Add Devices Manually
Is there any way to add a device manually to the devices list on the Firewalla Gold rather than waiting for them to be discovered?
The reason that this is a pressing problem for me is that I have just installed a new Firewalla Gold at our office and I need to forward some ports to a couple of Layer 7 SSL accelerators/Load Balancers in our internal network which have a number of virtual IP's on them. However, they are not being picked up by the Firewalla Gold and thus are not available for selection when trying to configure Port Forwarding rules.
Without an ability to manually add devices which are difficult to detect, we can't use the firewall appliance at all as having the ability to set up the port forwarding rules is critical.
Regards,
Glenn
-
in the same vein, it could be sorted out with the need to fix dhcp reservations....
ideally you should be able to enter ahead of time devices by MAC addresses, IP addresses or hostnames, such that DHCP requests from these MAC are automatically mapped to the pre-reserved IP and hostnames, AND create groups and rules ahead of time....
-
I have a device that I get alarms for a new device but it won't go to device details so I can name it or add rules, nor does it show up in the device list. I know the MAC so being able to manually add would be useful.
It's a smoke alarm and connects intermittently. If I force it firewalla doesn't see it right away and so far I've not been able to catch it when it's on the network.
-
I have this issue as well. I opened a support ticket about it but they told me that it's impossible to do a port forward to an IP address that firewall does not see the Mac address of.
Which means I'm likely going to round file this device seeing that the string is now a year old and they still haven't done anything about it.
-
I literally have the exact same scenario as the post that was originally posted on this string at the very top. It's obviously an issue that needs to be fixed if more than one individual is having the exact same problem.
If more than three people are complaining about this issue it's likely not a user issue and just a limitation of the implementation of the software.
All I'm saying is that I can do this port forwarding if needed on a $20 Linksys. If a device that costs over $400 can't do it, that has me scratching my head.
-
Can you give me the case number you were working with for support? I can take a look or escalate this.
In general, if you are doing port forwarding and the destination device is on the network, Firewalla should have that device in the device list. The only time, it may not show the list is if you have devices all share the same MAC address. If you have devices sharing MAC addresses, please see if you can get them a virtual MAC, it will make things a lot easier. Anyway, you do not have to repeat everything, a case number will help.
-
@Firewalla: you have mentioned a couple of times that Firewalla has trouble picking up IP addresses that map to a single MAC address. This is indeed the problem that prompted me to create this question originally. It also appears to be the source of most of the problems that others like me (including Ammon) have posted about subsequently, apart from the user who described the issue where their device just isn't visible on the network very often.
To sum up the source of the issue - a key feature of many of the more sophisticated network appliances you find in business use (Load Balancers, Layer 7 Switches etc.) is that they use multiple IP addresses associated with single MAC addresses. This also occurs in virtual networks, particularly with Virtual Machines. If the Firewalla appliance is to successfully work with these devices, it either needs to:-
- Have a more sophisticated device detection algorithm that is capable of detecting and handling this type of configuration or
- Allow users to create manual MAC Address <> IP Address entries (ARP table entries?) in the device list.
Given that, of these two options, the second is more flexible and solves more than one problem (e.g. it also solves the problem that the Firewalla has with detecting devices that aren't often active on the network), adding the ability to create manual entries in the device list seemed like the best solution - hence the title of the original post. It has proved surprisingly difficult to get traction on this, though. I also created a support ticket about this issue. The solution offered was that the Firewalla would eventually support Linux scripting, thus allowing manual configuration of more sophisticated firewall and traffic routing rules. I gave up at that point as even the scripting option wasn't then available, and the Firewalla Gold now resides at home on a much simpler network. This was disappointing as I really liked the clean UI, the easy-to-use mobile app and the straightforward business model that Firewalla offers (no subscription fees). I ended up purchasing Ubiquiti hardware instead for the office.
-
@Glenn thank you! and funny you mentioned Ubiquity, that is exactly what I have been reading up on as a result of this issue. I am also looking at the Palo alto Okyo that I was turned on to by my colleague but I'm leaning towards the ubiquity due to price and subscription concerns with the PA.
@Firewalla Case #37717
I hope this can gain some traction as (like Glenn mentioned) this is very disappointing due to the fact that your product is well implemented and designed in so many other areas.
-
Yes!!! Thank you all! As other has mention this is an issues for networks that uses load balancers. I was going to recommend FWG at the office however with our F5 we would not be able to use it. Even F5 doesn't have an option to assign MAC address to VIPs. This would be great if FWG had the ability to assign multiple IPs to one MAC address. I can open a ticket if needed.
-Ray
-
HI. I just bought a Firewalla Gold. Everything working good except for this problem and the ddns. I have a kubernetes clustes that has Load Balancer with an virtual ip. I would like the option to just type the aip to port foward.... This is honestly very vey disappointing. @Firewalla any update on the issue. I don't think I can keep your product If I can't run my services with it. This issue has not been resolve in ONE YEAR...
Please sign in to leave a comment.
Comments
23 comments