Feature requests and question
A Question and 2 feature requests:
Feature request:
Block a domain range or a specific service.
My daughter plays Roblox and the number of IP's they use is staggering. Seeing abnormal uploads every hour and blocking all the IP's one at a time is very annoying. This is on my new Gold, don't think I had to do this on my Red or Blue devices.
Question:
Getting these same alerts at 3AM when I know her machine was turned off much earlier than then. I have double checked the MAC address to confirm it is alerting the correct machine. Why would an abnormal upload alert come in hours after the machine is off? The Gold is running in DHCP mode.
Feature Request:
Please change the way we get to the new web interface.
Scanning that QR in from a phone is crazy. I can spend 10 minutes trying to get the perfect angle, lighting just to have it tell me invalid QR code. When it works the webpage is awesome. Maybe have a numeric verification code instead or a way to manually get to it internally?
-
Abnormal uploads are historical ... and they also aggregate a bunch of flows. You can see this https://help.firewalla.com/hc/en-us/articles/360020926913-Abnormal-Upload-Alarms-Tutorial
The QR code scan should be fairly quick, if you can't scan it, likely there is a bug in the app. Can you let us know what phone you have?
-
No, this is the QR login when trying to use https://my.firewalla.com/#/login
You seem to need to scan it in every time you try to use the web console.
-
Will ask our dev to check the Android phone on that
There is a timer on each login. The reason for that is, when you scan that QR code, the web server will establish a secure link with your box directly. And since there is an encryption key involved, we keep that key in memory and wipe it after a certain duration. (The scan is the key exchange process).
-
@Dpadron, Firewalla is definitely not a regular router that runs say *WRT* software. The main reason for us to run the web interface in the cloud is to increase feature velocity or the speed for us to developed new things.
If the web UI runs on the unit, the release cycle will be 3 to 4 months. (There is nothing bad about this since we are already far better than traditional hardware). But having the UI running on my.firewalla.com, will enable us to add new features in less than a day. (+1 extra day for testing)
For example, one of you wanted a 30-day bandwidth usage, it took us two days to get the feature running;
Another benefit of having the web outside the unit also includes the traditional "access" from anywhere... which is much more difficult to do if you are running it on the unit.
-
@Dmavelar you can print the QR code and put it on the front of the Firewalla if you really need to regularly get access to it. For the past three months I have never found a need to scan the QR code.
@Firewalla, I love the security on the web interface. Please don't change anything. For me, on an iPhone, scanning the QR code is a sub-second activity. I basically just wave my phone in front of the screen and BLAMO. In my professional life I use Kibana, McAfee, Falcon, Fidelis and other tools that have all sorts of login machinations and require authentication tools. This is secure and easy. Please don't change it - and keep it in the cloud!
-
Hello all,
I think there are several issues to segregate:
- QR code vs string vs...
obviously the QR code is just a "convenient" way to scan a string, there is nothing preventing firewalla to also add the string matching the QR code on the sticker which will go around the problem for people who don't have a compatible camera phone... - QR code usage:
There is an interesting flaw often overlooked with static QR codes (and strings on stickers), they can be copied and reused... including remotely.... In fact, to use it securely, you would typically only make use of it in combination with an activity which requires physical access to the device (pressing the reset button). if not, there is little value in using the QR code and you would be better of leverage a string dynamically accessible through the app or the appliance (like the ssh password). The problem is not really an issue for home use, but it can be a showstopper for business use where staff turnover.
- QR code vs string vs...
Please sign in to leave a comment.
Comments
14 comments