Firewall Rules not enforced properly

Follow

Phil

• August 10, 2021 21:55
• Edited

I have kids in remote school and keeping them focused is a chore. I use the firewall to block everything and only allow those sites they should be accessing at certain times. I've noticed that they are accessing sites that they shouldn't be able to according to the firewall rules. This is occurring across multiple devices and multiple sites. When I look at the netflow data, sometimes the traffic to a particular domain shows up as 'Blocked' and sometimes as 'OK' and allowed through, seemingly randomly.

The other aspect of this is that when I do allow some sites, sometimes those specific domains that have been allowed by the rule are also blocked.

I've also noticed that I'm not seeing all of the sites that are being visited in the netflow data. The packets are making it through and loading the website on the device, but the netflow information for the domain is completely absent.

Is anyone else having any of these issues? If so, please chime in.

0

• 

  Firewalla

  • August 10, 2021 21:54

  Which firewalla device are you using?

  Can you give us examples of your rules? what we see sometimes, there are allow rules that may give exceptions to let things through. 

  0

  Comment actions Permalink
• 

  Phil

  • August 11, 2021 15:08
  • Edited

  Using the Firewalla Gold

  Examples:

  Blocked when allowed: Internet block is on, allow amazon.com rule in place through target list. Some amazon packets allowed, some blocked by IP Filtering.

  Allowed when blocked: Internet block is on and there is no rule in place to allow myon.com. Netflow shows myon.com was accessed, some ok, some blocked. Device is actively on that site.

  Netflow not captured: visited google.com and rfreshed netflow for that device. The domain never showed up in netflow.

  0

  Comment actions Permalink

Please sign in to leave a comment.