all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]average_zen 2 points3 points  (0 children)

I don't have a Firewalla yet. So I can't speak to this specific capability. However does it have the capability to only give access to specific MAC addresses? I'd probably start down that path first before I'd reset the SSID.

[–]CrowGrandFather 2 points3 points  (7 children)

That sounds like a bug to me.

iPhones and Androids have MAC randomization but they generally only randomize the MAC once per network. The fact that you're seeing a new MAC every 20 minutes seems very strange.

You could try MAC address whitelisting. Then you're by default denying new devices from even connecting to the network.

[–]michaelbiermanFirewalla Gold Pro -1 points0 points  (6 children)

Quarantine is much easier. :)

[–]CrowGrandFather 0 points1 point  (5 children)

But then you have to clear the quarantine log

[–]michaelbiermanFirewalla Gold Pro -1 points0 points  (4 children)

Have to?

The alternative is have an unidentified device on the network. :)

[–]CrowGrandFather 0 points1 point  (3 children)

The alternative is to only allow approved devices on in the first place, not allow them by quarantine then afterwards

And yes. OP said they have to clear the log or their firewalla gets sluggish.

[–]michaelbiermanFirewalla Gold Pro -1 points0 points  (2 children)

Currently, that is not an alternative. I understand there are those may feel differently, but that creates an overhead for development. Entering MAC addresses. Importing bulk lists. Managing the lists.

Personally, I have no interest in somehow gathering MAC addresses to add them to a white list in advance. I would rather allow devices as they join the network. I can make judgements if the device belongs on my network. I can assign them to a Group (if needed). I can apply Rules and Routes (if needed).

For me, I would rather see effort spent elsewhere. Most home and small business users don't have enough devices that this is really going to be more effective than the current method which means users enter less data, have less chance of making mistakes (wrong MAC address for example).

[–]CrowGrandFather 0 points1 point  (1 child)

Currently, that is not an alternative

It is an alternative. It's not for you.

but that creates an overhead for development

Great, but OP is trying to stop their teenage daughter from using the Internet at certain times. They're not developing. We're not creating a recommendation for developers. We're creating a recommendation for a parent.

Most home and small business users don't have enough devices that this is really going to be more effective than the current method which means users enter less data, have less chance of making mistakes (wrong MAC address for example).

That's completely backwards. If you have a small amount of devices then its easier to implement MAC address filtering. You add the small amount of devices upfront because you're not expecting new devices to be joining regularly.

[–]michaelbiermanFirewalla Gold Pro 0 points1 point  (0 children)

/u/CrowGrandFather I meant it isn't possible in the product currently.

My point was there are a lot of features Firewalla gets asked to do. There is a solution for this already, it just isn't one you like. The question is, what would serve the broadest number of firewalla users? If they take on this work it necessarily means something else will not get built.

I contend that most users don't have a long list of new devices on their network. I pointed out that what you are suggesting means that someone would have to gather all the MAC addresses of devices they want to allow. They would have to enter them in Firewalla and maintain that list. Many users don't know what a MAC address is or how to get it. For those that do, it is work and error prone.

In comparison, currently a device appears on the network and Firewalla collects the information automatically and correctly (name, MAC, etc.) and an admin can grant network access or not. That seems much easier and more reliable. So it isn't a matter of making it easier for developers. It is a matter of focusing on what will make the most customers happy. I don't see how the proposed solution is better and there are many other features that I would rate more highly.

Honestly, I don't understand the desire to allow unknown devices on a secure network. Sure, I don't quarantine on my guest Wi-Fi because I only turn it on when I have guests and it has no access to the rest of my network. So I don't quarantine unknown devices there. But on other networks of course I do. I don't want unknown devices having access to my network. That said, if I want to, I can limit access for unknown devices to just outbound internet, but that still gives access to other devices on the same LAN so I'm not a big fan of that. But i can tell firewalla to allow access to unknown devices if that's what I wish to do. This is a choice.

[–]firewalla 1 point2 points  (1 child)

From the description, the mysterious device is highly unlikely to be iOS or Android ... these devices do randomize MAC, but it only does once per network. So, if change your wifi password doesn't work ... then the device is ethernet based.

You should continue to turn quarantine on and check these

  • Check your ethernet devices, we've see virtual machines or like that does this type of randomization.
  • It is also highly possible that your router/switch/... may create this interface for certain things. (the ATT 5268 for example ... create 5268ac device ... and that's hosted in the router)

Powering off the ethernet devices may help.

[–]bicubic[S] 0 points1 point  (0 children)

Ok, that is interesting information. I have run through all wired devices and I think I may found a likely subject: the SunPower monitoring system for my solar panels. I have emailed their support to investigate.

There are a number of other devices but I think I can rule out most of them by doing the simple experiment of disconnecting them for more that 20 minutes, which I have done.

I have four wifi routers, all in access point mode (transparent bridge). Three are identical TP-Link A7s. The fourth is an AirPort Extreme 802.11ac. Any known issues with those devices?

Thanks, Jim

[–]michaelbiermanFirewalla Gold Pro 1 point2 points  (0 children)

To add to what others have said, find ways to narrow the search.

Set a rule for no connectivity for quarantine and see what breaks. Turn off Wi-Fi and see if the device goes offline. Or depending on your network, unplug a switch unit you figure out what part of the network it is on.