how do firewalla devices change the network topology to other devices in the network.
I am a retired Cisco engineer (this last year), and for kicks have been testing this device in a sandbox environment i created using a FW gold (in router mode) and FW blue (in simple mode) on my home network. I set up the gold with a subnet on port 2 (vlan 2) and added several devices and a wifi AP to this second network for testing. Then added the blue+ to the sandbox vlan 2 network test its functionality in this subnet from its own perspective, and FW golds perspective since its also monitoring.
Also, this is only a test and would never be a good use case for two FW devices in line like this.
I did notice one artifact that you might be able to explain quickly.
If i have the FW blue monitoring turned on in this subnet (.46/24) the FW blue sees all devices connected as expected.
But If I look at the lan 2 list of devices on the FW gold, only some (2-3) of the 7 devices will ever show up as found devices, even though it is monitoring that subnet. Adding and removing devices dont get discovered by the gold,,,,only the blue discovers them when both are monitoring the same subnet.
If i turn off monitoring on the FW blue (still powered but not monitoring) then all the devices will show up in the FW gold's device list from that subnet. If i turn back on monitoring then the FW gold again cannot monitor that subnet correctly.
Also if you look at the alerts on the FW gold is indicated much (in some cases all) of the traffic from the specific devices is actually coming from the firewalla blue itself.
This kind of makes sense if the FW blue is dns spoofing and replying for the actual devices. Can you help me confirm it because the FW gold is getting blocked somehow from seeing the full list of devices when FW blue is present and monitoring.
Again this is a test setup for observing network behavior and not an actual deployment.
I bought one of each model (Red, Blue, Blue+ and gold) for my testing and for family gifts.
Great product line!
M S Horner
-
If you are running the blue in simple mode, it will arp spoof the router, here it is spoofing Firewalla Gold. This is the reason you see traffic and devices differently on the network. We don't advise doing this, since the Gold is already capturing all devices, and spoofing it will cause it to be not correct.
More on spoofing here https://help.firewalla.com/hc/en-us/articles/115004292514-How-does-Firewalla-Intercept-Traffic
Please sign in to leave a comment.
Comments
1 comment