Add Devices Manually
CompletedIs there any way to add a device manually to the devices list on the Firewalla Gold rather than waiting for them to be discovered?
The reason that this is a pressing problem for me is that I have just installed a new Firewalla Gold at our office and I need to forward some ports to a couple of Layer 7 SSL accelerators/Load Balancers in our internal network which have a number of virtual IP's on them. However, they are not being picked up by the Firewalla Gold and thus are not available for selection when trying to configure Port Forwarding rules.
Without an ability to manually add devices which are difficult to detect, we can't use the firewall appliance at all as having the ability to set up the port forwarding rules is critical.
Regards,
Glenn
-
in the same vein, it could be sorted out with the need to fix dhcp reservations....
ideally you should be able to enter ahead of time devices by MAC addresses, IP addresses or hostnames, such that DHCP requests from these MAC are automatically mapped to the pre-reserved IP and hostnames, AND create groups and rules ahead of time....
-
I have a device that I get alarms for a new device but it won't go to device details so I can name it or add rules, nor does it show up in the device list. I know the MAC so being able to manually add would be useful.
It's a smoke alarm and connects intermittently. If I force it firewalla doesn't see it right away and so far I've not been able to catch it when it's on the network.
-
I have this issue as well. I opened a support ticket about it but they told me that it's impossible to do a port forward to an IP address that firewall does not see the Mac address of.
Which means I'm likely going to round file this device seeing that the string is now a year old and they still haven't done anything about it.
-
I literally have the exact same scenario as the post that was originally posted on this string at the very top. It's obviously an issue that needs to be fixed if more than one individual is having the exact same problem.
If more than three people are complaining about this issue it's likely not a user issue and just a limitation of the implementation of the software.
All I'm saying is that I can do this port forwarding if needed on a $20 Linksys. If a device that costs over $400 can't do it, that has me scratching my head.
-
Can you give me the case number you were working with for support? I can take a look or escalate this.
In general, if you are doing port forwarding and the destination device is on the network, Firewalla should have that device in the device list. The only time, it may not show the list is if you have devices all share the same MAC address. If you have devices sharing MAC addresses, please see if you can get them a virtual MAC, it will make things a lot easier. Anyway, you do not have to repeat everything, a case number will help.
-
@Firewalla: you have mentioned a couple of times that Firewalla has trouble picking up IP addresses that map to a single MAC address. This is indeed the problem that prompted me to create this question originally. It also appears to be the source of most of the problems that others like me (including Ammon) have posted about subsequently, apart from the user who described the issue where their device just isn't visible on the network very often.
To sum up the source of the issue - a key feature of many of the more sophisticated network appliances you find in business use (Load Balancers, Layer 7 Switches etc.) is that they use multiple IP addresses associated with single MAC addresses. This also occurs in virtual networks, particularly with Virtual Machines. If the Firewalla appliance is to successfully work with these devices, it either needs to:-
- Have a more sophisticated device detection algorithm that is capable of detecting and handling this type of configuration or
- Allow users to create manual MAC Address <> IP Address entries (ARP table entries?) in the device list.
Given that, of these two options, the second is more flexible and solves more than one problem (e.g. it also solves the problem that the Firewalla has with detecting devices that aren't often active on the network), adding the ability to create manual entries in the device list seemed like the best solution - hence the title of the original post. It has proved surprisingly difficult to get traction on this, though. I also created a support ticket about this issue. The solution offered was that the Firewalla would eventually support Linux scripting, thus allowing manual configuration of more sophisticated firewall and traffic routing rules. I gave up at that point as even the scripting option wasn't then available, and the Firewalla Gold now resides at home on a much simpler network. This was disappointing as I really liked the clean UI, the easy-to-use mobile app and the straightforward business model that Firewalla offers (no subscription fees). I ended up purchasing Ubiquiti hardware instead for the office.
-
@Glenn thank you! and funny you mentioned Ubiquity, that is exactly what I have been reading up on as a result of this issue. I am also looking at the Palo alto Okyo that I was turned on to by my colleague but I'm leaning towards the ubiquity due to price and subscription concerns with the PA.
@Firewalla Case #37717
I hope this can gain some traction as (like Glenn mentioned) this is very disappointing due to the fact that your product is well implemented and designed in so many other areas.
-
Yes!!! Thank you all! As other has mention this is an issues for networks that uses load balancers. I was going to recommend FWG at the office however with our F5 we would not be able to use it. Even F5 doesn't have an option to assign MAC address to VIPs. This would be great if FWG had the ability to assign multiple IPs to one MAC address. I can open a ticket if needed.
-Ray
-
HI. I just bought a Firewalla Gold. Everything working good except for this problem and the ddns. I have a kubernetes clustes that has Load Balancer with an virtual ip. I would like the option to just type the aip to port foward.... This is honestly very vey disappointing. @Firewalla any update on the issue. I don't think I can keep your product If I can't run my services with it. This issue has not been resolve in ONE YEAR...
-
Creating port forwardings on IP addresses is supported on app release 1.50. Please see the release notes: https://help.firewalla.com/hc/en-us/articles/4554420886163
-
Just received my new Gold Plus and started setting it up. Quite surprised I could not add devices manually, it's a pretty basic requirement in a what is marketed as a high end router.
I did find a sort of work around.
I have a lot of Home Automation and other devices that need Static IP addresses or they simply won't work. Rather than spend days rebuilding a trashed network I ended up installing the Firewalla in Bridge Mode. After a couple of days it had identified most of my equipment. The Web Interface, while extremely limited (again I thought this was a high end piece of equipment so why should I need to type with one finger onto a phone screen??) lets you click on each IP address and make it Static (Reserved) quite quickly. Being bored I then switched it back to Router Mode but not connected to my Network and all the Devices were still there despite the warning about deleting the Network. Yes it deletes the Network but not the devices. When you have finished setting up your proper LAN and WAN and plug it back in as a router it keeps the Devices and their Static IP's. Saved me a trashed Network and a lot of typing!
Not a proper solution but it at least gets you started. You don't need to Bridge between Modem and Router, just plug it in anywhere on the Network. It will complain that it can't monitor but it will discover all your devices.
However - Could we please have the facility to manually add devices, a decent Web Interface where you could do everything the mobile app does at least and how about being able to export your config in an editable format and then re-import it once you have typed in all the names, MAC's and IP's and everything else that a Network Administrator needs to do!
So far I'm relatively underwhelmed by the very expensive (in the UK) Firewalla Gold. It's a nice toy but not yet a serious tool for complex setups.
-
@Graeme, @Rsv
You may not need to use bridge mode to learn the devices, just use Router mode to replace the current router ( use the same subnet). Firewalla will discover devices in the network, honor the current used IP for each device and allocate back, then you can convert the IP to reserved IP in app or web.
-
I am not referring to the migration from an existing router to Firewalla. I need to be able to define a static mac-ip mapping (or just a static device with a mac address) and place it in a device group. By doing that, I can be sure that the rules I apply against that device group will get applied to this device whenever it shows up on firewalla.
Please sign in to leave a comment.
Comments
38 comments