Slyguy

Level 40
Is it possible to turn off admin access from the WAN? I tried to skim back through this thread, and don’t remember seeing a comment on that.
There is no access to the router from the WAN. No SSH, No Telnet, No Web Interface. It tunnels back to the secured AWS bucket, then is accessed through the app. The app is authenticated by your username/password, and a QR code on the bottom of the router. Rendering hacking largely impossible by the layers of security and lack of normal intrusion routes.

As for wifi signal being too strong, Gryphon offers low-power mode, and also the ability to schedule WiFi to be off (such as during sleep).
 

blackice

Level 6
There is no access to the router from the WAN. No SSH, No Telnet, No Web Interface. It tunnels back to the secured AWS bucket, then is accessed through the app. The app is authenticated by your username/password, and a QR code on the bottom of the router. Rendering hacking largely impossible by the layers of security and lack of normal intrusion routes.

As for wifi signal being too strong, Gryphon offers low-power mode, and also the ability to schedule WiFi to be off (such as during sleep).
Okay, I see. I guess my confusion was that their website says you can access the router through the app even when you are not on the network.
 

yarr

Level 2
So I swapped out my old router for the gryphon and I've got to say I'm pleasantly surprised. I'm a big fan of the users menu and the ability to set the thing on a timer. There are so many more useful options then just these things. Being able to block all new devices by default made for really easy setup when it came to categorizing devices and assigning them to users. I can't wait to see what more is in store! I was trying to think of features I would like to see added but they're all just small quality of life type things or customizations. All the big stuff seems to be covered. It was also cool that the CEO emailed me after setup and responded when I let him know about how I was liking it so far.
 

yarr

Level 2
I'm having trouble figuring out how to configure the firewall and port forwarding options. Say for example I wanted to block certain default ports like RDP from being used on all PC's, would that be possible or should I look into a separate hardware firewall or just doing that through the software firewall on the computers? I'm interested in hearing about any tips or profile/device configurations
 
  • Like
Reactions: oldschool

Slyguy

Level 40
Homebound, I assume is a VPN back to the Gryphon itself, and the heavy lifting of security on all devices is being done on the Gryphon, regardless of where you are in the world.

That's actually a significant advancement in home/device security and is quite similar to a corporate VPN, such as Fortinet, where the machines are tunneled (not split) back to the Fortigate device for security operations.
 

blackice

Level 6
There is a rather significant firmware update coming very shortly for Gryphon.

They'll be the first router to block Puffin Browser, which is well known to bypass all UTM/NGFW/Parental Controls. They expanded the VPN blocking for people that want to specifically block VPN's from devices to include all known VPN's.

More importantly, Gryphon will block Ads/Trackers at the router level as a select-able option!

I run my Gryphon in a low-power mode to constrain my WiFi broadcast within a tight parameter around my home. Handy feature there. Also the ability to completely disable WiFi at specific times is a security feature most people won't appreciate. Also the block new devices is more powerful than people realize, and mac spoofing won't even bypass it. (tested)

The previous firmware updates;

What’s new on 56.53?
  • Option to turn off WiFi radio
  • Low power transmission mode
  • Dual Admin support in the mobile application

What’s new for previous release 56.37?

  • Ethernet backhaul for Gryphon mesh network
  • Block new devices on first connection
  • Improved unmanaged device list experience
  • UPnP enable/disable support
  • User selectable Time zone
Is there any word on the new firmware with ad blocking? I asked about DNS over TLS and they said it would be in an upcoming firmware, that would be a super boost if those features were in the same update.
 

blackice

Level 6
It works for me, maybe you have a block list that has the cloudfare IP's on it for some reason or an app that has it.
Try going to 1.1.1.1 in a browser. For me it shows a parental block on an unrestricted account. I checked with 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver and it says I can connect to 1.0.0.1 but not 1.1.1.1. I had the same settings as you, but I think it is falling back to the 1.0.0.1 for resolution. It works but it’s ignoring 1.1.1.1 for some reason. So basically you don’t have a backup dns. Either for blocking the cloudflare app or it is using it for internal resolutions for something.
 

blackice

Level 6
So 1.1.1.1 is just blocked as a site, but works as a dns after working with support. One other question. Has anyone had UPnP work successfully on a console. I prefer to use that to port forwarding since it doesn’t keep the ports open all the time and multiple consoles can be used without conflict. I may have to revert to port forwarding since UPnP always fails. I did contact support, we’ll see what they say.
 

Kubla

Level 6
Try going to 1.1.1.1 in a browser. For me it shows a parental block on an unrestricted account. I checked with 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver and it says I can connect to 1.0.0.1 but not 1.1.1.1. I had the same settings as you, but I think it is falling back to the 1.0.0.1 for resolution. It works but it’s ignoring 1.1.1.1 for some reason. So basically you don’t have a backup dns. Either for blocking the cloudflare app or it is using it for internal resolutions for something.
You are right if I try 1.1.1.1 or 1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver it is indeed blocked.
 

blackice

Level 6
Has anyone else had tremendous problems with the 2.4 band? We are having it drop regularly and it wont even connect until an hour or two after boot. It says the password is wrong and then when it finally works it is SLOW for an hour or so before it works. I wouldn't even use 2.4 but our printer and one other device only have 2.4. Support has been responsive, yet unhelpful. About to just return it and go back to ASUS.