Skip to main content
Home/Knowledge Base/Firewalla/Parental Controls
+971 58 583 8196

How to Fix Devices Bypassing Firewalla Parental Controls Using MAC Address Randomisation

If parental controls, screen time rules, gaming restrictions, or social media blocks have stopped working, the usual cause is MAC address randomisation. This guide shows how to disable it on trusted home Wi-Fi and use quarantine to stop bypass attempts.

Firewalla overviewFirewalla VPN setup

Overview

If your parental controls, screen time rules, gaming restrictions, or social media blocks have stopped working unexpectedly, the cause is often MAC address randomisation, also known as Private Wi-Fi Address on Apple devices.

This guide explains how to disable MAC randomisation on your home Wi-Fi network and configure a quarantine group so devices cannot bypass parental controls.

Symptoms

You may be experiencing one or more of the following:

  • A child's device appears multiple times in Firewalla
  • Screen time schedules stop working
  • Gaming restrictions are no longer applied
  • Social media blocking stops working
  • A device appears as New Device after reconnecting to Wi-Fi
  • Rules apply to one device entry but not another
  • A child can bypass restrictions by forgetting and rejoining Wi-Fi

Why This Happens

Most firewall-based parental control systems identify devices using their MAC address.

Modern devices can generate a random MAC address for privacy purposes.

If the MAC address changes:

  • The firewall sees a new device
  • Existing parental control rules stay attached to the old device
  • The new device receives no restrictions unless manually configured

The solution is to disable MAC randomisation on your trusted home network.

Step 1: Disable Private Wi-Fi Address on Apple Devices

iPhone and iPad

  1. Open Settings
  2. Tap Wi-Fi
  3. Tap the next to your home Wi-Fi network
  4. Locate Private Wi-Fi Address
  5. Turn it Off
  6. Reconnect to Wi-Fi if prompted

Mac

  1. Open System Settings
  2. Select Wi-Fi
  3. Click Details next to your home Wi-Fi network
  4. Locate Private Wi-Fi Address
  5. Turn it Off
  6. Reconnect if prompted

Step 2: Disable MAC Randomisation on Android Devices

The wording varies by manufacturer.

Look for one of the following:

  • Randomized MAC
  • MAC Randomization
  • Privacy MAC
  • MAC Address Type

Typical Android Process

  1. Open Settings
  2. Open Wi-Fi
  3. Select your home Wi-Fi network
  4. Open network settings
  5. Locate MAC Address Type or Privacy
  6. Change from Randomized MAC to Device MAC or Phone MAC
  7. Reconnect if prompted

Step 3: Confirm the Device Appears Correctly in Firewalla

After reconnecting:

  1. Open the Firewalla app
  2. Navigate to Devices
  3. Locate the device
  4. Confirm only one active device entry exists
  5. Assign the device to the correct user or parental control group

If duplicate devices exist, remove or archive the obsolete entry after confirming which device is active.

Step 4: Create a Quarantine Group

A quarantine group prevents newly discovered devices from bypassing restrictions.

Create a group called:

Quarantine

Any new device should automatically be placed into this group until approved.

Step 5: Configure Quarantine Restrictions

Block:

  • Gaming
  • Social Media
  • Adult Content
  • VPN Services, if required

This allows visitors to use normal internet access while preventing children from gaining unrestricted access by reconnecting as a new device.

Strict Option

Block:

  • All Internet Access

Use this only if you are comfortable manually approving every new device.

Step 6: Enable Automatic Quarantine for New Devices

In Firewalla:

  1. Open Settings
  2. Open New Device Quarantine
  3. Enable quarantine
  4. Select your Quarantine group

Any device that appears with a new MAC address will now be automatically restricted.

Step 7: Test the Setup

To verify everything is working correctly:

  1. Take a child's device
  2. Forget the Wi-Fi network
  3. Reconnect to Wi-Fi
  4. Confirm the device enters the Quarantine group
  5. Confirm gaming and social media restrictions are applied
  6. Disable MAC randomisation
  7. Move the device back to its normal profile

If the device is correctly restricted after reconnecting, the configuration is working as intended.

Privacy Considerations

Disabling Private Wi-Fi Address or MAC Randomisation on your home Wi-Fi network does not normally disable it on other networks.

Most modern devices apply this setting on a per-network basis.

Your device can still use MAC randomisation when connected to:

  • Hotels
  • Airports
  • Coffee shops
  • Public Wi-Fi
  • School networks

You are only disabling it for your trusted home network so that parental controls can function correctly.

Troubleshooting

Device Still Appears Multiple Times

Remove old device entries from Firewalla and verify MAC randomisation is disabled on the active device.

Child Can Still Bypass Restrictions

Check that:

  • New Device Quarantine is enabled
  • The device enters Quarantine automatically
  • Gaming and social media restrictions are active
  • The device has been assigned to the correct parental control profile

Privacy Warning Appears

This is normal.

The warning simply indicates that MAC randomisation is disabled for that Wi-Fi network.

It does not mean your home network is insecure.

Best Practice Summary

For reliable parental controls:

  • Disable Private Wi-Fi Address on Apple devices
  • Disable Randomized MAC on Android devices
  • Create a Quarantine group
  • Automatically quarantine new devices
  • Block gaming and social media for quarantined devices
  • Assign approved devices to the correct parental control profile

Further Reading

Want to understand why this happens? Read: Why Parental Controls Stop Working: A Guide to MAC Address Randomisation

If you are still choosing the right platform, see the Firewalla overview.

Prefer the longer explanatory version? Read Why Parental Controls Stop Working: A Guide to MAC Address Randomisation.