Discuss Gryphon - the worlds most powerful AI Router.

[Deleted Member 3a5v73x]

Eh, unfortunately costs too much for me, can't afford it to see that beauty in action, but that warnning page is very appealing for some reason, I wouldn't feel "scared" to see it while browsing, in fact, I want now a mango with ice cream for unexplainable reason..

 

[Slyguy]

New Firmware in the pipe for Gryphon. They've been approved for WPA3, that appears to be coming. Current road map is;

1. SSID band selection - August release (55). Currently under final testing.
2. Fortinite scheduling/blocking (application layer 7). August release (55). Currently under final testing.
3. Manual channel selection- Sept release (56). Under development.
4. Manual TX power control. Scheduled for Sept. (56) It will give you option high-medium-low-off
5. More SSID's per Gryphon. Being considered.

I am told there will be other goodies in each firmware release not listed above, it's not an inclusive list. Those are the highlights.

 

[tsunami]

what's the order of filteration here? dns - eset?

 

[Kubla]

I found out a couple of things about the Gryphon, there is a subscription fee you just get the first year for free.

From what I under stand the Gryphon will not connect to any other network wireless extender except another Gryphon so if you have wireless extenders on your network you might need to replace them with Gryphons.

 

[RmG152]

Reading their website, the only advantage I see compared to sophos is the user interface.

 

[Slyguy]

I found out a couple of things about the Gryphon, there is a subscription fee you just get the first year for free.

From what I under stand the Gryphon will not connect to any other network wireless extender except another Gryphon so if you have wireless extenders on your network you might need to replace them with Gryphons.

The fee was gotten rid of. As evident of Amazon sales page and Gryphons updated. There will be no subscription. Gryphon is a mesh system so you need to use it's meshes. Similar to any other mesh system. Extenders are lame and should be avoided anyway.

Reading their website, the only advantage I see compared to sophos is the user interface.

Except the XG costs much more, has a yearly renewal fee, doesn't have AI/ML IPS/IDS, doesn't have anywhere close to the level of parental control and user management (and what it has is limited and/or manual), doesn't work well (if at all) from a mobile device, doesn't use ESET, doesn't have anywhere near the wireless capability or meshing, and depending on the unit, nowhere near the throughput. That aside, they're designed for different markets anyway.

 

[Slyguy]

XG now comes with Sophos ML and sandbox detonation.

I'm aware of Sandstorm and the ML, that's malware focused, not IPS/IDS focused. Still, you are comparing a $199 device to one over double, that requires a yearly renewal and extensive configuration. (in comparison) If you want a full UTM don't be looking at a Gryphon which is really just a Layer 7 'home' UTM-lite with less configuration and hardened from hackers. But on the Gryphon's side, is wireless performance that is absolutely phenomenal and the range is fantastic.

 

[Slyguy]

Site resolution is like this if you have a Gryphon.

DNS->Gryphon URL Inspection(ESET)-->Desktop/Device

So if you use a malware filtering DNS it's always going to get first dibs, followed by Gryphon. To properly test a Gryphon response to a malicious URL you should use an open, unfiltering DNS. But using a filtering DNS is going to provide yet another layer and is recommended.

 

[RmG152]

Except the XG costs much more, has a yearly renewal fee, doesn't have AI/ML IPS/IDS, doesn't have anywhere close to the level of parental control and user management (and what it has is limited and/or manual), doesn't work well (if at all) from a mobile device, doesn't use ESET, doesn't have anywhere near the wireless capability or meshing, and depending on the unit, nowhere near the throughput. That aside, they're designed for different markets anyway.

XG home it's free to use.
XG have IPS and IDS. Idk what is ML.
XG is full user based, you can have parental control if you want, or you can have individually rulsets or all you want.
XG ui it's desktop based 100% yes.
XG uses sophos or/and Avira.
I don't use integrated wifi functions, idk about this. But you have some options.
I use on Chinese computer with i5, 8gb ram and ssd and works like a charm. (260€)

 

[Slyguy]

Once again, different markets, different devices, different capabilities. Sophos home doesn't have anything good like ML and Sandstorm anyway. The AV scanning on UTM's isn't very useful anymore since most malware is delivered over HTTPS. IPS and URL scanning are nice, but XG Home is pretty average. Fortinet is going to be vastly superior if you don't have an XG appliance with Sandstorm and ML, Watchguard beats both with Cylance, Bit Defender, Cyren, Forcepoint, Lastline and Trend Micro techs integrated by default.

Anyway, we're talking about home mesh wifi routers with UTM features that an average joe in the home can utilize without any additional skillset/knowledge. Not Fortinet, Untangle, XG, XG Home, Checkpoint, Watchguard, or whatever. I can talk UTM/NGFW's all day long, it's what I do for a living so I am happy to do that as well.

 

[DeepWeb]

Layer 7 inspection in a home device is pure tinfoil-hatry. It should be doing the opposite and prevent deep packet inspection by ISPs. Then I would buy it.

 

[Slyguy]

Layer 7 inspection in a home device is pure tinfoil-hatry. It should be doing the opposite and prevent deep packet inspection by ISPs. Then I would buy it.

Layer 7 inspection serves a good purpose, such as application level control on your network. In the case of Gryphon, if you want to add playtime limiters to Fortnite, you can do it - L7 provides granular control, but also allows the Gryphon to perform it's AI/ML work by seeing the application layer. I'm not sure what level of DPI it has, I can't SSH in to take a look, but I can ask the primary engineer. It does however provide robust ARP protection, MAC Spoofing protection, RogueAP detection and suppression. Which is quite rare in the home market right now.

Remember though, the focus is on securing networks and devices for the average consumer. Not prosumers or corporate. But from the looks if upcoming firmware patch notes they're adding featuresets more geared toward prosumers.

 

[tsunami]

as per Gryphon...

Gryphon comes with following:
a) Parental control and content filtering: Free for life
b) Whole house Malware protection and Intrusion Detection: Free for 1st year. Requires subscription afterwards.

The subscription also includes:
1) All new services like VPN, Home bound etc.
2) Hardware protection ( will replace hardware if broken when you are under contract)

 

[AtlBo]

But using a filtering DNS is going to provide yet another layer and is recommended.

I have been using Level-3 simply because I read that the servers have a good reputation with their filtering. Is this acceptable or go with the free Open DNS or another?

209.244.0.3
209.244.0.4

as per Gryphon...

Gryphon comes with following:

a) Parental control and content filtering: Free for life

b) Whole house Malware protection and Intrusion Detection: Free for 1st year. Requires subscription afterwards.

These early times with a new product in development are painful. I am ready to pay $10 a month, but I hope this gets sorted out fairly quickly. On the plus side, their partnership with ESET should be very good for Gryphon. I respect ESET's posture through the years and the way they have quietly funnelled security news and bulletins into the private sector without pumping fanfare into their work.

 

[Kubla]

Layer 7 inspection in a home device is pure tinfoil-hatry. It should be doing the opposite and prevent deep packet inspection by ISPs. Then I would buy it.

The gryphon will not protect any device connected to it running a VPN.

But I bet if you have router that allows you to run a VPN on it you could install the gryphon on the router and have the 7 layer protection on all devices connected to the gryphon while protecting against packet sniffing with the VPN.

 

[Kubla]

I found out an interesting bit of news on the Gryphon, and upgrade slated for next month will allow you to create a wired mesh between two Gryphon's so that two Grypon networks are linked and view-able across both networks.

You will either have to run some Cat 6 between them or possibly be able to use a wireless bridge between them to make use of it.

I am going to research the latter myself for my particular setup.

 

[Slyguy]

I found out an interesting bit of news on the Gryphon, and upgrade slated for next month will allow you to create a wired mesh between two Gryphon's so that two Grypon networks are linked and view-able across both networks.

You will either have to run some Cat 6 between them or possibly be able to use a wireless bridge between them to make use of it.

I am going to research the latter myself for my particular setup.

That's the backhaul feature. Basically this reduces weight on mesh networks by allowing a backhaul from the Gryphon to the primary router. (or through a switch) This is identical to enterprise network AP functionality, except in this case, the Gryphon is vastly more powerful than most AP's. Currently Gryphon back hauls over a dedicated 5Ghz radio, this will free up that radio for even better WiFi coverage/speed if someone backhauls from the lan ports on the back of the Gryphon.

There are a couple big firmware updates coming. I am currently helping them debug a couple of issues I found, they've already fixed one of them, the second one I have given them enough datapoints to isolate the issue. Nothing most people wouldn't experience unless they are 1000Mbps or higher and nothing that won't be fixed for the next firmware upgrade.

No UTM/UTM-Like device will protect you through a VPN unless a RCA is installed on the machine to peel apart the VPN traffic, but that's certainly not ideal. You can either allow/block VPN's on most UTM's. Even Fortinet and others because if the UTM could examine VPN traffic then that means the VPN isn't secure. This is why I recommend browser-based VPN's, whereas the device is still protected behind a UTM, but your browsing is encapsulated in a VPN because of the extension.

 

[justme12]

That's the backhaul feature. Basically this reduces weight on mesh networks by allowing a backhaul from the Gryphon to the primary router. (or through a switch) This is identical to enterprise network AP functionality, except in this case, the Gryphon is vastly more powerful than most AP's. Currently Gryphon back hauls over a dedicated 5Ghz radio, this will free up that radio for even better WiFi coverage/speed if someone backhauls from the lan ports on the back of the Gryphon.

There are a couple big firmware updates coming. I am currently helping them debug a couple of issues I found, they've already fixed one of them, the second one I have given them enough datapoints to isolate the issue. Nothing most people wouldn't experience unless they are 1000Mbps or higher and nothing that won't be fixed for the next firmware upgrade.

No UTM/UTM-Like device will protect you through a VPN unless a RCA is installed on the machine to peel apart the VPN traffic, but that's certainly not ideal. You can either allow/block VPN's on most UTM's. Even Fortinet and others because if the UTM could examine VPN traffic then that means the VPN isn't secure. This is why I recommend browser-based VPN's, whereas the device is still protected behind a UTM, but your browsing is encapsulated in a VPN because of the extension.

Still undecided on the Gryphon because of VPN usage. I use a desktop VPN with kill switch. VPN NOT on router.
If I understand your comment, the device will still be protected ?

 

[PC_Load_Letter]

I have one and have been using it for about 5 months now. Amazing device and they do keep security at the forefront of everything. The owner is responsive to suggestions but again if it compromises security he will not add it. I can say that SlyGuys hype is well justified and I could not be happier.

I have a 2600 sqft home and a decent yard. I can be out back at my fire pit and still be connected. I only have a single Gryphon in my house but I placed it strategically and have been happy.

My Gryphon replaced an ASUS AC3100 running Merlin and it blows it away. Being a CISCO guy I like to have control and that is the only thing I have given up with this device but I don't have to worry when I travel that my wife will be left with no internet. It is easy for her to configure in case there is an outage.

I did a lot of research before I bought this and could not be happier with it. Yes, I compared it against all competing home devices and none of them come close in software and hardware.

I am glad they did not go with Kaspersky, they are not a bad product but there is way too much controversy around it and many in our industry will or do work with the government.

I do have a software-based VPN I use on a home PC every now and then for whatever reason but can easily turn it off and enjoy the full benefits of Gryphon. This router is a joy to use and I look forward to the updates as they come out. It is blazing fast and I have kids that crush it with online games and videos. I have seen no latency in my connection.

SlyGuy you are dead on. Keep up the good work.

I am not affiliated with Gryphon in any way, just one HAPPY customer!

 

[Slyguy]

Agreed. Gryphon is so far ahead of anything else in the marketplace right now it's not even funny.

There just aren't any open ports on Gryphon to compromise. No Web facing GUI. No SSH/Telnet, nothing. It's all done over encrypted channels between your authorized smart phone and the device. What's to hack? Nothing to be honest. Since there are no 'defaults' of anything, the average joe really isn't exposed in any way. Good things keep coming to the Gryphon and I expect that to continue to be the case.

As with everything, there ARE things I do not agree with regarding Gryphon. For example you cannot use a local subnet DNS server (Pi-Hole, etc). While you can change the DNS, you can only use external resolvers like Quad9 or GoogleDNS, etc. Not internal ones. So no Pi-Hole with Gryphon which really sucks if you love Pi-Hole. Another area that drives me insane is the inability to assign a different password to 2Ghz vs 5Ghz radius on the local (non-guest) network.

Otherwise, it's a perfect solution IMO and has radios vastly superior to far more expensive enterprise grade APs.