Am I Using Groups Wrong?

Comments

8 comments

  • Avatar
    Firewalla

    At the moment when a device is in a group, the device will take on the policy from the group.  So if you block a group, the device will be blocked. 

    0
    Comment actions Permalink
  • Avatar
    remotebloke

    Are there any plans to change this?  Currently the usefulness of groups is limited if I can't isolate a device without impacting the entire group.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Yes, I believe there is a work item, let me +1 to that request. 

    2
    Comment actions Permalink
  • Avatar
    Abbas Jaffar Ali

    I have a similar situation as OP and what I have done is created a group called "Jail" where I temporarily move a device that I need to block off the network. 

    2
    Comment actions Permalink
  • Avatar
    Dc-firewalla

    +1 to support per-device rules layered with per-group rules.  Making per-device rules mutually exclusive with per-group rules is not flexible enough when there are many devices and many rules.  And "many" doesn't have to be very large at all before the current functionality becomes a problem.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    We are going to open up restrictions on this soon. I know one person is writing a github issue for it. To prevent people from killing themselves, this may be a multi-part implementation . 

    0
    Comment actions Permalink
  • Avatar
    Gary Sargent

    Is there any update on this?

    I have some devices in a group. I can create a rule that applies to the group, but not a single device that is a member of the group.

    I want both group level and individual rules.

    Also a device can only be in one group, not multiple groups.

    Why do these restrictions exist? Surely allowing the above offers more flexibility?

     

    0
    Comment actions Permalink

Please sign in to leave a comment.