Blocking allowed domains
My Firewall Gold randomly blocks domains that are specifically allowed within the target list. I have internet blocked for certain devices. I implemented a target list to allow certain domains. I have been struggling for weeks with this now and have communicated with Firewalla on the issues, but I haven't heard anything further in over a week. Is anyone else having problems with this?
I've tried the following in trying to allow domains:
domain.com
*.domain.com
*.*.domain.com
*.*.*.domain.com
I've even tried putting in the specific blocked domain without wildcards. Sometimes it passes, sometimes it's blocked. Everytime blocked, says it's IP filtering and lists my allow target list.
The reason I have successive *.*. on there is because I had some success with this approach early on, but it's completely random. The successive asterisks are for additional levels of subdomains.
This is incredibly frustrating and I would really like to know if others are experiencing similar issues. Is it possible that I have defective hardware? I've posed that question to Firewalla too, but support has not responded.
-
For wildcard, you can use *.domain.com
More documents here https://help.firewalla.com/hc/en-us/articles/1500005941962-Firewalla-Feature-Target-List-Beta-
Also, please remember, the blocked domains may not be blocked, it may be they are DNS names that are invalid. We have some examples here https://help.firewalla.com/hc/en-us/articles/1500007220942-Firewalla-Blocked-Flows
-
I have used those wildcards, as you can see in my post. They don't work. If they do, they only work randomly. And when I use *.domain.com, it still blocks sub.*.domain.com. And when I've used domain.com, it has blocked. And when I have used *.domain.com, it has still blocked, regardless of if it's sub.domain.com or sub.sub.domain.com, etc.
It says these are blocked by IP Filtering, not DNS, and sometimes it let's the traffic through. So....
Either my hardware is defective or the software is deficient. Either way, I'd like this fixed soonest. I've been struggling with this for a month now and it's still broken. I have another indicator that points to defective hardware with one of the WAN ports randomly dropping out every few hours. So what's the path forward here?
-
I sent them to help@firewalla.com
-
@Andy, Thanks for the input. I don't know for certain, but what I'm hearing leads me to believe this issue is a result of using IP addresses for blocking or allowing. Problem with that is that proxying with DNS resolution means that the IP addresses often change with multiple IPs pointing to the same domain. It makes it very difficult to properly do web filtering with IP addresses. Using domain names has it's problems too, but it is more consistent for web filtering. This would make the rules valid under changing and new IP addresses, if that's the cause of the issue here.
-
@Phil. I am having similar issues right now with target lists. If I write a specific device or network rule to allow a specific URL, then it works, but when I swap the URLs with a TargetList containing the same URL's, then I get blocked completely. I have a case open now with support to see what is going on with it. Hopefully we will figure it out soon. It's not practical to have to write a bunch of URL Permit rules when I can use a TargetList and just update it. I'm hoping they can figure it out soon.
-
Received an update from Firewalla. They say they are working on a fix for the problem. Most likely to be released in 1.974.
Some additional information:
I just got a notification today that a device was accessing a malicious sitenagano-19599.herokussl.comI have internet block on and only allow domains in the target list and this one isn't in that list. I've enabled Monitoring, Active Protect, Internet Block. Why is a malicious site allowed to be accessed to begin with, never mind that the rules I have in place should have blocked it?When I look it up in Talos, it shows a favorable reputation even though I received an alert from Firewalla for it. -
@Isaac, yeah, none of that should be happening if internet block is on and I'm implementing an explicit allow list. Disappointing that you need to use something else like a pihole to implement basic web filtering functionality because this won't do it, or does it very poorly. This thing was pretty expensive as it is for where it currently is. Hopefully they'll fix it soon.
-
@Phil, I think it's cool that the Gold can basically do what Pihole does, but do you think that the Gold should do it all? It makes me wonder what kind of processing power it would take to pull that off. In another feature request, I asked for an API integration to/from pihole. I wanted the hostnames controlled by the Gold to show up in Pihole, and wanted reports from Pihole so show up in the firewall interface. But I'm not sure how realistic that is.
-
I think the Gold should be able to do more than it currently does for the price point. I also think that because they've advertised it as being able to do certain things, that it should do those things. Given where they are in the deployment cycle, this seems more like it's still a beta release product but it's billed as full production capability. Not to mention that the Gold is more expensive than the UDM Pro, which has more capability from a hardware perspective. The UDM Pro does much of what Firewalla does and several other things that it doesn't. I may explore that option if this continues to be problematic. The Firewalla is basically a higher end 3 port router with Ubuntu 18.04 running on it and additional software to do some of the advanced features. You're essentially paying for the software in this thing. PfSense wouldn't be a bad option for where it is right now too.
Don't get me wrong, I like the *idea* of what this can be. It's just very frustrating when every initial response from Firewalla is 'did you look at this post?' Not only did I look at those posts, but I spent a considerable amount of time scouring the message board to try to find if someone else solved it. It would be helpful if they combined their disparate knowledge pages into a true user manual that I could read in a consolidated location to find out how to do things, like how to switch from router mode to another mode. I'm still waiting for an answer on how to do that because it keeps going in a loop that won't allow me to do it. Firewalla sent me to the page that tells you what to do, except, you can't actually do it. Their response is to tell me to reset my router to factory default and start over. Uh, no. Very frustrating.
Please sign in to leave a comment.
Comments
13 comments