Feature Request: Ignoring ports
Basically when you run a server (which I do) you have some traffic through some ports (web server, unifi controller, file sharing services). All of that traffic triggers different alerts on Firewalla (P2P services trigger download guard and other services trigger connection guard).
It would be nice to set our devices to ignore specific ports. This would decrease the load on our devices and reduce the number of false positives. My network has one computer that has a moderate traffic flow which produces about 20 alerts daily (only P2P traffic because of torrents) and my server which causes loads of alerts that are mainly caused by backup software sending data out and different web services.
-
Yeah something like that.
I have a lot of ports open that I know they are ok so whitelisting let's say port 16390 for torrents would go a long way since that traffic wouldn't trigger download alerts.
Or port 80 on a web server as it is ok if different IPs connect to it and it can be expected.
But it would be even better if we had an option to exclude those ports from checking altogether as it would reduce the load on Firewallas.
-
Same here. I keep getting these alarms because my devices are running a file synchronization agent...
to be more precise:
- allow to ignore alarms based on generic pattern matching rules by any combinations of:
source:devices,IP, PORTS,protocols destinations:devices,IP,PORTS,protocols, example:
ignore: source=(device=host123,ip=*,port=20123,protocols=UDP) destination=(*,*,*,*)
right now the only 2 choices seem to be:
- constant alarms about the open port from each device
- disabling monitoring of the devices (which would defeat the point of using firewalla)
- allow to ignore alarms based on generic pattern matching rules by any combinations of:
-
I also agree this would be helpful, especially with the capability of the Firewalla Gold. I have a web server running behind the Firewalla, but it generates tons of alerts for normal web traffic (Abnormal Uploads).
It would be helpful if you could silence alarms on a device specific basis (rather than for all devices), or if you could whitelist specific ports (e.g.: 443), or if you could set an abnormal upload threshold. For example, if a web page shouldn't be more than 2 MB, don't trigger these alarms, but if something was uploading 500 MB that would be a red flag. Thanks.
Please sign in to leave a comment.
Comments
11 comments