
The device should be able to handle these devices, you can switch anytime. Or in any combination.
Please sign in to leave a comment.
Comments
7 comments