Device blocked from/to internet still shows traffic data
Using a Gold and have a rule that blocks traffic from and to internet for a device.
1. However, after some time, in the network flows, there are records that the device has accessed the internet and there's outbound traffic. How is this so? Or did I read the table wrongly?
2. Also, can I clarify about rules:
a.) If a device has segment rules A, B, C but is also in a group with rules X, Y, Z, it will apply all A, B, C, X, Y, Z as long as there are no conflicts?
b.) Also, repeated rules showing up because they come from different segments/groups are ok and as per design?
For e.g. a device in segment has segment rules A, B, C, but it's also in a group that has group rules A, Y, Z. In this case, checking the rules page for the device will show that it's using rules A, B, C, A, Y, Z, where A is listed twice.
c.) Finally, using above e.g., if group rule Z conflicts with segment rule in A, am I right to say that Z will take over and A is ignored?
1. Are these outbound traffic UDP traffic? The UDP traffic is actually dropped by Firewalla. The number you see in the statistics shows the attempts that the device has made to send data via UDP. The real data transfer does not happen.
2. a) yes b) yes c) yesComment actions
I know the traffic stats will show details like inbound/outbound, destination IPs, ports (and for common protocols, whether it's ntp, etc.) -- but it doesn't list if the traffic is TCP or UDP, right? Unless I'm looking at the wrong place.
In my case, at first glance, they look like CoAP traffic, which is usually UDP, so that's what I'll assume at this stage. But since such traffic can also be over TCP, I can't confirm unless I do my own detailed scan. Is Firewalla able to present such details?
Please sign in to leave a comment.