Question Synology router/ISP’s DMZ?

Currently reading
Question Synology router/ISP’s DMZ?

A quick question please:
Anyone running a Synology router connected to the DMZ of the ISP’s provided junk router (because you can’t bridge it)?

What’s your experience please? Thanks for sharing.
A friend of mine is running it like that. 0 problems. All traffic is being passed onto the Syno router and all controls regarding traffic, firewall etc are there. No particular problems.
 
That’s great news, @Rusty. Thanks.

A follow up question if I may:

Would it be better to get a PfSense instead of a 2600 for some traffic monitoring and intrusion detection, or will I be able to accomplish some of that with the Synology router?

I know that they’re different animals, but I just want some basic intrusion detection, like blocking some outbound/inbound traffic, monitoring and understanding what some of the devices on the LAN are communicating with outside and blocking or adjusting their permissions. VPN capabilities of the 2600 will be good to have too. WiFi is not important. Most likely will be shut off.

I hope I’m making sense and that the 2600 is capable of doing the above.
 
Haven't used pfSense so can't comment on how it compares. With the RT2600ac you'll have a familiar GUI.

For my Internet speeds (can't say about performances on 1Gb lines) I find the combination of Threat Prevention, SRM firewall, and Safe Access to work well. Add that I can open Traffic Control on the web GUI and apply maximum limits/priorities to gaming/streaming devices that are hogging the bandwidth while I'm trying to do work video conf calls.

The Threat Prevention package will be a surprise for what's knocking on your Internet door :) and what it's blocking. I've modified the rules to block anything that's scanning and in low reputation IP groups.
 
That’s great news, @Rusty. Thanks.

A follow up question if I may:

Would it be better to get a PfSense instead of a 2600 for some traffic monitoring and intrusion detection, or will I be able to accomplish some of that with the Synology router?

I know that they’re different animals, but I just want some basic intrusion detection, like blocking some outbound/inbound traffic, monitoring and understanding what some of the devices on the LAN are communicating with outside and blocking or adjusting their permissions. VPN capabilities of the 2600 will be good to have too. WiFi is not important. Most likely will be shut off.

I hope I’m making sense and that the 2600 is capable of doing the above.
All in all, it will work fine. As you said those are 2 separate platforms and pf will offer way more granular options then ips and safe net on syno. Still if you are looking a turn key solution you will have no problem with 2600.

Ips will tax it’s cpu at about 30-50% without vpn active in it (that’s why I have that separated). Also depending on your net speed you will maybe feel that vpn penalty more with ips active as well.

Once activated, over time you might have to tweak the rules a bit but that’s very individual so you will see how it behaves with your needs

Again 2600 is a great all around device that will offer enough options without the need to build a custom pf box or go for some stronger appliances that offer same or better solutions.
 
Excellent. Thank you both for sharing :)

Actually I’d like to stay with the familiar Synology interface. I’m just checking if it’s going to work for what I want.

Can the router show me what traffic is going out of my iPad’s apps? Something like what Little Snitch is doing on the Mac. I’m thinking possible but not as granular as Little Snitch.
 
This isn't directly relevant but is educational on how business-grade firewall vendors view the impact of enabling features: take the base 'firewall' numbers as the best performance in firewall-only mode then see how enabling IPS and more advanced next gen. threat prevention hits it.


It's clear that SRM Threat Prevention on a £200 device can't be doing as deep inspection as these (and you're not paying an annual licence either).
 
Can the router show me what traffic is going out of my iPad’s apps? Something like what Little Snitch is doing on the Mac. I’m thinking possible but not as granular as Little Snitch.
Traffic Control can see real time usage and offers device/application/app category/domain. You can then see historical usage too. Not sure that the applications will be as granular: I can see things like RTMP, Twitch, Amazon, Netflix, SSL, Webex, Cloudflare, other well known online services, and well known Internet service types (e.g. IMAPS).

For real time domain view you'll also see each request and which device, but in historical view this is split to top domains and top devices (and offers detailed lists for all domains and all devices).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Welcome to the forum. Go to the Forums list, then scroll down to find the router section...
Replies
1
Views
243
All. One minute I can see where to post then I look away and its gone (ok down off the page under...
Replies
0
Views
638
  • Locked
  • Sticky
Check the official Synology website for release notes for SRM...
Replies
0
Views
611
I've narrowed it down further. Part of the story is that I couldn't log into my NAS in the normal way...
Replies
3
Views
618
  • Question
The self-signed certificate is created just to enable secure services to work. But you can create a new...
Replies
1
Views
555
ok, just ordered a tp link 2.5g for $29 on amazon. Figured it a brand name and I only need 1g so...
Replies
8
Views
1,171

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top