Possibility to mute only specific Security Activity Alerts?
Hey all,
I receive multiple "xy is scanning ports on device {public ip}" alerts per day (sometimes 20-30 per day).
I think its normal behaviour when you connect a router (gold) to the internet and requires no further action... so the message is not really interesting to me, but i cannot find any switch to disable only these messages .. and I don't wont to mute all security alerts.
Is it possible to mute only this specific type of alert? Or can you implement it? :-)
Regards
Alex
-
see if this can help https://help.firewalla.com/hc/en-us/articles/360006083334-Manage-Alarms
You also need to look at the root cause of the alarm, is the scan real? are they from the WAN side or the LAN side?
-
The alarms are from the wan side. I attached two screenshots (btw: pushed notifications are broken, there is one ip missing). I think the scans are from bots or other "attackers" and real, but "normal".
The "scanning ip" is random, also my public wan ip changes every day (with pppoe)
I tried the mute setting under the security activity alarm, but I cannot select firewalla as device. I believe I cannot configure it here.
Regards
Alex
-
Yes my firewalla is in router mode. No, I have for all devices only block rules (and also the default blocking incoming connection rule)
But I cannot follow you, why a port scan on my public wan ip is a problem? Every day the whole ipv4 internet is scanned by showdan and bot nets.. or do I misinterpret the message?
-
1. Firewalla Mode -> Router Mode
2. Yes, it's my wan ip .. checked it with https://whatismyipaddress.com/ and is displayed under Settings -> IP Address
-
Hello!
I have kind of the similar scenario. Starting 2 weeks ago or so I started receiving dozens of messages daily, I think it might have started at the same time the device or app got upgraded.
I have nothing opened from WAN to LAN. This is the setting for Rules > All devices
And then I also have 4 ports allowed on this specific device. These are for a game server and I trust those IPs, and I only activate the policy when needed.
I have been discarding those scan alerts for a while after figuring out that they did not seem to pose a risk.
In the Alerts section within the app, you can configure it to except one or more device/s/network/s but there is no entry for the WAN interfaces, could you add them to be eligible?
Any help would be appreciated.
Regards.
-
Hello team,
This is one of the alarms:
I do not want by any means to mute the alarms related to Security, while I can't stand having to delete dozens of alarms daily either. Actual alarm count for around 12 days.
I lowered the security alarm sensitivity, to no effect. I also muted the port scans for that only device which has 3 ports opened.
I would kindly ask you to either create an entry to be able to mute the port scans for the WAN interface which is currently not listed, or at least (maybe both) to separate the port scans under an individual category so that it can be muted at all if needed while preserving the other security alarms.
Thanks in advance!
Please sign in to leave a comment.
Comments
16 comments