Question Synology router/ISP’s DMZ?

Currently reading
Question Synology router/ISP’s DMZ?

A quick question please:
Anyone running a Synology router connected to the DMZ of the ISP’s provided junk router (because you can’t bridge it)?

What’s your experience please? Thanks for sharing.
A friend of mine is running it like that. 0 problems. All traffic is being passed onto the Syno router and all controls regarding traffic, firewall etc are there. No particular problems.
 
That’s great news, @Rusty. Thanks.

A follow up question if I may:

Would it be better to get a PfSense instead of a 2600 for some traffic monitoring and intrusion detection, or will I be able to accomplish some of that with the Synology router?

I know that they’re different animals, but I just want some basic intrusion detection, like blocking some outbound/inbound traffic, monitoring and understanding what some of the devices on the LAN are communicating with outside and blocking or adjusting their permissions. VPN capabilities of the 2600 will be good to have too. WiFi is not important. Most likely will be shut off.

I hope I’m making sense and that the 2600 is capable of doing the above.
 
Haven't used pfSense so can't comment on how it compares. With the RT2600ac you'll have a familiar GUI.

For my Internet speeds (can't say about performances on 1Gb lines) I find the combination of Threat Prevention, SRM firewall, and Safe Access to work well. Add that I can open Traffic Control on the web GUI and apply maximum limits/priorities to gaming/streaming devices that are hogging the bandwidth while I'm trying to do work video conf calls.

The Threat Prevention package will be a surprise for what's knocking on your Internet door :) and what it's blocking. I've modified the rules to block anything that's scanning and in low reputation IP groups.
 
That’s great news, @Rusty. Thanks.

A follow up question if I may:

Would it be better to get a PfSense instead of a 2600 for some traffic monitoring and intrusion detection, or will I be able to accomplish some of that with the Synology router?

I know that they’re different animals, but I just want some basic intrusion detection, like blocking some outbound/inbound traffic, monitoring and understanding what some of the devices on the LAN are communicating with outside and blocking or adjusting their permissions. VPN capabilities of the 2600 will be good to have too. WiFi is not important. Most likely will be shut off.

I hope I’m making sense and that the 2600 is capable of doing the above.
All in all, it will work fine. As you said those are 2 separate platforms and pf will offer way more granular options then ips and safe net on syno. Still if you are looking a turn key solution you will have no problem with 2600.

Ips will tax it’s cpu at about 30-50% without vpn active in it (that’s why I have that separated). Also depending on your net speed you will maybe feel that vpn penalty more with ips active as well.

Once activated, over time you might have to tweak the rules a bit but that’s very individual so you will see how it behaves with your needs

Again 2600 is a great all around device that will offer enough options without the need to build a custom pf box or go for some stronger appliances that offer same or better solutions.
 
Excellent. Thank you both for sharing :)

Actually I’d like to stay with the familiar Synology interface. I’m just checking if it’s going to work for what I want.

Can the router show me what traffic is going out of my iPad’s apps? Something like what Little Snitch is doing on the Mac. I’m thinking possible but not as granular as Little Snitch.
 
This isn't directly relevant but is educational on how business-grade firewall vendors view the impact of enabling features: take the base 'firewall' numbers as the best performance in firewall-only mode then see how enabling IPS and more advanced next gen. threat prevention hits it.


It's clear that SRM Threat Prevention on a £200 device can't be doing as deep inspection as these (and you're not paying an annual licence either).
 
Can the router show me what traffic is going out of my iPad’s apps? Something like what Little Snitch is doing on the Mac. I’m thinking possible but not as granular as Little Snitch.
Traffic Control can see real time usage and offers device/application/app category/domain. You can then see historical usage too. Not sure that the applications will be as granular: I can see things like RTMP, Twitch, Amazon, Netflix, SSL, Webex, Cloudflare, other well known online services, and well known Internet service types (e.g. IMAPS).

For real time domain view you'll also see each request and which device, but in historical view this is split to top domains and top devices (and offers detailed lists for all domains and all devices).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I spotted this when you posted it but wasn’t sure it was right. I haven’t seen any mention of TP support...
Replies
11
Views
2,130
Welcome to the forum! What have you tried so far? Try and explain it in detail. Also, what's your ISP in...
Replies
1
Views
931
Oh! Thanks for clarifying that. It also stimulated my memory. I actually pinged Nord tech support about...
Replies
8
Views
5,155
Replies
4
Views
7,630
I run an internal DNS server so that I can have my personal domain resolved internally and it mimics the...
Replies
3
Views
7,941
  • Locked
  • Sticky
Check the official Synology website for release notes for SRM...
Replies
0
Views
350
That was the strange part. I dont recall doing anything differently? As you there are always updates...
Replies
2
Views
750

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top