Products Firewalla Gold Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Blue Plus Firewalla Wi-Fi SD Product Comparison Product Reviews

What is being uploaded to firewalla.com?

Follow
Avatar
George Wilhelm

So after having firewalla running for a day, it is catching itself uploading data to firewalla.com.  Last time it was over 300 MB.  Can anyone tell me what exactly is being uploaded?

0

Comments

6 comments

Sort by Date Votes
  • Avatar
    Firewalla

    There should be no upload to Firewalla.com.   That domain is mainly for your ddns and our administrative web servers.   There is another domain which is firewalla.encipher.io, which we use for our cloud cluster.

    The uploads are consists of following:

    1. Periodically checking for security intelligence.  (sending a hashed header)

    2. Aggregated 'behavior data' which is again, a bundle of hashed header.   This happens once per 15 min, should be low volume.

    3. And daily there may be some side traffic to check your device health.  this data is small.

    The only time we see data goes higher is through P2P use.   The flows will increase the transmission of traffic. (p2p uses many destination addresses, which causes more lookups.)

    If you are using P2P, we do advice to put that device into none monitoring mode.   Otherwise, the cloud side may throttle the lookups. 

    If you are not using P2P, feel free to send a note to help@firewalla.com by

    [launch app, tap on gear, tap on support, tap on send us email] 

    By hash: 

    We take the SHA256 of the ip header (source/destination).  

     

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    George, just saw your other thread.  The 300MB is likely from your VPN traffic to Firewalla. 

    0
    Comment actions Permalink
  • Avatar
    George Wilhelm

    Doh.  That was exactly it.  I should have guessed that myself, but verified it experimentally.  

    So far... I am really impressed with this little device.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Thanks, George!  Will relay your feedback to the team.  Enjoy the product, we put a lot of our heart into it.

    1
    Comment actions Permalink
  • Avatar
    Qilius
    • Edited

    Did some research myself after installing the blue box. In almost 12 hours it is requesting the domain firewalla.encipher.io 6.950 times. That is roughly 10 times per minute or every 6 seconds!

    I'm using the latest stable release being May 25, 2020 and App 1.37 (85).

    Please explain, thank you.

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    If the 6950 is the number of DNS requests from Firewalla, then it does NOT mean there is always a transfer.  It simply says firewalla is asking your DNS server what's the IP of firewalla.encipher.io ...   Firewalla has code inside which periodically tests DNS connectivity, which is likely why you see the spike.

    Now, before 1.97, there is a bug, in certain situations, this DNS check may become too aggressive, as in your case. (we made this way to detect routers gone bad).  1.97 and later, this problem should be fixed. 

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post