Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Existing devices being Quarantined as if New

Follow
Avatar
Ben Tegally

Could do with some guidance troubleshooting this.

For a while now various devices are being identified as New Devices and therefore Quarantined. This happens maybe a couple of times a day, but is driving me insane as it'll happen to family phones, therefore blocking traffic until the device is deleted from Firewalla.

I have MAC randomisation turned off on these devices so this shouldn't be the cause, and it does not seem limited to them. The New Device doesn't show the same MAC address as the blocked device, but you can tell by looking at the network flow and timestamp, in addition to it being unable to access the internet, and shows the same IP address.

I thought maybe Active Protect was causing it, but I have a feeling it was already happening before then and still happens if it's turned off. Besides, devices like phones are categorised as ineligible.

 

Ideas?

0

Comments

8 comments

Sort by Date Votes
  • Avatar
    FirewallaSupportDesk
    • Edited

    When each time the devices are identified as quarantined, were their MAC addresses the same as before they were added to quarantine? Double Check to make sure device quarantine is off. Firewalla uses MAC addresses to identify new devices. Keeping to be added back to quarantine shall not be related to Active Protect. 

    Are you using Firewalla AP7 for WiFi, and do you have micro-segment applied on the WiFi SSID? 

    0
    Comment actions Permalink
  • Avatar
    Ben Tegally

    Hi, and thanks.

    It happened again this morning to my wife's phone.

    I don't have the AP7. I'm using wired TP-Link Omada AP's with a hardware controller.

    New device quarantine is turned on. But isn't that preferred for security?

    MAC address is different.

    New device alert and device detail shows her usual phone IP for the New device. Her actual device shows no IP assigned.

    This seems to later resolve it with the quarantine device changing to unknown IP having released it back to her device.

    0
    Comment actions Permalink
  • Avatar
    Firewalla CM

    Hi Ben Tegally, if the MAC address is different, Firewalla will treat this as a new device. Can you share the type of device this keeps happening to? 

    Please double-check if MAC randomization is truly disabled. If it's an Apple device, we recommend turning Private Wi-Fi Address "Off" completely, instead of using "Fixed" mode. See here: https://help.firewalla.com/hc/en-us/articles/360055342613-How-to-turn-off-MAC-Address-Randomization

    0
    Comment actions Permalink
  • Avatar
    Ben Tegally

    Hi there. Happens to both mine and my wife's phone, but also others, but it's less noticeable because they're not necessarily in use at the time and it eventually resolves itself.

    Both are Google Pixels and definitely have MAC randomisation off ('Use device MAC' option selected).

    Any ideas?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    are you using any WiFi-extenders? some of the extenders may replicate or randomize MAC addresses.

     

    0
    Comment actions Permalink
  • Avatar
    Ben Tegally

    No extenders. I have three wired Omada TP-Link AP's with a hardware controller.

    0
    Comment actions Permalink
  • Avatar
    FirewallaSupportDesk

    Could you try to reserve a static IP for your phones to see if it makes any different: IP Allocation?

    0
    Comment actions Permalink
  • Avatar
    Ben Tegally

    Thanks. I've done that for the relevant personal devices and will update in due course.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post