Thursday, January 16, 2020


From the info on the website it appeared I could use the one feature of the Firewalla Blue I wanted. Something to monitor what things the devices on my IoT network are talking to and give me a notification if they try and connect to something unexpected. Essentially monitor if any device may have been co-opted and or is trying to co-opt. It did give me alerts for remote sites my Wyze cams, Echos and SmartThings hubs connected to along with every new device it saw. But the Firewalla seems to insist on inserting itself via arp spoofing and messes with DNS which caused all kinds of issues. Among the top things I noticed were:

Alerts from antivirus software about bad arp packets. That would be kind of expected but why it does this even with most of the features disabled is unclear. All this should need to do is log traffic like Wireshark and only need arp spoofing to try and stop traffic. Same with DNS.

Despite claims it works with Unifi it seems to have caused all kinds of issues with APs and switches not getting heartbeats to the controller and generally dropping data so the topology map was only showing a few devices and those all connected directly to the router. The client listing would often show the wrong AP/Port for a device.

Some security cams started having issues staying connected too. I'm to the point this morning I'm shutting it down so we'll see if the camera issues correct or were a coincidence. Update other than the Wyze cams, they did.

So if you are looking for something simple to monitor your home network of a few devices and the ISP provided router this might work well for you. If your network is at all advanced beyond basic, give it a pass.