Slyguy

Level 41
Verified
Has anyone else had tremendous problems with the 2.4 band? We are having it drop regularly and it wont even connect until an hour or two after boot. It says the password is wrong and then when it finally works it is SLOW for an hour or so before it works. I wouldn't even use 2.4 but our printer and one other device only have 2.4. Support has been responsive, yet unhelpful. About to just return it and go back to ASUS.
I've never experienced this. Are there any other devices handing off DHCP on the network? Any other NAT's? I've seen/heard strange issues with Gryphon and switches that are misbehaving, and some channel congestion on some bands, but nothing like that.

Support should get to the bottom of it.
 

blackice

Level 8
Verified
I've never experienced this. Are there any other devices handing off DHCP on the network? Any other NAT's? I've seen/heard strange issues with Gryphon and switches that are misbehaving, and some channel congestion on some bands, but nothing like that.

Support should get to the bottom of it.
I think I figured it out. Non-WiFi baby monitor. The camera broadcasts whether or not the monitor is on. But the auto channel changing on the Gryphon would move in and out of interference. Since you can’t set a channel manually this is problematic.
 
  • Like
Reactions: simmerskool

Slyguy

Level 41
Verified
I think I figured it out. Non-WiFi baby monitor. The camera broadcasts whether or not the monitor is on. But the auto channel changing on the Gryphon would move in and out of interference. Since you can’t set a channel manually this is problematic.
Not having the ability to force a channel use on the Gryphon has been one of my bigger complaints for sure.
 

Slyguy

Level 41
Verified
Bandsteering was the first thing I turned off. I wish I could turn it off on the guest network.

Unfortunately turning it to low power defeats one of the reasons I got it, which was for big coverage.
A few things I really need to see with Gryphon;

1) Ability to turn off guest network
2) Ability to have different passwords for each band.
3) Ability to pin the router to a local DNS server.
4) Ability to assign specific channels. (RRP disable) OR at least the ability to set channel preference range.

I love Gryphon, but I crave the above features as they give me immense power to control my network. I realize though, those are mostly Prosumer features and Gryphon (at this time) isn't a prosumer device for the most part. That may change though.
 

blackice

Level 8
Verified
A few things I really need to see with Gryphon;

1) Ability to turn off guest network
2) Ability to have different passwords for each band.
3) Ability to pin the router to a local DNS server.
4) Ability to assign specific channels. (RRP disable) OR at least the ability to set channel preference range.

I love Gryphon, but I crave the above features as they give me immense power to control my network. I realize though, those are mostly Prosumer features and Gryphon (at this time) isn't a prosumer device for the most part. That may change though.
Yeah I’m still in the return window and am on the fence about sticking with it. I love the security features, but sorely miss prosumer features.
 

Slyguy

Level 41
Verified
It's not so much anti-sumer, there are powerful features in the works. However the initial focus of the device was to get it out there and get people protected, and then expand on the 'advanced' settings as the product evolved.

For security nuts, it's basically a dream because of the fact there really isn't anything hackable on it and it is aggressively pen tested. To even do any testing/debugging they need to ship you a specially configured version of the router. (debug/development unit) Then once it is online you need to provide them with a Teamviewer session to locally (on the same subnet) as the Gryphon to get in and run diagnostics. Even then, they are somewhat limited and it is entirely a CLI endeavor. the logs are wiped constantly and cannot be extracted remotely, etc. The entire IPS engine runs on the Gryphon. The entire filtration database is stored on the Gryphon.

I'd venture to say out of the box it's more secure than most UTM appliances unless those appliances have been gone over by an engineer adept at plugging up potential holes. So for that, it's a dream for many people that require supreme privacy and security. Prosumer features notwithstanding.
 

blackice

Level 8
Verified
I’m curious how the ESET scanning is blocking the ssl tests at wicar? I thought that the web scanning did not include ssl/https scanning. I am assuming I just don’t understand how it works.
 

blackice

Level 8
Verified
I’m curious how the ESET scanning is blocking the ssl tests at wicar? I thought that the web scanning did not include ssl/https scanning. I am assuming I just don’t understand how it works.
To follow up my own question here's the answer I finally got from support: They block at the domain level, so if the https site contains malware they will block the whole website. Testing with wicar.org works because wicar.org is a valid safe domain, when you click for download it redirects to malware.wicar.org.
 
To follow up my own question here's the answer I finally got from support: They block at the domain level, so if the https site contains malware they will block the whole website. Testing with wicar.org works because wicar.org is a valid safe domain, when you click for download it redirects to malware.wicar.org.
The domain is exposed in the network packets despite SSL because it isn't going to be encrypted. A lot of the data in the network packets will be included for encryption, but the domain won't be part of that encrypted data. It'll be available in plain-text, clear as a whistle. Due to this, they can do that.

If you want better network traffic scanning then you'll have to compromise by allowing a solution to push its own TLS/SSL certificates. Otherwise, the best you're going to get is domain level blocking really... unless you use a browser extension, which will have more abilities (e.g. parsing a website document's HTML and client-side scripts).
 

blackice

Level 8
Verified
The domain is exposed in the network packets despite SSL because it isn't going to be encrypted. A lot of the data in the network packets will be included for encryption, but the domain won't be part of that encrypted data. It'll be available in plain-text, clear as a whistle. Due to this, they can do that.

If you want better network traffic scanning then you'll have to compromise by allowing a solution to push its own TLS/SSL certificates. Otherwise, the best you're going to get is domain level blocking really... unless you use a browser extension, which will have more abilities (e.g. parsing a website document's HTML and client-side scripts).
I’m okay with domain level blocking. I found it interesting it will put up a blocked page notice for http sites, but just fails to resolve https. Either way it blocks the download. I hadn’t thought of it blocking it that way. It works for me.
 

Slyguy

Level 41
Verified
The domain is exposed in the network packets despite SSL because it isn't going to be encrypted. A lot of the data in the network packets will be included for encryption, but the domain won't be part of that encrypted data. It'll be available in plain-text, clear as a whistle. Due to this, they can do that.

If you want better network traffic scanning then you'll have to compromise by allowing a solution to push its own TLS/SSL certificates. Otherwise, the best you're going to get is domain level blocking really... unless you use a browser extension, which will have more abilities (e.g. parsing a website document's HTML and client-side scripts).
100% correct, the method in use to block without loading an RC onto a system is to use SNI or server IP, and in some cases both IP and SNI. Generally, once malware is discovered the entire TLD will be blocked. Most UTM's work in such fashion as well.
 

blackice

Level 8
Verified
A few things I really need to see with Gryphon;

1) Ability to turn off guest network
2) Ability to have different passwords for each band.
3) Ability to pin the router to a local DNS server.
4) Ability to assign specific channels. (RRP disable) OR at least the ability to set channel preference range.

I love Gryphon, but I crave the above features as they give me immense power to control my network. I realize though, those are mostly Prosumer features and Gryphon (at this time) isn't a prosumer device for the most part. That may change though.
This thing really does pick some of the worst channels for throughput in our environment. I really want to like it, but it does have a couple big drawbacks. I hate auto channel selection so much.
 

Slyguy

Level 41
Verified
This thing really does pick some of the worst channels for throughput in our environment. I really want to like it, but it does have a couple big drawbacks. I hate auto channel selection so much.
I brought up the auto channel selection quite some time ago. It seems to pick based on strength of offending channel moreso than channel congestion. It used to be worse at this, and seems to have improved a lot lately but still has some improvements I believe. I do know they were testing manual channel selection, and in fact had me on a beta firmware testing it. But at this point it has not been implemented. Hoping for a big update soon!
 

blackice

Level 8
Verified
I brought up the auto channel selection quite some time ago. It seems to pick based on strength of offending channel moreso than channel congestion. It used to be worse at this, and seems to have improved a lot lately but still has some improvements I believe. I do know they were testing manual channel selection, and in fact had me on a beta firmware testing it. But at this point it has not been implemented. Hoping for a big update soon!
I chatted with support and they told me the feature is in the firmware, but there’s no GUI option for it. They don’t want to confuse users. They really should have an advanced mode option either a warning, or something, for users who know what they’re doing.
 

Slyguy

Level 41
Verified
I chatted with support and they told me the feature is in the firmware, but there’s no GUI option for it. They don’t want to confuse users. They really should have an advanced mode option either a warning, or something, for users who know what they’re doing.
It makes sense how it was in there for a beta version. Having an 'advanced' toggle would be very very good.
 

blackice

Level 8
Verified
So the auto channel switching keeps jumping into channels that have interference. Which is probably a deal breaker. I really want to keep the Gryphon, but that's not something we want to deal with constantly.