WAN logs, portscans, DOS attacks, any of that?
Are external logs exposed anywhere? I'm looking for the traditional "router log" stuff that most devices include, listing ACK scans against my IP and such. Might be interesting to have a dashboard dedicated to attempts to get past the Firewalla.
I'm loving my Gold, though!
-
+1 ! I'm really interested in this because after I setup my Xfinity gateway in Bridge mode to hookup my Firewalla Gold, I notice that I'm having some "package loss".
Before I setup the ISP gateway in Bridge mode, it's firewall was slammed every day by such "attacks" with thousands of attempts just by analyzing it's logs...
Now in Bridge mode seems that the gateway firewall is disabled, and I have no alerts from Firewalla at all.
I still investigating this issue, I also have installed a cable signal amplifier just to make sure my gateway is getting the best signal, but I still facing package loss...
For example if I ping the google DNS 8.8.8.8 some times I get 10%/15% of loss!
-
You said you installed a cable signal amplifier. Is it unidirectional, or bi-directional? What kind of power values are you seeing on your gateway's stats page? Uncorrectable/correctable code words, etc?
Most cable amplifiers aren't really meant for modern cable modems, especially if they don't cover the full frequency range the modem expects to receive. They're typically configured for cable set-top boxes. Also, if it's unidirectional (and pointed towards your gateway), it could affect your upload strength, or provide too much power and cause more loss.
-
@David Osborne, It's bi-directional and it's for this purpose because the 1st one I bought it was just for the TV signal, and I spoke with the seller, and he indicated the one I have now !
Form Downstream the SNR is about 38.983 dB on all channels and the Power Level of 1.400 dBmV on almost channels and couple if the minimum of 0.700 dBmV.
For Upstream the Power Level is 42.750 dBmV for all of 3 channels.
The Correctable Codewords: between 12 to 65 on all channels.
And the Uncorrectable Codewords is 0 (zero) for all the channels now.
But the problem was with my 20 bucks switch....
-
This is one of the main reasons why I was looking for a product like Firewalla Gold. I thought it would provide logs on who is trying to hit my systems. I have to have a handful of computers available on the Internet and have limited the open ports to just what I need, but without any kind of inbound traffic logging, I have no way to know who all is trying to gain access that shouldn't be. Please add this feature, as it's sorely missing.
-
+1 for a WAN threat dashboard maybe through the web UI, more logging for IDS events such as when something is blocked by your threat intel, and longer network logs (maybe support logging to an external drive through the UI) and please please syslog support
also maybe making a section to see resource usage (like storage, if we want to extend log storage we know how much space we might get)
-
What I've noticed since originally opening this thread is that the only time I get "Active Protect" alerts is when I have some service/port open to the internet, and a malicious IP attempts to hit it. The best example was running a NextCloud server, I got so many alerts I just gave up and muted them. It'd be cleaner if there was a dashboard to manage those statistics, though.
-
@David, we will be building stats and also blocked logging soon, hopefully, that will make things cleaner.
If you are getting flows into your server, you probably want to better control it. (either through VPN or control who can access that server from outside). It is pretty risky if you are getting too many alerts on that.
-
Firewalla, The problem is we just get an alert "blocked malicious connection" but no further info except ip address etc. It would be nice if we could have the function to send blocked packet info/logs or pcaps to another server for analysis. I understand thats prob a little beyond what most consumers want. I do notice i get some zmap scans picked up by my security onion running suricata that make it past the firewalla. This is why it would be helpful to have those logs so i can see if the firewalla blocked any additional traffic from those ip's
-
It will be very useful to actually see what firewalla is doing and what sort of threats, hackers are targeting me. Honestly I would have expected this to be job number one of the firewall... And some sort of packet logging even if that can be viewed on my desktop or another device. I recently got the gold and trying to make sure I bought the right thing:)
-
@firewalla.
Not even joking. I'm very happy to hear this.
If you guys set this up and set up ability to do multiple VPN profile connections simultaneously in the app , I plan on buying a firewalla gold for each of my inlaws over the year after that feature gets pushed. I'm talking 5+ firewalla golds. Thanks for being responsive to customer wishes.
Please sign in to leave a comment.
Comments
36 comments