Best location for Fingbox 'behind' Firewalla Purple

jaoski
jaoski Member, Beta Tester Posts: 5
Second Anniversary Photogenic First Comment
I am planning to deploy a Firewalla Purple on my home network and wondering what would be the optimal segment to connect my Fingbox? Firewalla recommends the following configuration for my network:
Verizon FiOS ONT <-> Firewalla (1)/Firewalla (2) <-> Managed switch with VLAN for wired devices and separate VLAN for Google WiFi 'base' station.
The WiFi network will have it's own /24 network for all wireless devices.
I see different opinions on this and wondering what the pros/cons are to different Fingbox placement strategies. 

Best Answers

  • Marc
    Marc Moderator, Beta Tester Posts: 3,003
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #2 Answer ✓
    Your Fingbox needs to be directly on the same wireless network/subnet as the devices you are looking to monitor.  It can't handle multiple networks by design.  You would need to then open the ports it need through the firewalls so it can communicate to its cloud infrastructure.
    Thats Daphnee, she's a good dog...
    jaoski
  • Marc
    Marc Moderator, Beta Tester Posts: 3,003
    250 Answers 1,000 Likes 2500 Comments 250 Awesomes
    ✭✭✭✭✭✭✭
    #3 Answer ✓
    Depends on what you want to get out of it.  Many folks put a Fingbox on each subnet so they report on everything.  Others on just a single subnet thats relevant for them.  In any case, the Fingbox has to be able to call home to work so keep that in mind.  If you go the multiple route, you will not get an aggregate view, but rather will need to choose each fingbox one at a time to manage.  

    Another possible option is to install the Fing desktop on, say, the wired network, and use it to monitor that segment.  The mobile app can switch views from the desktop or from the Fingbox so you could have one app to view these.  The desktop cannot see the Fingbox network however.  You also might need a premium subscription to get all of the desktops features enabled.
    Thats Daphnee, she's a good dog...
    jaoski

Answers

  • jaoski
    jaoski Member, Beta Tester Posts: 5
    Second Anniversary Photogenic First Comment
    So best to have that on the same VLAN as the Google WiFi as there is apt to be less risk of an intrusion on my 'wired' network?
  • Crowgrandfather
    Crowgrandfather Member, Beta Tester Posts: 91
    Second Anniversary 5 Answers 25 Likes 10 Comments
    ✭✭✭

    There's very little risk of having someone intrude on your Wireless network as well. WiFi cracking is not nearly as people would have you believe.


    The days of cracking WEP/WPA are long gone. WPA2 has been the standard for years now, and yes you can crack the password on it with time it's not as easy. An attacker would need to boot everyone off the network in order to capture the handshake to crack, which would be noticable.


    Besides you need to look at your requirements. Firewalla already does device presence detection and alerts on new devices, so it will already see if a new unknown device joins the network

    Marc