Feature Request: Ignoring ports

Comments

7 comments

  • Avatar
    Firewalla

    Do you mean white list say port 443 on device x?  If it matches, don't generate alarm?

    0
    Comment actions Permalink
  • Avatar
    Blaz Pivk

    Yeah something like that.

    I have a lot of ports open that I know they are ok so whitelisting let's say port 16390 for torrents would go a long way since that traffic wouldn't trigger download alerts.

    Or port 80 on a web server as it is ok if different IPs connect to it and it can be expected.

    But it would be even better if we had an option to exclude those ports from checking altogether as it would reduce the load on Firewallas.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Got it, will note down the request.  This type of feature is definitely not common, so likely to be in our back log. 

    1
    Comment actions Permalink
  • Avatar
    Blaz Pivk

    Probably not on the reds but since the blue will be used more in an office and homelab environment where servers and high traffic associated with them are a common thing you'll probably get this requested more often.

    1
    Comment actions Permalink
  • Avatar
    Einar Bjarni Eyþórsson

    i would love to see this feature i get to many false alerts from my firewalla for my P2P port

    0
    Comment actions Permalink
  • Avatar
    Rastislav Švarba

    This feature would be really helpful.

    Or at least if port number could be shown in alarms list, so I don't need to open every alarm and then decide. So I could mute directly from list.

    0
    Comment actions Permalink
  • Avatar
    FF

    Same here. I keep getting these alarms because my devices are running a file synchronization agent...  

    to be more precise:

    • allow to ignore alarms based on generic pattern matching rules  by any combinations of:
      source:devices,IP, PORTS,protocols destinations:devices,IP,PORTS,protocols, example:
      ignore: source=(device=host123,ip=*,port=20123,protocols=UDP) destination=(*,*,*,*)

    right now the only 2 choices seem to be:

    • constant alarms about the open port from each device
    • disabling monitoring of the devices (which would defeat the point of using firewalla)

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk