× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Top Contributors

Content Filtering

It would be great to drill down on the daily Content Filtering Report, to see which connected clients tried to visit blocked sites.  

 

It would also be nice to offer parental controls for the device or connected client browsing history. 

 

The system is amazaing however it needs some additional features to be a reasonable solution for a work from home user with children. 

 

3 Comments
BIG9MM
Apprentice

Looks like my iPhone is getting around the Content Filtering by using a private network setting on the iPhone. No good! How do we fix this?

 

We need a  MAC address white list in the Content Filtering setting. 

 

 

Use private Wi-Fi addresses on iPhone, iPad, iPod touch, and Apple Watch

To improve privacy, your device uses a different MAC address with each Wi-Fi network.

 

To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a Media Access Control (MAC) address. If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device's network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks.

Starting with iOS 14, iPadOS 14, and watchOS 7, your device improves privacy by using a different MAC address for each Wi-Fi network. This unique MAC address is your device's private Wi-Fi address, which it uses for that network only.

In some cases, your device will change its private Wi-Fi address:

schumaku
Guru

Various possible solutions, probably a combination:

 

  1. Add a feature prohibiting random (this is what it is) MAC addresses allow a WiFi association. 
  2. Show up a capture-all page explaining why random MAC are not allowed, and how this can be disabled on iOS, Android, Windows, and MacOS at least. This does not add a big concern as most operators know their network users anyway.
  3. Create a capture-all content filter with the most strict rules set. Allow less strict (or optionally no) CF rules for known and trusted MAC only.

Needless to say, a CF only checking and applying CF filter for known/defined MAC and let all other MAC addesses pass is *****.

schumaku
Guru

Digging a little bit more tells me that CF does apply to all devices, regardless of the MAC address.