Allow traffic to amazonaws.com

Comments

12 comments

  • Avatar
    Support Team

    Looks like a bug. Are you using iOS or Android? And what's the app version?

    0
    Comment actions Permalink
  • Avatar
    ape

    iOS 1.49

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Sorry, I forgot that amazonaws.com is a TLD domain (also known as public suffix), which means lots of domains could be hosted on amazonaws.com. This may cause performance degradation when allowing the whole TLD domain.

     

    May I know why you want to allow it?

     

    Reference:

    https://publicsuffix.org/list/

    0
    Comment actions Permalink
  • Avatar
    ape

    I want to allow backups to S3 storage.

    0
    Comment actions Permalink
  • Avatar
    ape

    btw s3.amazonaws.com is also not accepted.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    s3.amazonaws.com is also an TLD... all s3 buckets are hosted on this domain.

    You may add the specific s3 domain to the allow list, it should work.

    0
    Comment actions Permalink
  • Avatar
    ape

    There are two domains accesses during backup time. One is region specific (I was able to set that one), but the other is just plain s3.amazonaws.com. So I have no way of creating a more specific rule.

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Got it. It's a limitation of the app. The TLD domain itself is also a valid domain.

    As a workaround, I suggest:

    1. login https://my.firewalla.com with Firewalla app
    2. create a target list
    3. add the two domains to the list
    4. and in the app, create an allow rule on the target list.

     

    Here is the doc on target list: https://help.firewalla.com/hc/en-us/articles/1500005941962-Firewalla-Feature-Target-List

    0
    Comment actions Permalink
  • Avatar
    ape

    Good tip! I did set it up and will report tomorrow after the backup is supposed to have run.

    0
    Comment actions Permalink
  • Avatar
    ape

    The setting with the target list did not work - the traffic was still blocked.

    But while reading https://help.firewalla.com/hc/en-us/articles/360008521833-Manage-Rules#h_407c0ea9-6d3c-4e12-8b0c-80c900f65681, I found out that I can use asterisks in domain name. I tried that on the mobile app with no luck (input not accepted), but it worked on the web interface!

     

    0
    Comment actions Permalink
  • Avatar
    Support Team

    Thanks for the feedback. Will get the team to try it out and report back.

    0
    Comment actions Permalink
  • Avatar
    ape

    I tried again with a target list with the sole entry "*.amazonaws.com" and it worked this time.

    0
    Comment actions Permalink

Please sign in to leave a comment.