Feature Request: Ignoring ports

Comments

8 comments

  • Avatar
    Firewalla

    Do you mean white list say port 443 on device x?  If it matches, don't generate alarm?

    0
    Comment actions Permalink
  • Avatar
    Blaz Pivk

    Yeah something like that.

    I have a lot of ports open that I know they are ok so whitelisting let's say port 16390 for torrents would go a long way since that traffic wouldn't trigger download alerts.

    Or port 80 on a web server as it is ok if different IPs connect to it and it can be expected.

    But it would be even better if we had an option to exclude those ports from checking altogether as it would reduce the load on Firewallas.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Got it, will note down the request.  This type of feature is definitely not common, so likely to be in our back log. 

    2
    Comment actions Permalink
  • Avatar
    Blaz Pivk

    Probably not on the reds but since the blue will be used more in an office and homelab environment where servers and high traffic associated with them are a common thing you'll probably get this requested more often.

    1
    Comment actions Permalink
  • Avatar
    Einar Bjarni Eyþórsson

    i would love to see this feature i get to many false alerts from my firewalla for my P2P port

    1
    Comment actions Permalink
  • Avatar
    Rastislav Švarba

    This feature would be really helpful.

    Or at least if port number could be shown in alarms list, so I don't need to open every alarm and then decide. So I could mute directly from list.

    1
    Comment actions Permalink
  • Avatar
    FF

    Same here. I keep getting these alarms because my devices are running a file synchronization agent...  

    to be more precise:

    • allow to ignore alarms based on generic pattern matching rules  by any combinations of:
      source:devices,IP, PORTS,protocols destinations:devices,IP,PORTS,protocols, example:
      ignore: source=(device=host123,ip=*,port=20123,protocols=UDP) destination=(*,*,*,*)

    right now the only 2 choices seem to be:

    • constant alarms about the open port from each device
    • disabling monitoring of the devices (which would defeat the point of using firewalla)

     

    1
    Comment actions Permalink
  • Avatar
    CHeil402

    I also agree this would be helpful, especially with the capability of the Firewalla Gold. I have a web server running behind the Firewalla, but it generates tons of alerts for normal web traffic (Abnormal Uploads).

    It would be helpful if you could silence alarms on a device specific basis (rather than for all devices), or if you could whitelist specific ports (e.g.: 443), or if you could set an abnormal upload threshold. For example, if a web page shouldn't be more than 2 MB, don't trigger these alarms, but if something was uploading 500 MB that would be a red flag. Thanks.

    0
    Comment actions Permalink

Please sign in to leave a comment.