firewalla scan feature
is the scan feature in firewalla really aggressive?
i watch log on my database, firewalla ip address xxx tries to login using generic users to my database from one sample it was 1737 times a minute.
rotating only these users:
2026-04-11 9:14:27 133185 [Warning] Access denied for user 'root'@'xxx' (using password: YES)
2026-04-11 9:14:27 133184 [Warning] Access denied for user 'admin'@'xxx' (using password: YES)
2026-04-11 9:14:27 133186 [Warning] Access denied for user 'administrator'@'xxx' (using password: YES)
2026-04-11 9:14:27 133187 [Warning] Access denied for user 'webadmin'@'xxx' (using password: YES)
2026-04-11 9:14:27 133188 [Warning] Access denied for user 'sysadmin'@'xxx' (using password: YES)
2026-04-11 9:14:27 133193 [Warning] Access denied for user 'test'@'xxx' (using password: YES)
2026-04-11 9:14:27 133190 [Warning] Access denied for user 'guest'@'xxx' (using password: YES)
2026-04-11 9:14:27 133191 [Warning] Access denied for user 'user'@'xxx' (using password: YES)
2026-04-11 9:14:27 133192 [Warning] Access denied for user 'web'@'xxx' (using password: YES)
2026-04-11 9:14:27 133189 [Warning] Access denied for user 'netadmin'@'xxx' (using password: YES)
2026-04-11 9:14:27 133198 [Warning] Access denied for user 'admin'@'xxx' (using password: NO)
2026-04-11 9:14:27 133195 [Warning] Access denied for user 'webadmin'@'xxx' (using password: NO)
and so on
i still want to turn on the scan mode since it useful to check my devices, but can we turn the aggresiveness, or on the device already checked, it will stop for a day, start check it again the next day?
-
Are you using System Vulnerability Scan? This Scan can be scheduled once a week at your chosen time.
-
A vulnerability scan is performed on your LAN, not your WAN. Explained here https://help.firewalla.com/hc/en-us/articles/115004274513-Firewalla-Feature-Guide-Scan#h_01HTZXFV73HTYH26S1JZVDC00P
Yes, it will try many different type of passwords etc ..
Please sign in to leave a comment.
Comments
3 comments