Block new device until approved
Is there a mode that allows me to block access to a device until it is approved inside of the firewalla app? I ask because I am noticing a couple devices showing up on my router, but they are not showing in the devices list on firewalla. I am hoping to figure out why there is a discrepancy, but at this point it would be good just to be sure that any new device doesn't have access to call out until I approve it.
Maybe call it "paranoid mode".
-
I can see that logic. That was why I was thinking that it could be an option that you only turn on when you want to make sure that nothing on the network can "call home" when you are in this mode. I guess if all my devices were showing in the firewalla devices list I wouldn't be so worried, but the fact that my router is showing them, but the firewalla isn't makes me nervous.
-
We are curious on the devices that only shows up in the router. Firewalla does pretty deep scans, and pretty sensitive to any kind of packets. Do you happen to know what these devices are? (we have seen virtual interfaces inside the router works this way)
I've logged your request already, will see if someone want to work on it.
-
I don't. Those devices aren't showing on the network currently that I can see. I was originally thinking that they might be from my vmware esxi box, but the mac addresses from that are in sequence. Or at least the first three octets are anyway. The weird part is that if I see a notice for any device I always make sure I know what it is before I approve it. But I don't check everyday so maybe it showed as an alert and then I didn't allow it. My hope is that it would show up under devices approved or not, but signify as such. However, the ones in question aren't even in the list of devices so the only way to know is to catch the device.
-
Stacy
The device will show up regardless in the device list. One possibility is router may be tracking IP addresses, and the same device may have different IP's. We can dig this further if you want. Feel free to send us a email at help@firewalla.com, we likely will ask you for support access to your box
-
We had this type of feature before ... but the problem with that was, people always forget and then you get connection problems ... then problems come to us. So, we revert it back to allow and block if you care. Having these knobs also costs engineering, so we decided to go with allow and if you care, block it, model.
-
When I first purchased my blue this functionality was in place, and it was one of the reasons purchased the product as my router was failing miserably at this functionality. It's a bit disappointing that the feature was stripped out without being an option, and the suggestion to disallow after connected is very different in both management of devices and end user perception. Now I'm back to looking for a device that will support the deny until allowed.
-
Hi, I just bought a Blue to replace a FingBox and don't see any option to turn on blocking by default (also signed up for beta), the option to switch on a secure by default approach that FingBox uses seems much more sensible to me, fine if you leave it off by default like FingBox does, but not to have it is a miss... I'm wondering if I should plug my FingBox back in...
-
Heard you all, loud and clear. We initially build the feature to block and approve. And now we are changing it a bit to have the device placed into a group. And that group, you will be able to configure 'any' policy you want on it. The change should not be difficult, and we are hoping to get it out in 30 days to beta.
-
Thank you firewalla. This will be helpful (esp with changing MAC addresses).
Would you consider adding the ability to alert in rules? For example, a rule that says for any new device:
- allow internet only.
- alert admin a new device has joined.
this will allow someone to have some basic connectivity right away and then be granted more. I could imagine a different circumstances where people would not want to be notified like when someone joins a guest WiFi network.
-
Would be nice to have either or option for this.
At least if blocked until approved is checked/switched could potentially stop hackers temporarily anyway. May place this under the advanced area.
Then if the Block Until option is chosen, then grey out the option to approve until blocked.
The first would allow the end-user the ability to have ultimate control of their internet access. So I think that would need to be under the advanced user area. But initial install would default to the allow until blocked option.
$0.02
-
As of today, 8/25/2020, the code is ready, and it is getting staged into early access release. The team got tied up with Indiegogo Gold support cases ... So we decide to push back the release until we can take a breath. If you are interested, please sign up for early access on the gold https://help.firewalla.com/hc/en-us/community/posts/360046872134-Early-Access-Onboarding
Please sign in to leave a comment.
Comments
39 comments