DHCP mode Security Flaws?


1 comment

  • Avatar

    Simple and DHCP modes are made to augment the network by virtually divert traffic at the IP layer (this mode exists in Red/Blue/Gold/Purple) and can be used if you don't want to inline your network with Firewalla. 

    So, in the case of the DHCP mode, the user can configure their device manually on the main network instead of the overlay network. (bypassing DHCP and use static IP) this is fully possible, and this is how we implement the "No monitoring" button, it will literally move the device to the main network.

    And when the device moves, you should be able to see it. There is no way to prevent this since the firewalla is only inline at layer 3 (IP layer). If this is a concern, then the best unit to get is the Gold or the Purple, and make sure you put them in Router or bridge mode (which is inline between your networks, and no way to bypass)

    Comment actions Permalink

Please sign in to leave a comment.