How to turn off MAC Address Randomization?

Follow

Comments

3 comments

  • Avatar
    Zeeshan Yousuf

    How parental controls can be effective if kids on their iphone keep using private Mac address? Just bought FWG and trying to find a solution to this issue. Is there an option in FWG to implicitly deny any new Mac address?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @Zeeshan, the best way is always talking to the kids first. If that fails, you should turn on this feature, https://help.firewalla.com/hc/en-us/articles/360058853313-Firewalla-New-Device-Quarantine

    Device quarantine will block all new devices from accessing internet until you approve

    1
    Comment actions Permalink
  • Avatar
    mobius strip

    @Zeeshan in addition to the suggested solution by @Firewalla, I believe 2 other methods can further help with this as well as  give you additional traffic control options:

    A.) Strongest solution for this and securing your networks in general that I’m aware of that’s also relatively practical to implement is: 

    Get a Wi-Fi AP that has both a built-in radius server and VLAN support, and use WPA2-AES (Enterprise) or newer Enterprise Wi-Fi security which is generally the strongest practical way of identifying each unique user on any Wi-Fi network.

    Use this Enterprise security on SSID’s that have user-configurable devices (I.e. non-IOT devices, and put those on a separate VLAN & SSID. Use mdns forwarding between subnets if required).

    I suggest an HP/Aruba IAP access point used from eBay. These are locally controllable/configurable, have a built in RADIUS server, and they do not require license fees in order to download the latest firmware, and while they are no longer being made they are still supported for a few more years.

    OR 

    B.) if you don’t want to use wifi enterprise security, just Get a VLAN aware wireless Access Point and give the kids their own SSID associated with a unique VLAN #. This way firewall rules can just be applied to the entire VLAN of that SSID.

    Requires not telling the kids the password to the other SSID used by the parents on a different VLAN, and making sure the kids cannot get the password from your other devices (e.g. a Wi-Fi password on one unlocked iPhone can be shared with another iPhone/iPad by to holding them next to each other)

    In either case I would still auto quarantine as @Firewalla suggests.

     

     

    1
    Comment actions Permalink

Please sign in to leave a comment.