Slyguy

Level 40
There is a rather significant firmware update coming very shortly for Gryphon.

They'll be the first router to block Puffin Browser, which is well known to bypass all UTM/NGFW/Parental Controls. They expanded the VPN blocking for people that want to specifically block VPN's from devices to include all known VPN's.

More importantly, Gryphon will block Ads/Trackers at the router level as a select-able option!

I run my Gryphon in a low-power mode to constrain my WiFi broadcast within a tight parameter around my home. Handy feature there. Also the ability to completely disable WiFi at specific times is a security feature most people won't appreciate. Also the block new devices is more powerful than people realize, and mac spoofing won't even bypass it. (tested)

The previous firmware updates;

What’s new on 56.53?
  • Option to turn off WiFi radio
  • Low power transmission mode
  • Dual Admin support in the mobile application
What’s new for previous release 56.37?

  • Ethernet backhaul for Gryphon mesh network
  • Block new devices on first connection
  • Improved unmanaged device list experience
  • UPnP enable/disable support
  • User selectable Time zone
 

Agerwaze

New Member
Been following this thread as I'm looking for a new, more secure router. The gryphon looks interesting, thanks for all the info. There actually doesn't seem to be much detail about the product anywhere else.

I'm currently with an ISP in the UK that doesn't provide support for configuring their equipment in 'modem only mode' so I would be forced to set up the Gryphon in bridge mode ie. switch off DHCP and WiFi broadcast in my current router and hook the gryphon downstream.

Would this setup have any disadvantages in terms of security or functionality?
 
  • Like
Reactions: Handsome Recluse

Slyguy

Level 40
Been following this thread as I'm looking for a new, more secure router. The gryphon looks interesting, thanks for all the info. There actually doesn't seem to be much detail about the product anywhere else.

I'm currently with an ISP in the UK that doesn't provide support for configuring their equipment in 'modem only mode' so I would be forced to set up the Gryphon in bridge mode ie. switch off DHCP and WiFi broadcast in my current router and hook the gryphon downstream.

Would this setup have any disadvantages in terms of security or functionality?
No clue, I'd reach out to Gryphon directly and ask this question.

Gryphon support is very good IMO. I read a review where the guy claimed Gryphon's lead engineer flew out to his home to examine why Gryphon wouldn't work as expected in his environment. Crazy! I know they sent me a debug unit because I was having some strange issues which we eventually pinned on the ISP, Gryphon was not liking some HTTPS intercepts my ISP was doing, and once we revealed their activity it magically turned off that day at my ISP.

So they do go above and beyond.
 

Agerwaze

New Member
As an update to this for anyone in a similar situation:

I had, in fact, reached out to Gryphon a few days ago but didn't get a definitive answer about whether there would be a downside to using the router in 'bridge mode'. I did however manage to catch someone online today on their live chat and it was confirmed that the Gryphon would work in the configuration outlined above and that there would be no loss of features or security.

So I'll be buying one of these in the next few days :)
 
  • Haha
Reactions: Handsome Recluse

Agerwaze

New Member
Out of stock in the UK but Gryphon has kindly offered to send a US model. @Slyguy would be awesome to get a rundown of settings that you recommend for hardening if you get a few spare minutes.

In conversation with Gryphon, I mentioned the existence of this thread and recommended they add more technical info to their website.

After asking a couple of questions, I was also informed:

1) Intrusion detection products like fingbox and Firewalla are probably superfluous if you already own a Gryphon -- since it performs those functions inherently.

2) As Slyguy already mentioned, the protection against new devices joining is immune to MAC spoofing. This feature was an important factor in my buying decision so I did ask whether there were other ways to get around this for someone with technical skills. They avoided answering this question, presumably (and understandably) for security reasons. But it does make me less confident in that function now.
 
  • Like
Reactions: Handsome Recluse

esoteric24

Level 1
Met John at RSA. Very nice guy. One thing that was brought to my attention is that you cannot use cloudflare DNS with the router. It has been brought to his attention and he's working on a fix. He looked at my settings, I'm trying as an admin with no restrictions.

210865