Abnormal uploads
Hi Everyone,
I am new to Firewalla (I've got the blue), love the idea and interface!
However, even after reading the documentation and threads on abnormal uploads I am still confused.
I've got a bunch of Ring cameras (and some other IoT) and I get a warning several times per hour that they upload abnormally. The destinations are all genuine Amazon DCs in USA or UK though.
To my untrained eyes they are not abnormal.
I thought Firewalla would train itself to establish the normal baseline so these should have stopped by now?
Or am I supposed to mute these to help the training?
Maybe I am misunderstanding the function, of course I don't want to mute any actually abnormal uploads in the future though.
I left it running for 2 weeks and have over 300 of these warnings now
I have not muted them actively yet.
Thanks in advance for any help or insight
Dan
-
Ring is a special case, it is really hard for us to get a pattern out of it. Here is a thread and some quick solutions that may help.
-
Ok thanks for that, will check that thread out and try the workarounds
@Chris yes that is true, mostly mine are going to *.ring.com but some are IP addresses (which are Amazon AWS according to Talos) so some could be in rogue in theory, but it has been consisten from day 1 least
Thanks
-
I just "fixed" this today using advice from the other thread.
Look at the first two numbers of the IP address it's talking to. All of mine have been to a location in Portland OR.
Go into Rules, Add Rule, Allow, under "set a target", IP Address Range, enter in the form xx.xx.0.0/16, then select this to only apply to the Ring device, then Save.
I have been able to block everything so far with only two rules. I'm sure others will eventually pop up. Amazon picks the specific addresses depending on where you live.
Please sign in to leave a comment.
Comments
4 comments