Existing devices being Quarantined as if New
Could do with some guidance troubleshooting this.
For a while now various devices are being identified as New Devices and therefore Quarantined. This happens maybe a couple of times a day, but is driving me insane as it'll happen to family phones, therefore blocking traffic until the device is deleted from Firewalla.
I have MAC randomisation turned off on these devices so this shouldn't be the cause, and it does not seem limited to them. The New Device doesn't show the same MAC address as the blocked device, but you can tell by looking at the network flow and timestamp, in addition to it being unable to access the internet, and shows the same IP address.
I thought maybe Active Protect was causing it, but I have a feeling it was already happening before then and still happens if it's turned off. Besides, devices like phones are categorised as ineligible.
Ideas?
-
When each time the devices are identified as quarantined, were their MAC addresses the same as before they were added to quarantine? Double Check to make sure device quarantine is off. Firewalla uses MAC addresses to identify new devices. Keeping to be added back to quarantine shall not be related to Active Protect.
Are you using Firewalla AP7 for WiFi, and do you have micro-segment applied on the WiFi SSID? -
Hi, and thanks.
It happened again this morning to my wife's phone.
I don't have the AP7. I'm using wired TP-Link Omada AP's with a hardware controller.
New device quarantine is turned on. But isn't that preferred for security?
MAC address is different.
New device alert and device detail shows her usual phone IP for the New device. Her actual device shows no IP assigned.
This seems to later resolve it with the quarantine device changing to unknown IP having released it back to her device.
-
Hi Geeklord, if the MAC address is different, Firewalla will treat this as a new device. Can you share the type of device this keeps happening to?
Please double-check if MAC randomization is truly disabled. If it's an Apple device, we recommend turning Private Wi-Fi Address "Off" completely, instead of using "Fixed" mode. See here: https://help.firewalla.com/hc/en-us/articles/360055342613-How-to-turn-off-MAC-Address-Randomization
-
Hi there. Happens to both mine and my wife's phone, but also others, but it's less noticeable because they're not necessarily in use at the time and it eventually resolves itself.
Both are Google Pixels and definitely have MAC randomisation off ('Use device MAC' option selected).
Any ideas?
-
Could you try to reserve a static IP for your phones to see if it makes any different: IP Allocation?
-
Hi,
I’ve been experiencing the same issue since switching from Purple to Gold SE. I’m also using Omada hardwired APs.
Each time I check the IP address of the device listed in the Quarantine group, it matches the IP of a device that is already connected to the network.
So far, I’ve encountered this issue with my Pixel and two Wi-Fi cameras.
.
-
Firewalla detects devices based on MAC addresses. The best would be checking what MAC addresses these devices use on Firewalla. If a devices shows up on Firewalla with different MAC addresses, check if these MAC addresses starting with the same pattern. It could be your AP is messing with MAC addresses here.
The easiest way to rule out is borrow/get a different AP and try again.
-
I took the opportunity to upgrade all my AP's. Since doing so it stopped. I have no idea why but my devices were mismatched, two wifi 5 and one wifi 6, and I noticed that mesh was activated that wouldn't have worked between these devices. No idea why it would suddenly start happening but that's as close as I got to figuring it out, but obviously something to do with the AP's as the controller and config is otherwise the same.
Please sign in to leave a comment.
Comments
18 comments