Firewalla Gold Grinds to a Halt
So I've been using the Firewalla Gold since the end of 2022. I love the device but I have noticed a pattern of behavior that would be nice to have resolved.
Over the past few months there have been several instances in which the whole device seems to stop routing both local network and internet traffic and the only recourse has been to completely reset the box to factory defaults then migrate the configurations back in.
What I have noticed is... this tends to happen when there are a massive amount of blocked flows for an extended period of time.
Here is the scenario. Both kids have been grounded for an extended period of time recently. This means I block internet on the Kids network and their devices. I also block some of the media devices as well. When this happens we generate over 1 million blocked flows a day.
It seems that when over 1 million blocked flows per day get racked up over many days... the box will eventually grind to a halt.
Am I on the right track with this theory? If so, what can we do to clean this up and prevent the grinding halts?
-
1 million blocked flow average to 11 blocked flow per second, which should not be an issue for firewalla.
What you need to look for is when the system is on halt, is the LAN still up or not. (LAN traffic does NOT go through firewalla, so ... you have a wifi problem) If LAN is up and WAN is down, you need look at https://help.firewalla.com/hc/en-us/articles/4413440772883-App-Release-1-49-Network-Performance-and-Quality
Rarely, I also remember seeing teenagers messing with routers by attacking them ... that's a totally different problem
-
When it halts there is no traffic period. Can't ping any devices on the LAN. No local networks can talk to any other local networks. No networks can talk to the internet. Firewalla box is unreachable via the app whether on WiFi or not and unreachable via my.firewalla.com.
My kids are no where near a knowledge or skill level to attack the network so I'm confident that is not a factor.
This is an issue with the Firewalla for sure. This has never happened before owning a Firewalla and is immediately resolved by a factory reset of the Firewalla. I've executed this process flawlessly 3 times now in 4 months. In each of the 3 cases - kids were grounded for extended period of time and Firewalla was blocking over 1 million flows per day for weeks. A pattern is a pattern.
-
Do you have multiple segments on your network? if you do, if you ping from the same segment to another device on the same segment, can you ping them?
Next time it happens, please do not reset, I'd suggest go through some of this https://help.firewalla.com/hc/en-us/articles/360053534593-How-to-debug-network-connectivity-issues-
And also the network performance and health, if you can't find anything, then please open a case, we can look the inside logs
-
Yes I have multiple segments. As mentioned before, no traffic period. I cannot ping any devices anywhere on any segment or on the same segment.
I have done all of those network troubleshooting issues the first two times this happened. It's not a WAN issue, it's not a WiFi issue. It's not a cable issue. Nothing gets routed anywhere. Reboots don't work, not with the fiber modem, firewalla, network switches, nor access points. The only fix seems to be the reset.
As for the next time this happens I can't wait around and open a case. I work from home so when this happens, priority one is to get operational immediately because I miss work meetings when this happens. It never seems to be on a weekend.
I would assume you have a test lab. Have you tried setting up a test to block a million flows a day for several weeks? Perhaps you will then run into the problem as well.
-
Unfortunately, unlike in the past, the factory reset has left me in an unstable situation. I continue to have problems today. Everything is very intermittent. Here is a ping of the Firewalla. This same type of random unavailability is happening across many networks and devices.I keep getting dropped from Teams meetings, the email server keeps disconnecting and reconnecting. My abillity to control my key light (on the IOT network) from my work laptop (work network) is just as spotty as everything else.
I have a streamdeck in which I customized an icon to push a button to turn the keylight on and off. I am watching this button toggle quite frequently between connectivity and no connectivity to the light.
Please help...I'm about to lose the whole workday due to this.
-
Support didn't get back to me until later last night so I had to go ahead and factory reset again before they reached out. The first factory reset yesterday morning didn't take well. Network communication returned but it was very choppy. I couldn't sustain any video or audio calls in MS Teams and traffic between network segments was mostly non-functional. Within about 2 hours there was no network traffic again. From noon to 4:30 I was dead in the water.
I waited for support to reach out until about 4:30 until it looked like support was not going to be reaching out within working hours. Around 4:30 or so yesterday I did the factory reset again and everything came back blazing fast as usual. It has held all night and is functioning as expected this morning.
I'll say this from a support perspective though... this box is $500. I spent a significant amount of money on this box and completely revamping my home network with Ubiquiti equipment to co-exist with this device and support VLANs. This thing is great... but there is something wrong and I was not able to get support in a timely fashion yesterday. Being unable to speak to someone on the phone yesterday exposed a major issue for me. I feel like I either need to be able to pay for phone support or maybe even purchase a 2nd Firewalla to have onsite in case of failure and no ability to get timely support.
I'm at four factory resets in four months. I CAN factory reset the device one a month or so... but I feel I shouldn't have to do that.
I'm not saying that 1 million blocked flows per day for multiple days is the "cause". But there seems to be a correlation. I could be completely off base with my theory but something happens to this device where about every 5 or 6 weeks I have to do a complete factory reset to get the network operational again.
We should get to the bottom of why this thing just stops routing traffic and becomes completely unavailable. I really love the Firewalla and I want to work with your support team to figure out what the issue is and get it remediated. As much as I love this thing I'm hesitant to recommend this device to others (who seek me out for technical recommendations and issues) until I understand more about this problem and it's resolution.
So how can I speak to someone about this on the phone?
-
I am reading the thread in support; what they need is to get support access and dig into the box earlier. Since you did a reset, that support access was gone. Would it be possible to grant support again?
I've also talked to our software lead, they will need to identify the problems from logs, so there may be a way to send info to us even if support is not there. Please remember, this is one of those more difficult problems, since we already escalated you to tier 3, you are in good hands.
Please sign in to leave a comment.
Comments
12 comments