Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Threat Prevention Setting in TP/Settings: Network Stability Priority Mode

1,661
332
NAS
DS 718+, 2x-DS 720+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Has anyone (but me) tried the Security Priority Mode (Not Recommended) ???

If so, What have you encountered..... ??? over a long term use ??

Have an idea as to what symptoms you might incur using the NON DEFAULT selection.... but want to compare notes first...
??

PS to this: I'm seeing that over time, 1.3.1-6 usees a bit more CPU % than -5 did...
 
It will depend on your own network traffic and ISP speed, so if for example you have a lot of traffic running TP in Security Priority Mode means every packet must be inspected, rather than it making an "educated guess" and prioritising performance.
If you have a low speed broadband connection, you probably will not see much if any difference, but with a fast fibre connection and aa lot of clients using the connection, they might complain. Best thing to do is try it and see if it works for you, then remember to report back
 
Last edited:
now a clearer post of what I'm doing: After 3-4 months of Security Priority mode.... I've now switched back to the (Suggested) mode... I'll go 3-4 months with this, and report back.....
My ISP supplies me 200/20 so I may not notice anything... and if not, I'll go back and stay with Security Priority Mode....
According to the Program, doesn't say: "Best Guess", but: "Bypass without Filtering"... It was That Wording was what caused me to try this... In the first place!

PS: no obvious CPU or RAM change -6 to -7 (as seen by DS ROUTER)
 
A few days after testing With both routers set up on same ISP Feed.... One 2600 set as TP Suggested, other not... With Exception of IP, and WiFi Channels being different, both set same way (Ext SSD for TP)..
Short or long term testing.... I'm really not seeing any (Obvious) difference between the two settings.... as I switch Phone back & Forth via 5Ghz WiFi using Static IP & DNS to connect to different 2600's...
It could be my ISP Speed.... Or, WiFi connection? Anyone with ISP feeds greater than 200/20 try this comparison?
 
The point is that if you use the security priority mode then packets will be queued until they can be processed. This may impact performance of the router but also the devices that are communicating does to waiting for packets. In business machines you’d spec them to be able to handle the total traffic, not that long ago that would be sizing gateways to process IDS/IPS from a few tens of Mbps to hundreds of Mbps. But now home connections are so much faster than those business connections and home routers are expected to be cheap.

So the choice is to run as a best it can without bottlenecking, or run slow.
 
So the choice is to run as a best it can without bottlenecking, or run slow.

My post then, and remains, and still is: I do not see a difference between the two modes.
Not sure if it’s ISP Speed, or WIFI speed that is masking all this. Would be nice if I knew….
My ISP Limits me to: 200/20. And 5Ghz WiFi limited to 2600 specs
 
So the choice is to run as a best it can without bottlenecking, or run slow.

My post then, and remains, and still is: I do not see a difference between the two modes.
Not sure if it’s ISP Speed, or WIFI speed that is masking all this. Would be nice if I knew….
My ISP Limits me to: 200/20. And 5Ghz WiFi limited to 2600 specs
It is down to the speed of your ISP with only 200Mbps, its not straining the SOC too much so you aren't going to have to worry, if you have a 1Gbps connection, then the SOC on the Router is going to struggle to do Threat protection (IPS) at full gigabit speeds without slowdown.
We went through this debate when Unifi added IPS/IDS to the Unifi Security Gateway and Gateway Pro back in around 2018. And before I had the USG-P I had a Cisco RVS4000 that also had ISD/IPS and with it enabled, internet speed dropped to around 20Mbps. My USG Pro could ope with 1Gbps easily, but switch on IPS and it dropped to 450=550Mbps (And that is rack mounted with a Cavium CPU)
2020-11-02 17.57.07.webp



 
Last edited:
I also had an RSV4000, years ago. (Actually the 2600 replaced RVS4000)
Learned firsthand about how IDS can slow down things. All I got was 18MB with last IDS download.
 
Last edited:
I don’t think we have data sheet numbers that say what the TP (IDS/IPS) supports per router. That’s what I was getting at with security priority mode, it will choke at some point.

When using the network stability mode the idea is to do IDS/IPS while the hardware can sustain it. Then fallback when it can't.

It may not be quite the bandwidth of the pipe that defines the TP threshold. Since this technology works on session setup and the initial packets’ data then it’s more reasonable to say it is based on new connections per second, and you can’t work that out in bps.


It just occurred to me that when using network stability mode then when it switches off scanning then it should alert, and again when it is back on. At least then you would know when your protection is reduced. Maybe it does alert, I’ve never seen it 🤔
 
Last edited:
Actually your idea is a great feature request! That would make this thread in-necessary.

Having gone back and forth on this setting, for months, I can say definitely I have yet to see a difference where one setting is obviously different than the other — that any setting seems either slower or intermittent. I’m going to assume, then it’s my ISP Speeds 200/20 that is the limiting factor….

Referring back to my RSV4000 history, there was no missing the slowdown: In that case ISP changed overall speeds: the IDS Brick wall was immediately seen at a midway point in the ISP upgrade. Turn RVS/IDS off, and I saw all new ISP Speeds.

That sort of results are not seen with either TP switch setting that I observed, at my ISP speeds of 200/20.

ISP recently informed everyone in development (purchased us in May 2020) of maintenance down time last Sunday AM, and prior to that for weeks they were seen changing amps on poles.
After ISP down time system was same (modem dn/up channels, modem boot code, server IP, My IP, speeds same, but pings and jitter fell, and speeds became more consistent), so I might be revisiting this again.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Threat Prevention Non-default TP SETTING
Thanks for your usage. More events here, but fewer on line devices. (Most devices limited to LAN access...
Replies
2
Views
867

Thread Tags

Tags Tags
network

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top