While trying to assign a static IP to firewalla on my router's DHCP table (ASUS AC88U), I noticed that firewalla's MAC was associated with the IP of other devices (since it relies on spoofing)... This leads me to a few questions:
- is it still safe to assign a static IP to firewalla on my router DHCP table?
- if firewalla spoof the MAC of my network switch, does it mean that when 2 devices communicate between each others through 2 ports on the same switch the very same traffic is also being forwarded to firewalla, bypassing the switch backplane, causing all the traffic to get recombined like a dummy network hub would do?
- In the same logic wouldn't it make sense to instruct firewalla to ignore plain switches and AP since they are "mostly passive" devices?
- if firewalla relies on spoofing it will compete with legitimate ARP registration from other devices, as a result it will keep losing some packets from time to time as the MAC table on the switches will keep getting updated by legitimate clients as well, isn't it?
- In fact as a follow-up from (2) above, if I were to setup an evil kali on my own LAN using the very same spoofing technology, wouldn't this likely take over all the traffic out of the firewalla (assuming the H/W of the evildoer is significantly faster) and render the device useless?
- Ideally, I would like firewalla to only inspect/intercept traffic between my devices and my ISP and ignore inter-LAN-only traffic... wouldn't it make more sense to setup the firewalla as the internet router entry point? that way it only sees relevant traffic?
- since firewalla doesn't understand VLANs, is there a way to configure a network switch using VLANs such that:
- router's lan port is a member of the real-LAN VLAN & inspection VLAN
- firewalla is a member of the inspection VLAN only
- other devices are members of the real-LAN VLAN only
- would that allow firewalla to only inspect the outgoing traffic and not adversely impact LAN-only traffic.
Please sign in to leave a comment.