Unable to trust Gateway

martial
martial Member Posts: 5
Name Dropper First Comment
I recently added a new device that does ARP spoofing to monitor network (on purpose). The Fingbox app keeps telling me about "Network Gateway Changed" and asking me to block or trust it. I have now clicked "trust" multiple times but I still get the popup as if it was not yet trusted. How to manually add it in the trusted list?

Best Answer

  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 5,145
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    admin
    #2 Accepted Answer
    martial said:
    This answer got totally lost in my email, apologies.
    The Fingbox sees the new mac, and its OS is not iOS therefore this should not be the case.
    The Alter happens multiple times a day still, so no current fix seems to have been pushed for that behavior.

    I believe you are using any kind of external Firewall device on your networks such as Firewalla or Bitdefender and that is causing the issue here. In order for Fingbox and Firewall to play well with each other, Please follow these steps if you have Firewalla:  

    1. You can turn monitoring off on Fingbox in Firewalla app, so that Firewalla won't arp spoof Fingbox, and Fingbox won't report gateway change alert. 

     

    2. If you don't use the blocking feature in FingBox, it won't trigger arp spoofing against devices. But if you want to use the blocking feature, the arp spoof messages from FingBox may interference how Firewalla works. Our recommendation will be to use Firewalla app to block devices. 

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!

Answers

  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 5,145
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    admin
    Hi @martial
    May I know which device have you added which does the same operation like Fingbox(ARP spoofing) so I can guide you?
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
  • martial
    martial Member Posts: 5
    Name Dropper First Comment
    edited July 13, 2020 #4
    Hello @Robin : I have added a Firewalla Gold (I had a blue before and it was not triggering this error).
  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 5,145
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    admin
    Thanks @martial

    The way the Fingbox works is through ARP poisoning and DNS Spoofing.  
     
    For more information on ARP poisoning and DNS Spoofing see the following links:  
    Blocking is done by DNS/Blocking Spoofing.  
    https://en.wikipedia.org/wiki/DNS_blocking  
     
    The Fingbox/App work to pause things by a process called ARP poisoning/Blocking.  
    https://en.wikipedia.org/wiki/IP_address_spoofing  
      

    The Firewalla also uses ARP spoofing to become the gateway for the network in a way that triggers Fingbox's alarms. Firewalla may use MAC randomization which means that the MAC address of the computer can change and it will simply change MAC address and get a new IP address, thus producing alert from Fingbox. 

    As we have investigated and found out that Firewalla and Firebox can work side by side. Some of the features like Internet pause/ block might not work if Firewalla is installed. You can try to put Firewalla in passive mode and then connect Fingbox with router actively. This network set up should be able to maintain the network. 

    Please follow these steps:  

    1. You can turn monitoring off on Fingbox in Firewalla app, so that Firewalla won't arp spoof Fingbox, and Fingbox won't report gateway change alert. 

     

    2. If you don't use the blocking feature in FingBox, it won't trigger arp spoofing against devices. But if you want to use the blocking feature, the arp spoof messages from FingBox may interference how Firewalla works. Our recommendation will be to use Firewalla app to block devices. 

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
  • martial
    martial Member Posts: 5
    Name Dropper First Comment
    Yes, that is how I use it, and block using the Firewalla.
    The Firewalla does not do MAC randomization, so it is always the same MAC that is shown in the "Network Security Alert" "Network Gateway changed to firewalls (...)" (I have received over 60 of those email notifications since we started this conversation, and I do want those emails to continue)
    The issue seems to be that when I "trust" the device in the iOS interface "Notifications" - > "Network" -> "Event" that shows "Network Gateway Changed" 
    I click on it and "Add Gateway" and get "a new gateway is trusted by Fingbox" 
    but when I go down I still only have the "regular" router listed in the "trusted gateway" list, so I keep getting new notifications.

  • martial
    martial Member Posts: 5
    Name Dropper First Comment
    Given that I am "clicking" the "trust" button and not getting the expected result, I am starting to consider this a bug in the iOS interface
  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 5,145
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    admin
    martial said:
    Given that I am "clicking" the "trust" button and not getting the expected result, I am starting to consider this a bug in the iOS interface
    There might be a chance it might be related to ios 14 private MAC address. Can you disable the Private MAC address if applicable on your ios device and then check?
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
  • martial
    martial Member Posts: 5
    Name Dropper First Comment
    This answer got totally lost in my email, apologies.
    The Fingbox sees the new mac, and its OS is not iOS therefore this should not be the case.
    The Alter happens multiple times a day still, so no current fix seems to have been pushed for that behavior.