Possibility to mute only specific Security Activity Alerts?

Comments

10 comments

  • Avatar
    Firewalla

    see if this can help https://help.firewalla.com/hc/en-us/articles/360006083334-Manage-Alarms

    You also need to look at the root cause of the alarm, is the scan real? are they from the WAN side or the LAN side?

    0
    Comment actions Permalink
  • Avatar
    Alex

    The alarms are from the wan side. I attached two screenshots (btw: pushed notifications are broken, there is  one ip missing). I think the scans are from bots or other "attackers" and real, but "normal".

    The "scanning ip" is random, also my public wan ip changes every day (with pppoe)

    I tried the mute setting under the security activity alarm, but I cannot select firewalla as device. I believe I cannot configure it here.

    Regards

    Alex

     

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If the Gold is in router mode, and you are getting this, you have a bigger problem.

    1. did you remove the blocking incoming connection rule that's by default applied to all devices?

    2. do you have an allow rule that may give exceptions to certain regions?

    0
    Comment actions Permalink
  • Avatar
    Alex

    Yes my firewalla is in router mode. No, I have for all devices only block rules (and also the default blocking incoming connection rule)

    But I cannot follow you, why a port scan on my public wan ip is a problem? Every day the whole ipv4 internet is scanned by showdan and bot nets.. or do I misinterpret the message?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    1. tap on the monitoring button, and see what mode you are running. 

    2. is the 92.117.x.x IP address your WAN IP?

     

    0
    Comment actions Permalink
  • Avatar
    Alex

    1. Firewalla Mode -> Router Mode

    2. Yes, it's my wan ip .. checked it with https://whatismyipaddress.com/ and is displayed under Settings -> IP Address

    0
    Comment actions Permalink
  • Avatar
    Alex

    btw .. with the open ports scan from the app, I also receive an alarm notification ..

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Tap on the rules button

    Tap on all devices

    1. check if you have any block on "Traffic from internet"

    2. check if you have regional allow rules. (like USA). 

    0
    Comment actions Permalink
  • Avatar
    Alex

    Under all devices I have only block rules (no allow rules) .. the default block all traffic from internet is also active.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Alex, I have created a ticket for you on this. we may need more details. 

    0
    Comment actions Permalink

Please sign in to leave a comment.