I have the Gold Firewalla, and very happy with it.
Something that bugs me though is how inconsistent Alarm Muting is for various types of Alarms. Here are a few examples:
SSH Password Guessing is apparently not an incident which you can neither block nor mute, it just "is"... ?
I would expect Firewalla to automatically block SSH Password guessing (for a time period), but there's no indication that it does that. And a 'Mute' which does allow me to mute the IP in question if it just happens to be me mistyping my password a lot ;-) (Really just about consistency here, I don't really do that)
Other access to the same device, same port (22/SSH) are blocked automatically. Probably in a different list (list of known bad IPs/regions, what have you), but the access is identical, it's an attack on your SSH service.
Large Bandwidth Usage has a muted option, but it's unclear what you are really muting here.
It just says "Mute Device: No more alarms on device XXXX". Wait a minute! I do want other alarms for that device, it's not an all or nothing choice! Also, what about large consumption towards a specific location? I mean, my NAS will often spew out lots of data, but if hits specific regions I'm not in, I would like to know!
Compare that to the muting of a gaming alarm for example:
Here the "all" option correctly specifies "Mute gaming activity: Apply to device XXXX only", and I have the option to mute it against a specific site or all sites.
Alas, Large Bandwidth mute should read "Mute large bandwidth usage: Apply to device XXXX only".
Other alarms only allow me to mute a target/site for all devices, not a specific device.
Abnormal Upload is such an alarm. My vacuum cleaner will often "phone home" with map updates etc, and I expect that, so I would like to mute the "Adnormal Upload" alarm for it. However, if my other devices start uploading to the same sites, something is afoot. Please allow us to mute abnormal uploads for only a specific device:
And some mutes for the exact same incident type results in different mute options. Above the Abnormal Upload for the xiaomi.com domain gives me to mute at any subdomain level, while for googleapis.com, it doesn't. Why the difference?
Only one option here "translate.googleapis.com", no "googleapis.com"?
(Not that I really needed it in this case, it's just another example of the mutes being inconsistent.)
That's all for now!
Great product, just some nitpicking really :)
Please sign in to leave a comment.