Feature Request: Ignoring ports

Follow

Blaz Pivk

• February 06, 2019 21:19

Basically when you run a server (which I do) you have some traffic through some ports (web server, unifi controller, file sharing services). All of that traffic triggers different alerts on Firewalla (P2P services trigger download guard and other services trigger connection guard).

It would be nice to set our devices to ignore specific ports. This would decrease the load on our devices and reduce the number of false positives. My network has one computer that has a moderate traffic flow which produces about 20 alerts daily (only P2P traffic because of torrents) and my server which causes loads of alerts that are mainly caused by backup software sending data out and different web services. 

6

• 

  Firewalla

  • February 06, 2019 22:44

  Do you mean white list say port 443 on device x?  If it matches, don't generate alarm?

  0

  Comment actions Permalink
• 

  Blaz Pivk

  • February 06, 2019 23:08
  • Edited

  Yeah something like that.

  I have a lot of ports open that I know they are ok so whitelisting let's say port 16390 for torrents would go a long way since that traffic wouldn't trigger download alerts.

  Or port 80 on a web server as it is ok if different IPs connect to it and it can be expected.

  But it would be even better if we had an option to exclude those ports from checking altogether as it would reduce the load on Firewallas.

  0

  Comment actions Permalink
• 

  Firewalla

  • February 06, 2019 23:20

  Got it, will note down the request.  This type of feature is definitely not common, so likely to be in our back log. 

  2

  Comment actions Permalink
• 

  Blaz Pivk

  • February 07, 2019 06:52

  Probably not on the reds but since the blue will be used more in an office and homelab environment where servers and high traffic associated with them are a common thing you'll probably get this requested more often.

  1

  Comment actions Permalink
• 

  Einar Bjarni Eyþórsson

  • April 16, 2019 16:18

  i would love to see this feature i get to many false alerts from my firewalla for my P2P port

  1

  Comment actions Permalink
• 

  Rastislav Švarba

  • June 05, 2019 17:39

  This feature would be really helpful.

  Or at least if port number could be shown in alarms list, so I don't need to open every alarm and then decide. So I could mute directly from list.

  1

  Comment actions Permalink
• 

  FF

  • July 10, 2019 12:20

  Same here. I keep getting these alarms because my devices are running a file synchronization agent...  

  to be more precise:

  • allow to ignore alarms based on generic pattern matching rules  by any combinations of:
    source:devices,IP, PORTS,protocols destinations:devices,IP,PORTS,protocols, example:
    ignore: source=(device=host123,ip=*,port=20123,protocols=UDP) destination=(*,*,*,*)

  right now the only 2 choices seem to be:

  • constant alarms about the open port from each device
  • disabling monitoring of the devices (which would defeat the point of using firewalla)

   

  1

  Comment actions Permalink
• 

  CHeil402

  • September 14, 2020 18:30

  I also agree this would be helpful, especially with the capability of the Firewalla Gold. I have a web server running behind the Firewalla, but it generates tons of alerts for normal web traffic (Abnormal Uploads).

  It would be helpful if you could silence alarms on a device specific basis (rather than for all devices), or if you could whitelist specific ports (e.g.: 443), or if you could set an abnormal upload threshold. For example, if a web page shouldn't be more than 2 MB, don't trigger these alarms, but if something was uploading 500 MB that would be a red flag. Thanks.

  0

  Comment actions Permalink

Please sign in to leave a comment.