In the latest firmware updates to a few Deco models, the ability to set up device isolation policies for devices on your network. Our team would like to clarify how the IoT and Device Isolation settings are currently configured for Deco, and how these networks may be set for the best experience.

 

First, What is an Isolated Device?

An Isolated Device is a device that cannot communicate and cannot send data to any non-isolated devices on your network.

 

Isolate Devices Can:	Isolated Devices Cannot:
Access the Internet   Communicate with Other Isolated Devices Across Your IoT, Guest, and Main Networks   Be Controlled Through an Active Internet Connection	Communicate or Transfer Data with Non-Isolated Devices Across Your Network   Be Seen or Controlled Locally via non-isolated Smart Hubs, Border Routers, or Controllers.

 

Why Should I Isolate Devices?

There are many advantages and disadvantages that must be weighed when deciding if isolating devices is appropriate for your network, such as how the device is used and if the device needs to be able to communicate with other devices on the network, such as your phone or smart hub.

 

Pros:

Improved Network Security: Isolating Your Devices will minimize the potential for potential third parties to gain access to data or devices on your network and will limit the impact of a breach or malware to only some devices.

 

Bandwidth Allocations and Network Slowdown: Smart Devices may often consume large portions of your network’s bandwidth. Isolating your devices and placing them on a dedicated IoT network will prevent these devices from affecting the overall performance of the devices connected to your main network and will allow your Deco to better allocate and manage bandwidths for the connections.

 

Privacy and Data Collection: If you are wary of devices and companies gathering information about the other devices that can be seen on the network, or may collect data about your network traffic, placing these devices on a separate SSID will limit the potential reach of any of these devices.

 

Cons:

Convenience: With devices isolated from your main network, you may experience issues if you would like to interact with the device from inside the network, or through a hub that is not isolated.

 

Device Visibility and Hubs: Devices that are isolated from the main network will not be visible as controllable devices and appear unavailable unless sending the commands through a cloud connection. This also applies to smart displays and casting, as you will not be able to cast media from a device on the main network to a device that is either isolated or attached to the SSID of the guest network.

 

Setup Complexity: While the Deco App makes it easy to configure and setup device isolation, the process of isolating a device may cause problems when adding new devices to the network or creating a smart device network, such as through Matter, Thread, or Zigbee – especially if other devices using the protocols have already been placed in isolation.

 

How Can I Isolate Smart Devices from the Main Network?

Option 1: Use the Default Isolation Policies for Deco Guest Networks

By default, the Guest network for Deco Networks will automatically isolate the devices from the main network. Devices connected to the guest network will not be able to discover and see other devices connected to the main Network.

 

Option 2: While Deco is in AP Mode Ensure the “Allow Local Access” Setting is Turned Off 

While a Deco is operating in AP mode, the option to isolate devices from the main network is automatically enabled, and you are given the option to either isolate the guest network or allow local device discovery.

 

When in AP mode, a toggle will appear for “Allow Local Access” in the settings for the Guest Network. While enabled, devices on your guest network are not isolated, and can see the devices on your main network.

 

 

 

Option 3: Using the New Device Isolation Feature in the Deco App

Step 1: Find “Device Isolation” in the Security Tab of the Deco App

For networks supporting the feature*, you can find a menu option added to the bottom of the security screen listed as “Device Isolation,” with a counter of how many devices have isolation settings active. The option to isolate individual devices can also be found within the settings for each device.

 

Step 2: Enable Device Isolation and Select Devices to Isolate

Check the boxes next to the devices that you would like to be isolated from your main network.

 

Be aware that while isolated, these devices can still access the internet and are able to communicate with other isolated devices. However, isolated devices cannot transfer data with devices on your home network.

Allowing Isolated Devices to Communicate with each other will allow Smart Home and IoT devices to use their built-in networking methods to communicate directly with each other.

• For Cloud Integrations, Hubs, and Voice Assistants will be able to still control the device through an active internet connection.
• For Local Integrations and Control, such as Matter or Thread, your controller should be on the same network as your devices. If your Matter devices are isolated, your Smart Hub must also be isolated.

 

  

Does Adding a Device to the IoT Network Automatically Isolate the Device?

No, the IoT network provides a separate SSID to which you can assign different frequencies, encryption methods, and credentials; the IoT network does not provide isolation policies.

Deco Device Isolation Policies are Separate from Your IoT Network. For an IoT Device to be isolated from your other devices, you must add the device to the list of isolated devices in your Deco app.

The main benefit of the Deco’s IoT network is that it can help configure legacy devices that may not support the newest advancements in Wi-Fi, such as beamforming, WPA3, or have issues with specific network settings.

 

Furthermore, placing all of your IoT devices on a Designated Network will allow you to make changes to the settings of your main network without the need to go around to each Smart Device and reconnect it to the Wi-Fi with the newest credentials.

 

*IoT Networks and Device Isolation Policies are Currently Rolling out to Deco’s via the 1.7.0 Firmware Update. If you do not see the option for Device Isolation, please check to see if your Deco is using the most up-to-date firmware and that your model supports the feature by checking the most recent firmware patch notes for your specific hardware version. Additional Models will receive the feature over the coming months. You can find a list of the most recent updates in our Forum Post: Deco Firmware Updates – July 2023

The Device Isolation Feature Requires All Deco Nodes on your network to be compatible with the feature. IoT networks do not require each node to be compatible, however devices will only be able to communicate with the network via devices supporting the IoT network firmware.

 

Interested in Expanding Your Network Security?

Check out the Advantages of HomeShield Pro, which brings among many features, IoT Protection. This feature helps to identify the IoT devices connecting to your network and will monitor their security and traffic while connected to the network – preventing infected devices from sending sensitive information or security threats to clients outside of the network.

Read More About the Protections That Come with HomeShield Pro

Read More About What’s Coming Soon to HomeShield