Seeking understanding

Comments

4 comments

  • Avatar
    David Rothenberger

    Firewalla with no rules will allow everything, so if you don't have any rules for the network to which this device was added, it will be able to connect to the Internet by default.

    If you want to prevent this, enable the New Device Quarantine feature for the network, and ensure the Quarantine group has a rule to block Internet access and block access To and From All Local Networks. With that feature enabled, new devices will be added to the Quarantine group, and you will receive an alert. You then have to move the device to the appropriate group (if any) before it can access the Internet or your other networks.

    0
    Comment actions Permalink
  • Avatar
    Donny

    Thank you for the details.

    I thought I had read that Firewalla was a deny by default. Is there a way to set it up as deny by default? I just tried to make a deny all rule, but was told by Firewalla that it was not allowed.

    0
    Comment actions Permalink
  • Avatar
    David Rothenberger

    You can make a global rule to block traffic to/from the Internet and another to block to/from all local networks, I believe.

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    @donny by default Firewalla is deny ingress by default; not egress. 

    As I mentioned in a previous thread, you can use a BLOCK Internet access rule and then allow selective access. This is not a common case, but I use it for example on IoT VLANs which I know only need access to a couple of Domains. 


    0
    Comment actions Permalink

Please sign in to leave a comment.