Devices misidentified by alarms
Periodically I get alarms for devices on my network that I know are mistaken; for instance, wife's work laptop gaming on Pokemon.com. Definitely a false alarm most likely attributed to another device on my network. How can I solve this?
I'm currently running the red in simple mode with a TP-Link Archer A7. Do I need to run in DHCP mode?
-
A few things to check
1. Make sure the laptop doesn't have a browser tap or an app that access pokemon.com ... hidden browser tabs will load things. And Firewalla is very sensitive to gaming, porn, and video alarms.
2. Check your router and make sure DHCP lease time is relatively long. (don't set it as one hour ...)
DHCP mode will help since the DHCP assignment will be done by firewalla. (this only solves problem 2)
-
I can say with certainty that the device in question has never hit any of the gaming sites for which I've seen alarms. I know other devices on my network routinely use these sites. That's why I'm thinking it must be a lease issue. I'll take a look at the settings on my router.
If the lease time is relatively long, is Firewalla able to identify lease changes on devices more easily?
-
If the lease is relatively long, the problem will happen a lot less. This "bug" is just a timing issue where we account based on source IP (because for that short duration, we don't have the MAC, or can't rely on the MAC address). Likely this is getting fixed in a future release, will double-check it.
-
Thank you James. That's a good point I hadn't thought about. It's still not a possibility in this instance though as my wife doesn't even access personal mail on this computer.
Also good info from Firewalla. After checking, it looks like my lease is set to renew every 2 hours. I can adjust it up to 48 hours. Is there any reason not to set it to the maximum time in hopes of squashing this behavior?
Please sign in to leave a comment.
Comments
7 comments