Add Devices Manually

Completed

Comments

38 comments

  • Avatar
    parsoli

    I have the same exact issue.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Noted, forwarding to our developers on this.

    1
    Comment actions Permalink
  • Avatar
    FF

    in the same vein, it could be sorted out with the need to fix dhcp reservations....

    ideally you should be able to enter ahead of time devices by MAC addresses, IP addresses or hostnames, such that DHCP requests from these MAC are automatically mapped to the pre-reserved IP and hostnames, AND create groups and rules ahead of time....

     

    0
    Comment actions Permalink
  • Avatar
    Michael K

    I have a device that I get alarms for a new device but it won't go to device details so I can name it or add rules, nor does it show up in the device list.  I know the MAC so being able to manually add would be useful.

    It's a smoke alarm and connects intermittently. If I force it firewalla doesn't see it right away and so far I've not been able to catch it when it's on the network.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Any update on this?  I am experiencing the same issue and Firewalla Gold is not seeing the VIP and unable to add Port Forwarding. 

    2
    Comment actions Permalink
  • Avatar
    Firewalla

    check the virtual IP and see if they all map to the same MAC address. If they are, try to use a different MAC address. 

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Unfortunately the load balancer doesn't have this option.  All vIP are assign to the same interface which will have the same MAC address.  

    0
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    I have this issue as well. I opened a support ticket about it but they told me that it's impossible to do a port forward to an IP address that firewall does not see the Mac address of.

    Which means I'm likely going to round file this device seeing that the string is now a year old and they still haven't done anything about it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    It is impossible to have an IP address without a MAC address on your LAN.(meaning this MAC may be shared)  Can you please double-check? Or you have different network's within networks?

    0
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    I literally have the exact same scenario as the post that was originally posted on this string at the very top. It's obviously an issue that needs to be fixed if more than one individual is having the exact same problem.

    If more than three people are complaining about this issue it's likely not a user issue and just a limitation of the implementation of the software.

    All I'm saying is that I can do this port forwarding if needed on a $20 Linksys. If a device that costs over $400 can't do it, that has me scratching my head.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Can you give me the case number you were working with for support? I can take a look or escalate this.

    In general, if you are doing port forwarding and the destination device is on the network, Firewalla should have that device in the device list. The only time, it may not show the list is if you have devices all share the same MAC address. If you have devices sharing MAC addresses, please see if you can get them a virtual MAC, it will make things a lot easier.  Anyway, you do not have to repeat everything, a case number will help.

    0
    Comment actions Permalink
  • Avatar
    Glenn Laugesen

    @Firewalla: you have mentioned a couple of times that Firewalla has trouble picking up IP addresses that map to a single MAC address. This is indeed the problem that prompted me to create this question originally. It also appears to be the source of most of the problems that others like me (including Ammon) have posted about subsequently, apart from the user who described the issue where their device just isn't visible on the network very often.

    To sum up the source of the issue - a key feature of many of the more sophisticated network appliances you find in business use (Load Balancers, Layer 7 Switches etc.) is that they use multiple IP addresses associated with single MAC addresses. This also occurs in virtual networks, particularly with Virtual Machines. If the Firewalla appliance is to successfully work with these devices, it either needs to:-

    1. Have a more sophisticated device detection algorithm that is capable of detecting and handling this type of configuration or
    2. Allow users to create manual MAC Address <> IP Address entries (ARP table entries?) in the device list.

    Given that, of these two options, the second is more flexible and solves more than one problem (e.g. it also solves the problem that the Firewalla has with detecting devices that aren't often active on the network), adding the ability to create manual entries in the device list seemed like the best solution - hence the title of the original post. It has proved surprisingly difficult to get traction on this, though. I also created a support ticket about this issue. The solution offered was that the Firewalla would eventually support Linux scripting, thus allowing manual configuration of more sophisticated firewall and traffic routing rules. I gave up at that point as even the scripting option wasn't then available, and the Firewalla Gold now resides at home on a much simpler network. This was disappointing as I really liked the clean UI, the easy-to-use mobile app and the straightforward business model that Firewalla offers (no subscription fees). I ended up purchasing Ubiquiti hardware instead for the office.

    1
    Comment actions Permalink
  • Avatar
    Ammon Guernsey

    @Glenn thank you! and funny you mentioned Ubiquity, that is exactly what I have been reading up on as a result of this issue. I am also looking at the Palo alto Okyo that I was turned on to by my colleague but I'm leaning towards the ubiquity due to price and subscription concerns with the PA.

    @Firewalla Case #37717

    I hope this can gain some traction as (like Glenn mentioned) this is very disappointing due to the fact that your product is well implemented and designed in so many other areas.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Yes!!! Thank you all!  As other has mention this is an issues for networks that uses load balancers. I was going to recommend FWG at the office however with our F5 we would not be able to use it.  Even F5 doesn't have an option to assign MAC address to VIPs. This would be great if FWG had the ability to assign multiple IPs to one MAC address. I can open a ticket if needed.

     

    -Ray  

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Our developers are looking at this now, some what like a virtual IP concept inside firewalla

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Hello Firewalla,

    Curious if any movement on this? Thank you 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    The probability of this will be included in 1.974 (next release) is very high. I can not commit right now (12/16/2021) since that release. is going into review/prioritization phase now.

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    That's awesome it's being worked on. 

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Hello, checking to see if this feature still being worked on and if in beta for testing?

     

    -Ray

    0
    Comment actions Permalink
  • Avatar
    Rbishop

    Checking to see if any update.

     

    -Ray

    2
    Comment actions Permalink
  • Avatar
    Ricardo Marques

    HI. I just bought a Firewalla Gold. Everything working good except for this problem and the ddns. I have a kubernetes clustes that has Load Balancer with an virtual ip. I would like the option to just type the aip to port foward.... This is honestly very vey disappointing. @Firewalla any update on the issue. I don't think I can keep your product If I can't run my services with it. This issue has not been resolve in ONE YEAR... 

    0
    Comment actions Permalink
  • Avatar
    Eric Larson

    Add me to this list... I have a kemp load balancer and multiple VIP's on it.. Port forwards to this device just wont work because the detected IP keeps changing from to the different VIP IP's and the Kemps Management IP (all using the same MAC address)  -Using Firewalla Gold

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    Nicholas Paige

    Add me to this list as well. Since I'm unable to port forward to my VIP I have created for Kemp load balancer. The VIP does exist as it is pingable as well as no errors with trying to attempt port forwarding with unifi managed switch. Using Firewalla Purple. Thanks

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Creating port forwardings on IP addresses is supported on app release 1.50. Please see the release notes: https://help.firewalla.com/hc/en-us/articles/4554420886163

    2
    Comment actions Permalink
  • Avatar
    Graeme Smith

    Just received my new Gold Plus and started setting it up.  Quite surprised I could not add devices manually, it's a pretty basic requirement in a what is marketed as a high end router.

    I did find a sort of work around.

    I have a lot of Home Automation and other devices that need Static IP addresses or they simply won't work. Rather than spend days rebuilding a trashed network I ended up installing the Firewalla in Bridge Mode.  After a couple of days it had identified most of my equipment.  The Web Interface, while extremely limited (again I thought this was a high end piece of equipment so why should I need to type with one finger onto a phone screen??) lets you click on each IP address and make it Static (Reserved) quite quickly.  Being bored I then switched it back to Router Mode but not connected to my Network and all the Devices were still there despite the warning about deleting the Network.  Yes it deletes the Network but not the devices.  When you have finished setting up your proper LAN and WAN and plug it back in as a router it keeps the Devices and their Static IP's.  Saved me a trashed Network and a lot of typing!

    Not a proper solution but it at least gets you started.  You don't need to Bridge between Modem and Router, just plug it in anywhere on the Network.  It will complain that it can't monitor but it will discover all your devices.

    However - Could we please have the facility to manually add devices, a decent Web Interface where you could do everything the mobile app does at least and how about being able to export your config in an editable format and then re-import it once you have typed in all the names, MAC's and IP's and everything else that a Network Administrator needs to do!

    So far I'm relatively underwhelmed by the very expensive (in the UK) Firewalla Gold.  It's a nice toy but not yet a serious tool for complex setups.

    1
    Comment actions Permalink
  • Avatar
    Rsv

    Has there been any update on this? When will we be able to do static IP mappings to known Mac addresses and put them in a device group?

    0
    Comment actions Permalink
  • Avatar
    Support Team

    @Graeme, @Rsv

    You may not need to use bridge mode to learn the devices, just use Router mode to replace the current router ( use the same subnet). Firewalla will discover devices in the network, honor the current used IP for each device and allocate back, then you can convert the IP to reserved IP in app or web.

     

    1
    Comment actions Permalink
  • Avatar
    Rsv

    I am not referring to the migration from an existing router to Firewalla. I need to be able to define a static mac-ip mapping (or just a static device with a mac address) and place it in a device group. By doing that, I can be sure that the rules I apply against that device group will get applied to this device whenever it shows up on firewalla.

     

    0
    Comment actions Permalink
  • Avatar
    Graeme Smith

    Please consider letting us manually add devices.  It’s a pretty basic router function and various threads have been requesting it since Firewalla was first introduced.  If that is too difficult then allowing the user to change the DHCP allocated IP would be a good interim solution.

    1
    Comment actions Permalink

Please sign in to leave a comment.