Add Devices Manually

Completed

Comments

25 comments

  • Avatar
    parsoli

    I have the same exact issue.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Noted, forwarding to our developers on this.

    0
    Comment actions Permalink
  • Avatar
    FF

    in the same vein, it could be sorted out with the need to fix dhcp reservations....

    ideally you should be able to enter ahead of time devices by MAC addresses, IP addresses or hostnames, such that DHCP requests from these MAC are automatically mapped to the pre-reserved IP and hostnames, AND create groups and rules ahead of time....

     

    0
    Comment actions Permalink
  • Avatar
    Michael K

    I have a device that I get alarms for a new device but it won't go to device details so I can name it or add rules, nor does it show up in the device list.  I know the MAC so being able to manually add would be useful.

    It's a smoke alarm and connects intermittently. If I force it firewalla doesn't see it right away and so far I've not been able to catch it when it's on the network.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Any update on this?  I am experiencing the same issue and Firewalla Gold is not seeing the VIP and unable to add Port Forwarding. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    check the virtual IP and see if they all map to the same MAC address. If they are, try to use a different MAC address. 

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Unfortunately the load balancer doesn't have this option.  All vIP are assign to the same interface which will have the same MAC address.  

    0
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    I have this issue as well. I opened a support ticket about it but they told me that it's impossible to do a port forward to an IP address that firewall does not see the Mac address of.

    Which means I'm likely going to round file this device seeing that the string is now a year old and they still haven't done anything about it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It is impossible to have an IP address without a MAC address on your LAN.(meaning this MAC may be shared)  Can you please double-check? Or you have different network's within networks?

    0
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    I literally have the exact same scenario as the post that was originally posted on this string at the very top. It's obviously an issue that needs to be fixed if more than one individual is having the exact same problem.

    If more than three people are complaining about this issue it's likely not a user issue and just a limitation of the implementation of the software.

    All I'm saying is that I can do this port forwarding if needed on a $20 Linksys. If a device that costs over $400 can't do it, that has me scratching my head.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Can you give me the case number you were working with for support? I can take a look or escalate this.

    In general, if you are doing port forwarding and the destination device is on the network, Firewalla should have that device in the device list. The only time, it may not show the list is if you have devices all share the same MAC address. If you have devices sharing MAC addresses, please see if you can get them a virtual MAC, it will make things a lot easier.  Anyway, you do not have to repeat everything, a case number will help.

    0
    Comment actions Permalink
  • Avatar
    Glenn Laugesen

    @Firewalla: you have mentioned a couple of times that Firewalla has trouble picking up IP addresses that map to a single MAC address. This is indeed the problem that prompted me to create this question originally. It also appears to be the source of most of the problems that others like me (including Ammon) have posted about subsequently, apart from the user who described the issue where their device just isn't visible on the network very often.

    To sum up the source of the issue - a key feature of many of the more sophisticated network appliances you find in business use (Load Balancers, Layer 7 Switches etc.) is that they use multiple IP addresses associated with single MAC addresses. This also occurs in virtual networks, particularly with Virtual Machines. If the Firewalla appliance is to successfully work with these devices, it either needs to:-

    1. Have a more sophisticated device detection algorithm that is capable of detecting and handling this type of configuration or
    2. Allow users to create manual MAC Address <> IP Address entries (ARP table entries?) in the device list.

    Given that, of these two options, the second is more flexible and solves more than one problem (e.g. it also solves the problem that the Firewalla has with detecting devices that aren't often active on the network), adding the ability to create manual entries in the device list seemed like the best solution - hence the title of the original post. It has proved surprisingly difficult to get traction on this, though. I also created a support ticket about this issue. The solution offered was that the Firewalla would eventually support Linux scripting, thus allowing manual configuration of more sophisticated firewall and traffic routing rules. I gave up at that point as even the scripting option wasn't then available, and the Firewalla Gold now resides at home on a much simpler network. This was disappointing as I really liked the clean UI, the easy-to-use mobile app and the straightforward business model that Firewalla offers (no subscription fees). I ended up purchasing Ubiquiti hardware instead for the office.

    0
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    @Glenn thank you! and funny you mentioned Ubiquity, that is exactly what I have been reading up on as a result of this issue. I am also looking at the Palo alto Okyo that I was turned on to by my colleague but I'm leaning towards the ubiquity due to price and subscription concerns with the PA.

    @Firewalla Case #37717

    I hope this can gain some traction as (like Glenn mentioned) this is very disappointing due to the fact that your product is well implemented and designed in so many other areas.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Yes!!! Thank you all!  As other has mention this is an issues for networks that uses load balancers. I was going to recommend FWG at the office however with our F5 we would not be able to use it.  Even F5 doesn't have an option to assign MAC address to VIPs. This would be great if FWG had the ability to assign multiple IPs to one MAC address. I can open a ticket if needed.

     

    -Ray  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Our developers are looking at this now, some what like a virtual IP concept inside firewalla

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Hello Firewalla,

    Curious if any movement on this? Thank you 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The probability of this will be included in 1.974 (next release) is very high. I can not commit right now (12/16/2021) since that release. is going into review/prioritization phase now.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    That's awesome it's being worked on. 

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Hello, checking to see if this feature still being worked on and if in beta for testing?

     

    -Ray

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Checking to see if any update.

     

    -Ray

    2
    Comment actions Permalink
  • Avatar
    Ricardo Marques

    HI. I just bought a Firewalla Gold. Everything working good except for this problem and the ddns. I have a kubernetes clustes that has Load Balancer with an virtual ip. I would like the option to just type the aip to port foward.... This is honestly very vey disappointing. @Firewalla any update on the issue. I don't think I can keep your product If I can't run my services with it. This issue has not been resolve in ONE YEAR... 

    0
    Comment actions Permalink
  • Avatar
    Eric Larson

    Add me to this list... I have a kemp load balancer and multiple VIP's on it.. Port forwards to this device just wont work because the detected IP keeps changing from to the different VIP IP's and the Kemps Management IP (all using the same MAC address)  -Using Firewalla Gold

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    Nicholas Paige

    Add me to this list as well. Since I'm unable to port forward to my VIP I have created for Kemp load balancer. The VIP does exist as it is pingable as well as no errors with trying to attempt port forwarding with unifi managed switch. Using Firewalla Purple. Thanks

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Creating port forwardings on IP addresses is supported on app release 1.50. Please see the release notes: https://help.firewalla.com/hc/en-us/articles/4554420886163

    1
    Comment actions Permalink

Please sign in to leave a comment.