Threat Prevention Router reliability with TP in SRM 1.3.1
- Thread starter fredbert
- Start date
- Latest activity Latest activity:
- Replies 40
- Views 6,564
Currently reading
Threat Prevention Router reliability with TP in SRM 1.3.1
Last edited:
My guess? It counts based on each signature's action:
Today's total number of signatures in Misc Attack has jumped to 3585 (up 1152 from yesterday). Again this is a heavily modified class but really this much? If it continues to climb like this then that may explain the issue of router crashes as it may not be capable of loading this many rules, or there may be some bug maintaining the database that isn't clearing out old rules.
- Enabled = Drop or Alert
- Disabled = Do nothing
Today's total number of signatures in Misc Attack has jumped to 3585 (up 1152 from yesterday). Again this is a heavily modified class but really this much? If it continues to climb like this then that may explain the issue of router crashes as it may not be capable of loading this many rules, or there may be some bug maintaining the database that isn't clearing out old rules.
Last edited:
OK... I noticed TP needed update... Longer than usual... 4:28 to update today... (200/20 service-- Actually 100/10, but they made a mistake, and I'll be damned if I'm gonna tell them about it!!!! )
Misc is 2616/2686
and only one Group 10... see....
Hey! For shits, do you want me to put other 2600 back online (1.3.1-1) and see what that gets nightly on ‘Misc’ events?? Arris has 4 outputs and won’t effect other one!!??!!
Misc is 2616/2686
and only one Group 10... see....
-- post merged: --
Hey! For shits, do you want me to put other 2600 back online (1.3.1-1) and see what that gets nightly on ‘Misc’ events?? Arris has 4 outputs and won’t effect other one!!??!!
Last edited:
Please post if you hear anything...
Just spent 4 hours going back and forth between the 2x 2600's,(1 with 1.3.1-1 and other: 1.3.1-2) Both connected to same Modem and LAN, and though Both have identical TP Dated Files and same 160+ User Rules, Both have different amounts of rules per class.... !!
But -- I cannot tell an operational difference between them.....
DS ROUTER says their CPU & RAM are within 2% of each other.... Even with differing number of Rule's.
I'm not planning on upgrading both to 1.3.1-2, in case an issue developes needing a fall back to 1.3.1-1....
But what you bring up is definitely Strange, and it's confirmed here, too!
Just spent 4 hours going back and forth between the 2x 2600's,(1 with 1.3.1-1 and other: 1.3.1-2) Both connected to same Modem and LAN, and though Both have identical TP Dated Files and same 160+ User Rules, Both have different amounts of rules per class.... !!
But -- I cannot tell an operational difference between them.....
DS ROUTER says their CPU & RAM are within 2% of each other.... Even with differing number of Rule's.
I'm not planning on upgrading both to 1.3.1-2, in case an issue developes needing a fall back to 1.3.1-1....
But what you bring up is definitely Strange, and it's confirmed here, too!
Last edited:
I opened up a ticket on TP Rule differences, indicating both 2600 serial numbers (Had to add second one in 'reply')
And asked for more information on the -2 Release Notes statement: Fixed an issue where firewall rules may not work...
Equating that statement to: kicking a Hornet's Nest!!!
And asked for more information on the -2 Release Notes statement: Fixed an issue where firewall rules may not work...
Equating that statement to: kicking a Hornet's Nest!!!
Feedback from Synology Support is that the eMMC flash memory is at the end of its lifespan for read/write and this can cause system errors and instabilities. At the Other Place there is a thread with the same firewall and TP update issues (ok not the duplicate rules) and on new RT6600ax. Sounds too much of a coincidence to be just the eMMC when it afflicts new routers too.
Reserving further emotive comments on the deadness of a four year old router vs price. Trying to be objective about what to replace it with if I have to, and would miss having VPN Plus for mobile access.
Would just note that I was comparing the SRM range and see this for the warranty of the RT2600ac:
No such date for the MR2200ac but the new RT6600ax and WRX560 both state "Synology will provide software updates until Dec 2027, and extended support may be provided.". I guess they still use eMMC and the short* lifetime is factored in and hence the two year warranty.
And some guidance from Synology for extending the working life would be nice. Something about minimising read/write of eMMC by offloading secondary working data, e.g. logs, reports, etc. and impact of using the web interface. Basically to avoid using the eMMC while maintaining the functionality of the enabled features.
*I googled and found mention of about 5 years.
Reserving further emotive comments on the deadness of a four year old router vs price. Trying to be objective about what to replace it with if I have to, and would miss having VPN Plus for mobile access.
Would just note that I was comparing the SRM range and see this for the warranty of the RT2600ac:
No such date for the MR2200ac but the new RT6600ax and WRX560 both state "Synology will provide software updates until Dec 2027, and extended support may be provided.". I guess they still use eMMC and the short* lifetime is factored in and hence the two year warranty.
And some guidance from Synology for extending the working life would be nice. Something about minimising read/write of eMMC by offloading secondary working data, e.g. logs, reports, etc. and impact of using the web interface. Basically to avoid using the eMMC while maintaining the functionality of the enabled features.
*I googled and found mention of about 5 years.
Last edited:
So it’s being blamed on worn out ram?
2600 firmware updates ceases on June 2023?
I am not seeing system errors, or instabilities, and isn’t the area where things doesn’t match IS external ram. ??
Tests for a couple weeks where 2 2600’s were online simultaneously proved that, and, though TP rules lists were not identical— No Operational Differences were noted between the 2 2600’s. I posted that a couple times already.
You did mention strange things. Could we get greater detail for our reference?
Can’t wait to hear my ticket answer!
And I have no reference receipt for one 2600 (repaired from dead, with screw hole cover broken—no Warranty for for me!)
And other, don’t remember when or where it was bought. Shortly after we retired, guessing late 2015-early 2016, which makes my 2600 older than 5 years old!
Maybe the repaired unit should go on shelf and I go back to orig 2600?
But if your info is right, I’ll have to button down my settings by June 2023. Nosy, does that mean nightly TP and your VPN ceases, too?
2600 firmware updates ceases on June 2023?
I am not seeing system errors, or instabilities, and isn’t the area where things doesn’t match IS external ram. ??
Tests for a couple weeks where 2 2600’s were online simultaneously proved that, and, though TP rules lists were not identical— No Operational Differences were noted between the 2 2600’s. I posted that a couple times already.
You did mention strange things. Could we get greater detail for our reference?
Can’t wait to hear my ticket answer!
And I have no reference receipt for one 2600 (repaired from dead, with screw hole cover broken—no Warranty for for me!)
And other, don’t remember when or where it was bought. Shortly after we retired, guessing late 2015-early 2016, which makes my 2600 older than 5 years old!
Maybe the repaired unit should go on shelf and I go back to orig 2600?
But if your info is right, I’ll have to button down my settings by June 2023. Nosy, does that mean nightly TP and your VPN ceases, too?
If they stick to this then there is little reason to buy an RT2600ac now. The MR2200ac was released a couple of years, or os, later and I expected a cut-off statement around 2025, but they missed that off the spec.
Yes that's my understanding, TP uses the System Database which is on the external USB drive. The issue I see is related to data that I'm certain is on the USB drive.
Since ET Open say they mostly update weekdays then there was no TP signature update last night, and so my rule growth also paused.
It's a shame that the latest routers didn't have the ability to insert M2 SSD or such like, thereby bypassing the USB issue (unless it's not specific to USB). That way it would have been possible to have SRM switch from the onboard eMMC and leave it as a fallback option.
Response from Synology is, and I para-phrase, "sorry, you'll need to buy a new router here's a link to UK Synology stockists. Anything else I can help you with?". So they won't investigate the issue of TP updating and making duplicated instances of signatures.
At the moment I don't feel inclined to buy another, given that the RT2600ac is stated to only be supported for another 8 months. And, from googling, the newer SRM routers also use this eMMC soldered on storage, so seems like backing the wrong horse.
@fredbert @Jan Janowski Google brought me here. I was wondering if you ever resolved this.
I ask because I've been having problems for a while now with my RT2600. Essentially all is fine after a reboot, but often overnight I start seeing system unstable messages. This is usually when trying to access network center or the system database. E.g. on the network center it won't get my 'status' or 'internet' will never load and I get a message saying that the system is busy or unstable.
Support have told me they suspect threat prevention is the cause. I have to disable that to see how things go. I was wondering (following your thread) if you stuck with synology routers or went elsewhere? Looking at the unifi UDR as a possible alternative.
I ask because I've been having problems for a while now with my RT2600. Essentially all is fine after a reboot, but often overnight I start seeing system unstable messages. This is usually when trying to access network center or the system database. E.g. on the network center it won't get my 'status' or 'internet' will never load and I get a message saying that the system is busy or unstable.
Support have told me they suspect threat prevention is the cause. I have to disable that to see how things go. I was wondering (following your thread) if you stuck with synology routers or went elsewhere? Looking at the unifi UDR as a possible alternative.
I reset TP ON BOTH 2600 routers. They were both online simultaneously, one being .1 and other .24, with two different sets of WIFI so I could access any of 4 channels.
Both started updating in MISC area as posted before.
Both got to a certain large amount then tapered off, as Support said it would.
Both 2600’s worked identically.
Seeing that being the case, I flipped a nickel and left that one online, and other 2600 is now on shelf as spare. Both of 2600’s having acted identically.
No subsequent power resets have been done, and I’m happy with its operation, and no other issues have developed.
Both started updating in MISC area as posted before.
Both got to a certain large amount then tapered off, as Support said it would.
Both 2600’s worked identically.
Seeing that being the case, I flipped a nickel and left that one online, and other 2600 is now on shelf as spare. Both of 2600’s having acted identically.
No subsequent power resets have been done, and I’m happy with its operation, and no other issues have developed.
thank you for replying. I reset TP yesterday (new USB drive and wiped all of the custom rules I had set up). Sadly this didn't fix things for me. TP was actually running fine, but Synology were blaming it for my 'stability' issues.
My RT2600ac was too unreliable. If I tried to investigate then there was a reasonable chance it would reboot: it was claimed to be end-of-life eMMC. I can't remember the command line I used but it was reporting it had been heavily used.
I didn't have time to rebuild my network with some other vendor kit, so got a RT6600ax. Initially meshed to the MR2200ac, but I've just replaced that with a WRX560.
The RT6600ax still has the issue with ever increasing instances of Misc Attack signatures. Every so often I backup the TP configuration, uninstall TP deleting signatures/keeping log, reinstall TP, restore configuration.
I didn't have time to rebuild my network with some other vendor kit, so got a RT6600ax. Initially meshed to the MR2200ac, but I've just replaced that with a WRX560.
The RT6600ax still has the issue with ever increasing instances of Misc Attack signatures. Every so often I backup the TP configuration, uninstall TP deleting signatures/keeping log, reinstall TP, restore configuration.
Create an account or login to comment
You must be a member in order to leave a comment
Create account
Create an account on our community. It's easy!
Log in
Already have an account? Log in here.
Similar threads
Safe Access
SRM 1.3 new options for Safe Access
Ok. I will have to explore this a little more with my own devices some on 15.7 and others on 16. Thanks...
Welcome to SynoForum.com!
SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.
Registration is free, easy and fast!
Trending threads
-
Install Photo App without enabling Home/Home- Started by Joseb
- Replies: 2
-
-
-
blackvoid Synology Chat - self-hosted and private chat platform- Started by blackvoid
- Replies: 0
-
NAS Compares Seagate 24TB Ironwolf Pro HDD for NAS - Review & Synology NAS Testing- Started by NAS Compares
- Replies: 0
-
Today's Viewer and Drive Server update
- Started by Jan Janowski
- Replies: 0