Slyguy

Level 41
Verified
So the auto channel switching keeps jumping into channels that have interference. Which is probably a deal breaker. I really want to keep the Gryphon, but that's not something we want to deal with constantly.
Reach out to support, maybe they have a beta version that has manual channel control. I know the device is fully capable of it, just not the app options.
 
  • Like
Reactions: blackice

simmerskool

Level 7
This is a Layer 7 device, it clearly offers application inspection. So basically, it's the only home UTM with full L7 inspection levels.
Impressive.
do they put any cap on thruput? my ISP finally got around to providing Gbit here, and I discovered that my current home/office meraki router and license caps me around 250 Mbps down. :cry: There's a work around for that, $$$+, which is making the Gryphon a viable candidate when meraki lapses.
 

blackice

Level 8
Verified
do they put any cap on thruput? my ISP finally got around to providing Gbit here, and I discovered that my current home/office meraki router and license caps me around 250 Mbps down. :cry: There's a work around for that, $$$+, which is making the Gryphon a viable candidate when meraki lapses.
I can’t speak to that level of speed, but i definitely have gone to 290 Mbps. However, that’s my limit on my service. I’m pretty sure I’ve seen people say that it can handle gigabit, but don’t hold me to that.
 
  • Like
Reactions: simmerskool

Slyguy

Level 41
Verified
do they put any cap on thruput? my ISP finally got around to providing Gbit here, and I discovered that my current home/office meraki router and license caps me around 250 Mbps down. :cry: There's a work around for that, $$$+, which is making the Gryphon a viable candidate when meraki lapses.
Gryphon can easily handle 1000Mbps, it has the processor and hardware for it. I've run it flawlessly on a Gbit connection for some time now.
 
  • Like
Reactions: simmerskool

Slyguy

Level 41
Verified
Gryphon had a HUGE update today! Also, it now blocks advertisements/trackers as an option - on all devices/users you select. According to the release notes, they also significantly upgraded the web filtration and other aspects.

Gryphon Connect App Enhancements

216770


Screen time improvements:
  • Set different daily schedules for bedtime, homework time – bedtime for weekdays and weekends can be different
  • Set Internet time limits per day
  • New option to easily add reward time for doing chores
Ad Blocker:
  • Option to block ads for each user
  • The setting is under the detailed setting for each user profile
  • This can be turned on some users and not for others
Other changes:
  • Stealth mode option to eliminate Gryphon website notice when internet access is blocked
  • Improvements to allow for manually adding websites to block lists and white lists
  • Security improvements for WiFi connected devices
  • Support for DDNS
  • Content filtering database update
  • Other bug fixes and improvements
  • Manage site access directly from the app – you can check the access rights of a particular domain for a user and customize according to your preference
  • Browsing History enhancement include list view, clickable URL to take you to the site, and changing domain access
 

Slyguy

Level 41
Verified
I ran some tests on the Gryphon for ad-blocking and I am impressed. It seems quite a bit better than Adguard DNS, and basically - depending on the site, as good as uBlock except in the case of page reformatting ublock does after blocking, which of course a router isn't going to do.. I was surprised at how well it filtered ad-laden sites like Fox news.

Here's a shot with absolutely no ad-blocking other than Gryphon.

216771
 

Slyguy

Level 41
Verified
Another Gryphon breaking news, and this is huge. Basically it nests all of your devices behind Gryphon Security and Parental Controls regardless of where they are in the world. Homebound is a big one for me, I've been waiting for it. As I need our roaming devices behind the Gryphon to help filter just, and well - now it will also filter ads on mobile devices. :)

Introducing Gryphon HomeBound®
Stay Connected to the Gryphon Network and Protected by it Wherever You Go

216773


The Gryphon HomeBound® utility is now available to download and install on up to five smartphones from the App Store or Google Play Store (available within days). Stay connected to the Gryphon Network and protected by it even if your device is switched to cellular data or using a different WiFi network.
  • All traffic on the mobile device gets routed back to Gryphon before going out to the Internet
  • Works for all parental control features and malware protection for the smartphone with HomeBound installed
  • Helps to encrypt your data and protect your privacy on public WiFi hotspots
  • Free for three months and then an introductory $4.99 per month
Installing Gryphon HomeBound:
  1. Install the Gryphon Router and the Gryphon Connect App on the account admin's mobile device.
  2. Download and install Gryphon HomeBound on the mobile device to be managed.
  3. On the new mobile device to be managed, open Gryphon HomeBound and scan the QR code located under the Gryphon Router.
  4. On the account admin’s mobile device, open Gryphon Connect App and approve the new Gryphon HomeBound enabled mobile device.
 

blackice

Level 8
Verified
Another Gryphon breaking news, and this is huge. Basically it nests all of your devices behind Gryphon Security and Parental Controls regardless of where they are in the world. Homebound is a big one for me, I've been waiting for it. As I need our roaming devices behind the Gryphon to help filter just, and well - now it will also filter ads on mobile devices. :)

Introducing Gryphon HomeBound®
Stay Connected to the Gryphon Network and Protected by it Wherever You Go

View attachment 216773

The Gryphon HomeBound® utility is now available to download and install on up to five smartphones from the App Store or Google Play Store (available within days). Stay connected to the Gryphon Network and protected by it even if your device is switched to cellular data or using a different WiFi network.
  • All traffic on the mobile device gets routed back to Gryphon before going out to the Internet
  • Works for all parental control features and malware protection for the smartphone with HomeBound installed
  • Helps to encrypt your data and protect your privacy on public WiFi hotspots
  • Free for three months and then an introductory $4.99 per month
Installing Gryphon HomeBound:
  1. Install the Gryphon Router and the Gryphon Connect App on the account admin's mobile device.
  2. Download and install Gryphon HomeBound on the mobile device to be managed.
  3. On the new mobile device to be managed, open Gryphon HomeBound and scan the QR code located under the Gryphon Router.
  4. On the account admin’s mobile device, open Gryphon Connect App and approve the new Gryphon HomeBound enabled mobile device.
I would be more excited for this if it weren’t for slow upload speeds and data caps from ISPs in my area.
 

blackice

Level 8
Verified
Gryphon had a HUGE update today! Also, it now blocks advertisements/trackers as an option - on all devices/users you select. According to the release notes, they also significantly upgraded the web filtration and other aspects.

Gryphon Connect App Enhancements

View attachment 216770

Screen time improvements:
  • Set different daily schedules for bedtime, homework time – bedtime for weekdays and weekends can be different
  • Set Internet time limits per day
  • New option to easily add reward time for doing chores
Ad Blocker:
  • Option to block ads for each user
  • The setting is under the detailed setting for each user profile
  • This can be turned on some users and not for others
Other changes:
  • Stealth mode option to eliminate Gryphon website notice when internet access is blocked
  • Improvements to allow for manually adding websites to block lists and white lists
  • Security improvements for WiFi connected devices
  • Support for DDNS
  • Content filtering database update
  • Other bug fixes and improvements
  • Manage site access directly from the app – you can check the access rights of a particular domain for a user and customize according to your preference
  • Browsing History enhancement include list view, clickable URL to take you to the site, and changing domain access
I can’t wait for my firmware update tonight. Going to wake up ad free.
 

Slyguy

Level 41
Verified
Homebound is going really really well for me. I was skeptical. Mostly because VPN apps seem to have trouble switching from connection on/connection off, and LAN vs external of the location. (Anyone that has used Forticlient VPN and/or Untangle OVPN Server can attest to that!) So far, Homebound is flawless - when you are home it totally shuts itself off. When you drive away from your home it immediately comes up and connects back home through the VPN. Keeping in mind Homebound basically enables a VPN server on your Gryphon, it's not actually connecting to a third party VPN - so in reality, it's way more secure and safer in that Gryphon doesn't really log, and you know where your connection is going rather than some questionable third party.

Also I like the fact that it makes sure my roaming devices have adblocking and anti-malware on the go. So far so good. I haven't tested battery usage or other aspects, but I will update this thread as soon as I put it through it's paces over the next days.
 

blackice

Level 8
Verified
After using the ad blocking feature for a while I’ve had some thoughts. It’s aggressive. And quite good at its job. So good in fact that I had to turn it off for my wife because it was blocking desired promo links on review sites for her. I experienced the same thing for promotional emails, but live with it. It takes care of anything the ad blockers don’t. Very good, but very aggressive.
 
  • Like
Reactions: woodrowbone

Slyguy

Level 41
Verified
After using the ad blocking feature for a while I’ve had some thoughts. It’s aggressive. And quite good at its job. So good in fact that I had to turn it off for my wife because it was blocking desired promo links on review sites for her. I experienced the same thing for promotional emails, but live with it. It takes care of anything the ad blockers don’t. Very good, but very aggressive.
Agreed, it's superbly aggressive, almost Pi-Hole level, which is really good! I have whitelisted a couple of sites, that's about it. I love the fact that it blocks some of the most intrusive and aggressive ads and trackers - at the browser level - so that trash never hits our devices.
 

blackice

Level 8
Verified
Agreed, it's superbly aggressive, almost Pi-Hole level, which is really good! I have whitelisted a couple of sites, that's about it. I love the fact that it blocks some of the most intrusive and aggressive ads and trackers - at the browser level - so that trash never hits our devices.
It’s quite good. I didn’t realize you could whitelist.
 
  • Like
  • +Reputation
Reactions: Slyguy and venustus

signupz

New Member
I like this router a lot, but I really want to love it. My issues with it are that you can only see the top level domain in the browsing history of the devices on your network. This is very frustrating! Yeah thanks for telling me they were on YouTube but what exactly were they doing on YouTube. Same with Google okay they were on Google's homepage that's great, thanks for the info. Lol. I don't understand why this more granular information is not available as I'm sure the router is able to see these URLs and it shouldn't be that difficult for them to update the firmware to allow for this.

The app overall could use some more info in places and some enhancements as far as the interface are concerned, organizationally speaking, because I keep forgetting where certain options are. Also their support did not answer an email I sent when I purchase the first one, which was basically saying their marketing advertises one router covering 3000 square feet, I have a 1900 square foot house and I'm not getting coverage in the whole thing so I had to buy another router at full price when I could have got the two router deal from Amazon initially had I known that one wasn't going to cut it.

The lack of support and even a manual, real documentation, or help material definitely concerns me and has been a bit of a PITA to set some things up. And then lastly the homebound app doesn't load on phone startup so how can we realistically expect our children or anyone else to be running the protection of the VPN when it either crashes and or doesn't Auto load on device boot up? These kids today are not like other kids from past Generations they will simply not load the app how could that have not been the first feature of this app to Auto load or at least have the option to Auto load for admin?

Other than these issues it's like a dream to see a home router focused on security right out of the box. I can only hope more companies follow suit and Gryphon continues to upgrade and update this router because I really love the direction they've gone in so far for the most part!

Also, if you didn't set a user for a device like a printer when it first appeared (as I did not for a few things because I didn't realize the control you could have with this feature) How do I change it to a new user group such as 'no internet' like slyguy suggested? Im on android and can't for the life of me seem to do it from the connected devices tab :(

Thank you for the info. I'm pretty sure it was your review of the gryphon that made me buy one in the first place! As far as the user groups are concerned that's the thing I'm having an issue with because normally I do exactly as you recommended to change the group but in this case under group it says unspecified and it won't allow me to tap or click it. ( does nothing when I tap it won't go to the page where I can normally reassign or change the group )

And I did not realize about the certificates required to view anything further than TLD, however cant software like Wireshark do this without needing all of that?

Also very interesting info about the ferrites at the end, what type of attacks would these protect from?

Also, and I really hate to ask because you've been so helpful already, but I'm about to have somebody come and run cat7 between my two units through the attic and I don't really have the time to do the research on what is the best today, so do you think you could provide any recommendations as far as the ethernet cable to get and which of these gas discharge tube network surge protectors? Cost not being a factor as I want this wiring to last a long time. If you don't have the time, I certainly understand but if you could link the ones that you got that would definitely be helpful! Thanks again!
 

blackice

Level 8
Verified
I like this router a lot, but I really want to love it. My issues with it are that you can only see the top level domain in the browsing history of the devices on your network. This is very frustrating! Yeah thanks for telling me they were on YouTube but what exactly were they doing on YouTube. Same with Google okay they were on Google's homepage that's great, thanks for the info. Lol. I don't understand why this more granular information is not available as I'm sure the router is able to see these URLs and it shouldn't be that difficult for them to update the firmware to allow for this.

The app overall could use some more info in places and some enhancements as far as the interface are concerned, organizationally speaking, because I keep forgetting where certain options are. Also their support did not answer an email I sent when I purchase the first one, which was basically saying their marketing advertises one router covering 3000 square feet, I have a 1900 square foot house and I'm not getting coverage in the whole thing so I had to buy another router at full price when I could have got the two router deal from Amazon initially had I known that one wasn't going to cut it.

The lack of support and even a manual, real documentation, or help material definitely concerns me and has been a bit of a PITA to set some things up. And then lastly the homebound app doesn't load on phone startup so how can we realistically expect our children or anyone else to be running the protection of the VPN when it either crashes and or doesn't Auto load on device boot up? These kids today are not like other kids from past Generations they will simply not load the app how could that have not been the first feature of this app to Auto load or at least have the option to Auto load for admin?

Other than these issues it's like a dream to see a home router focused on security right out of the box. I can only hope more companies follow suit and Gryphon continues to upgrade and update this router because I really love the direction they've gone in so far for the most part!
To see specific pages you’d have to break ssl encryption with an installed certificate. Which they don’t have plans to do currently as far as I know.
 

Slyguy

Level 41
Verified
Dashboard in the app will show all devices. Unmanaged, Managed, etc. From there you can click on them and re-group them, block them, scan for vulns, etc.

Homebound seems to have some bugs to work out. It doesn't appear to be mature at this point. I hope they iron it out!

TLD browsing history is normal. Even a 10K Fortinet does TLD. To do anything more intrusive you need to load a root certificate on a device and that is just going to cause so much issues never expect it in a router for homes. It's such a pita, many companies don't even bother doing it with their UTM's. You basically need to break encryption, examine traffic, then repair the encryption to know everything happening at a granular detail. It's just not going to happen.

But yeah, Gryphon is a seriously hardened, generally considered unhackable router for the home. I've got almost all of my relatives on Gryphons and feel like I have done them all a favor because now I don't have to deal with incessant hacking/malware and router updates. A couple recommendations to harden Gryphon from advanced, alternate vector attacks.

1) Put a Material 31 Ferrite Choke on the power supply cord for Gryphon. (bag of them is cheap on Amazon)
2) Put a Network Surge Protector Suppressor on the data line going into the Gryphon. If possible a Gas Discharge Tube unit.
3) Primary runs, longer than 8-10 feet should always use SFTP and AXT shielded cables. Long runs create a measurable inductance at a distance that can used to siphon data or even pulsed to cause an overload.

That, combined with the Gryphon's already locked down state is going to make your home network exceptionally hardened.
 

Tfalwell

New Member
First post here, just wanted to join the conversation. The in-depth discussion on here is what sold me on buying one so thank you guys! So far I'm loving it and I've already got 3 or 4 other friends and family members to purchase them as well!

I have two questions I'm hoping you can help me with.

1. Teamviewer has been working great for me on Gryphon, but recently I'm getting booted off randomly after just a few minutes and Teamviewer doesn't seem to like the way the traffic is being handled and labeled it as corporate usage. Tried Anydesk as well and the same thing happened. Is anyone experiencing this?

2. I have to send a wifi signal to a remote part of my property about a quarter of a mile to a location I use for AirBNB. I was thinking about replacing my Asus routers at both locations with Gryphons at both locations to gain better control over the usage but setting this up, to begin with, was pretty difficult (for me at least). I was wondering if Gryphon would be able to handle this (love my Gryphon but some of the lack of advanced features can be a bit frustrating). The device I'm using to accomplish my wireless bridge is the "Bridge-in-a-Box" by Cambium Networks. (Amazon Product Link for Specs). Any advice here would be great!

Thanks again guys for all of your discussion and help on here. Especially Sly, you've been a great Gryphon ambassador.
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
Friday I got a Gryphon delivered at home (which I had not ordered). So I called my nephew. He is 46 and an early pensionado because he sold his company. He has loads of time (and loads of money). When he takes his mother (my aunt) for lunch once a weak in a classy restaurant, he also picks up my mother (my aunt and mother are both widow, close sisters and best friends). Because he can't do anything wrong (in the eyes of my mother), she always offers him my help.

Because home-IT stuff is now sold by all big consumer chains, the specialty PC shops which had skilled employees who were willing to install stuff (against payment) are all gone out of business in our area. So in those cases my mother of 86 tells him I will help him out.To save time and drive to his place to install something, I asked him to bring it to me, so I can easily configure something for him, without spending hours waiting at his place (for software updates for example). So now he let's IT-stuff be delivered to my home to save him one ride.

When I had set it up at my home it was a piece of cake. But when I took the two gryphons to his place (he has a huge house to Dutch standards), Besides one smart TV, I don't have smart devices in my house (other than smartphones, tablets and PC's) and all of my devices were recognized by Gryphon.

I thought to be clever by naming the Gryphon WIFI network the same and give it the same password, So I would not have to reset all his smart devices. He has a lot of devices and some of them were not recognized. I would have liked an option to display manufacturer name and IP-address in stead unrecognized.

Although Gryphon has "Things" for IoT devices and "TV & Entertainment" the granularity of control is not straight forward. For instance to block some IoT devices going outbound, I can not assign to "Things", because those "Things" devices are still allowed to go outbound. So I ended up assigning fake users for devices which did not match a category or had no reason to go outbound..

My nephew loves smart devices, so he has a robotic vacuum cleaner (because his wife's tiny dog is allergic to stuff), a robotic pool cleaner and a robotic lawn mover. I could not find these categories so I assigned them a fake user ID to limit them going outbound on the internet. Same story with his security cameras which record stuff locally on DVR, They don't need outbound connection either.

The setup looks to be user centric, but you can only assign devices to users. With shared devices you still have a problem. My nephew has a multi device gaming room (being a Max verstappen fan with complete car simulation and an entertainment room (with supersized smart TV. He thought he could manage those shared devices through the Gryphon also.

When using the Gryphon support center (link) for laughs enter the text "How to assign a name to a device" (just do it for fun). This is no advertisement for the intelligence of their Artificial Intelligence security system :giggle:
 
Last edited:

blackice

Level 8
Verified
Friday I got a Gryphon delivered at home (which I had not ordered). So I called my nephew. He is 46 and an early pensionado because he sold his company. He has loads of time (and loads of money). When he takes his mother (my aunt) for lunch once a weak in a classy restaurant, he also picks up my mother (my aunt and mother are both widow, close sisters and best friends). Because he can't do anything wrong (in the eyes of my mother), she always offers him my help.

Because home-IT stuff is now sold by all big consumer chains, the specialty PC shops which had skilled employees who were willing to install stuff (against payment) are all gone out of business in our area. So in those cases my mother of 86 tells him I will help him out.To save time and drive to his place to install something, I asked him to bring it to me, so I can easily configure something for him, without spending hours waiting at his place (for software updates for example). So now he let's IT-stuff be delivered to my home to save him one ride.

When I had set it up at my home it was a piece of cake. But when I took the two gryphons to his place (he has a huge house to Dutch standards), Besides one smart TV, I don't have smart devices in my house (other than smartphones, tablets and PC's) and all of my devices were recognized by Gryphon.

I thought to be clever by naming the Gryphon WIFI network the same and give it the same password, So I would not have to reset all his smart devices. He has a lot of devices and some of them were not recognized. I would have liked an option to display manufacturer name and IP-address in stead unrecognized.

Although Gryphon has "Things" for IoT devices and "TV & Entertainment" the granularity of control is not straight forward. For instance to block some IoT devices going outbound, I can not assign to "Things", because those "Things" devices are still allowed to go outbound. So I ended up assigning fake users for devices which did not match a category or had no reason to go outbound..

My nephew loves smart devices, so he has a robotic vacuum cleaner (because his wife's tiny dog is allergic to stuff), a robotic pool cleaner and a robotic lawn mover. I could not find these categories so I assigned them a fake user ID to limit them going outbound on the internet. Same story with his security cameras which record stuff locally on DVR, They don't need outbound connection either.

The setup looks to be user centric, but you can only assign devices to users. With shared devices you still have a problem. My nephew has a multi device gaming room (being a Max verstappen fan with complete car simulation and an entertainment room (with supersized smart TV. He thought he could manage those shared devices through the Gryphon also.

When using the Gryphon support center (link) for laughs enter the text "How to assign a name to a device" (just do it for fun). This is no advertisement for the intelligence of their Artificial Intelligence security system :giggle:
It has a lot of features and is stupid easy to use, but not many options for advanced users and the control options aren’t fully baked yet. But it’s a killer router.
 

Slyguy

Level 41
Verified
IoT should be assigned to IoT categories of devices not users. If there is no specific category you can choose 'Other'. The reason is, the IoT category uses AI/ML systems to protect IoT devices from strange, unusual and abnormal activity.

Alternatively, you can assign IoT as a computer, then toss it in a user category. This will activate ESET filtration on the IoT in addition to allowing you to control egress from WAN. However with this latest update, if you block internet it ALSO blocks LAN connectivity. This was done for security purposes making a block a true block. But it breaks functionality for me when I want stuff to use LAN but not have WAN access. Hopefully they will change this back or provide options. For now, I assign IoT I do not want dialing home to device type computer, then NO-WAN username. Then I apply all restrictions to it, like Toddler Age, which blocks everything (and I do mean everything). That is a work around now for the change they introduced.

Shared devices really aren't manageable by any smart router because the router has no idea who is logged in. Even corporate UTM's don't even do this. For example in a large company with roaming profiles, a $10,000.00 Fortinet has NO IDEA when the profile changed on an endpoint. No real way around this. So you assign an 'approximate' age range for the average users and leave it at that I guess.
 
  • Like
Reactions: simmerskool