AiProtection web&apps filters to all clients in the network

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

nickie

Occasional Visitor
Hi everyone,

I'm trying to get all the clients that connect to my network to be subject to the web&apps filter of AiProtection. Currently, it seems that each client to be subjected to the web&apps filter needs to be included one by one. Is it possible to state that all clients connected to the network must go through the web&apps filter and select each one individually?

Best wishes
 

L&LD

Part of the Furniture

L&LD

Part of the Furniture

nickie

Occasional Visitor
it's an ac86u running 386_41994.
I was running opendns family safety dns but it seems they are a bit slower than my isp dns (most likely, as they are out of the ISP network and I'm currently in Portugal). I've already considered running merlin but I would prefer run stock as it would automatically update when a new version is released. It would give me more peace of mind.
 

L&LD

Part of the Furniture
'More peace of mind' and 'stock' don't sit well in my head. :)

You may want to review why you think you will get automatic updates with stock too for this aspect.
 

bbunge

Part of the Furniture
it's an ac86u running 386_41994.
I was running opendns family safety dns but it seems they are a bit slower than my isp dns (most likely, as they are out of the ISP network and I'm currently in Portugal). I've already considered running merlin but I would prefer run stock as it would automatically update when a new version is released. It would give me more peace of mind.
There are several other DNS providers that offer Family filters. Cloudflare 1.1.1.3 and 1.0.0.3 is one that works pretty well. The AiProtect/Web Apps & filters is a MAC based service that allows for 64 entries on my AC86U. I can't vouch for it's operation but being MAC based it should be better than trying to block sites via DNS which can be easily by-passed.
The Merlin firmware worked well for me and is feature rich. I switched back to the Asus beta yesterday because I feel the factory firmware provides my family with sufficient security. And I wanted a break from fiddling with the router and get back to enjoying the waning winter months. I have other hobbies besides computers!
 

nickie

Occasional Visitor
There are several other DNS providers that offer Family filters. Cloudflare 1.1.1.3 and 1.0.0.3 is one that works pretty well. The AiProtect/Web Apps & filters is a MAC based service that allows for 64 entries on my AC86U. I can't vouch for it's operation but being MAC based it should be better than trying to block sites via DNS which can be easily by-passed.
The Merlin firmware worked well for me and is feature rich. I switched back to the Asus beta yesterday because I feel the factory firmware provides my family with sufficient security. And I wanted a break from fiddling with the router and get back to enjoying the waning winter months. I have other hobbies besides computers!
Yes, the AiProtection /Web Apps & filters is a MAC-based service that allows for 64 clients. My problem is not really the number of clients, as I have currently about 15. It's the need to define which clients must be subject to the rules, individually. It would be interesting to have an option to have all connected clients go through filters and hence would have a network-wide protection system in place. I'll give it a try and use the Cloudflare 1.1.1.3 and 1.0.0.3 dns and check the hit in performance. Yesterday I changed back to my ISP dns and it seems my network is running a bit snappier when compared with the opendns family safety dns.

I agree with you with the use of alternative firmware. I have no problem using them but currently, I just want peace of mind and a robust system. I'm a longtime ddwrt user and I've grown tired of the almost weekly update of firmware to the newer versions. I ended up going almost every day, several times each day, to the forums to check if newer versions have been posted. Now I'm seeking for something that just works, and is able to serve my security needs with the expected performance. No doubt Rmerlin has much much more features that are likely to be used by the power user, but it seems not to be my case and I don't want to go through the rabbit hole again! Maybe in the future.
 

L&LD

Part of the Furniture
@nickie you would be wrong with your assumptions. :)

About | Asuswrt-Merlin (asuswrt-merlin.net)

Asuswrt-Merlin is an alternative, customized version of that firmware. Developed by Eric Sauvageau, its primary goals are to enhance the existing firmware without bringing any radical changes, and to fix some of the known issues and limitations, while maintaining the same level of performance as the original firmware. This means Asuswrt-Merlin retains full support for NAT acceleration (sometimes referred to as "hardware acceleration"), enhanced NTFS performance (through the proprietary drivers used by Asus from either Paragon or Tuxera), and the Asus exclusive features such as AiCloud or the Trend Micro-powered AiProtection. New feature addition is very low on the list of priorities for this project.
 

bbunge

Part of the Furniture
@nickie you would be wrong with your assumptions. :)

About | Asuswrt-Merlin (asuswrt-merlin.net)
No, we are not wrong. Just of a different opinion which is OK for us. As you are a dedicated and faithful Merlin user maybe you could refrain from unhelpful comments on threads for the Official Asus firmware.

As for "global" filtering the way Web Apps & Filters works it sounds like a good idea for some applications. I managed a network at a church some years ago. Policing the kids was a chore as some of them attended a church school that blocked access to many "inappropriate" web sites. The Kids learned how to use proxies to get to blocked web sites. At the church I set up IP Fire with an IP based filtering system and used a blacklist that included proxies. One Sunday morning the filter caught an attempt to use a proxy. It came from a pastor's office computer. Turned out it was his daughter using his PC. The senior pastor was rebuilding a Mercury Cougar and was surfing for parts. The word filter blocked him from searching for cougar (as it means in some circles an older woman on the prowl).
 

SeriousFamily

Occasional Visitor
you can do some tricky stuff with custom scripts.

you could create another wifi ssid and set a filter only on that one.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top