Threat Prevention kills router access. Other router recommendation.

Currently reading
Threat Prevention kills router access. Other router recommendation.

15
6
NAS
DS716+
Router
  1. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I’ve been a Synology user since I first owned a DS214, then upgraded to DS716+ and now a DS720+. I also had an MR2200ac and then upgraded to a WRX560 last year. I love the SRM interface and all the controls.

Recently I’ve been having some major annoyances with Threat Prevention where it kills access and WAN connection to my WRX560 at least once a week, I dont know why. I'm running the latest SRM 1.3.1 update 6. I’ve researched troubleshooting and it seems many others have similar problems with Threat Prevention. I’ve changed out the required USB flash drive to a USB 3.2 and it does perform much better, but I’m still getting an unreachable router at least once a week. Even if I can reach the SRM its extremely slow to respond and launching packages often times just wont launch. I usually have no choice but to cold restart my WRX560 and then completely disable Threat Prevention.

Aside from troubleshooting I’m also looking for advice specifically from Synology aficionados. I’ve been told by other forum mods to post my question in more general networking forums but I’m looking for advice specifically from Synology users and people who love the products. I’m looking to have a backup router but of another brand. As Synology users what brand make model router would you recommend if it weren’t a Synology? Many thanks for any advice.
 
Last edited:
As point of reference. The 3 2600’s I have access to 2x1.3.1-6 and 1 1.2.5 I think) all have TP & ext USB SSD drives of SATA or M.2 varieties.
None have Synology MESH, though one is using an old Linksys as wired access point.
None are having connection issues with anything.

I have had issues where TP would block something, and I’d troubleshoot it this way:
Intentionally do something you think TP is blocking. Then check TP Events for the IP and date&time timestamp that matches your device. If you find one that matches if it is something you think is false positive, create a rule so it will be allowed and give it a name to be easily found if you have to un-do it!😁
 
I have a rt2600ac and experience the same issues like slow response of srm, no wan access or not being able to login to srm. I too had threat prevention as my main suspect. However after disabling threat prevention for a few weeks the same problems occurred.

I setup a task now to reboot the router twice a week to make sure it will reconnect when not at home. But the problem is still there…

In conclusion, threat prevention might not be the issue….
 
Last edited:
Nosy what info you have on that. Telos.
Though I’m not doing Synology mesh am seeing slightly higher CPU use with -6 over -5 on my 2600’s, but memory use remains sbout the same.



One thing -6 does that -5 didn’t:
If you selected the TP non-default setting: to process all packets at all times, as opposed to the default: pass packers unfiltered under high CPU Use. (I’m using what rule is Really saying, instead of the vanilla named text)
Seems to result in more random restarts if set for the process all packets pass no packets unfiltered, the non default mode.
-6 seems to be more sensitive to this than -5 was. However, I only did that on one 2600, so have little data on it. But turning setting back to the default results in fewer random restarts.
 
If I were to get another router I would look at 2 options. On the more pro side, I've seen Ubiquity mentioned a lot. I have not tried it myself and there may be other options out there. But have seen enough positive things that I would look into that.

But more in the space I think youre looking at, I and my friends have used, is Orbi.
 
Thanks for your suggestion. I have considered Ubiquiti Dream Router. I think I was put off by a colleague of mine who said they're crap. I work in tech but this is for my home so I'm def looking for prosumer and not enterprise level which is too complicated and overkill for my needs. I'll do more research on the UDR. Thank again.
 
Fwiw, we have some RT6600ax's, two in mesh and another stand-alone. We're not seeing any of the problems described here. They are not "state-of-the-art" but steady workhorses. We've also had good results with high-end Asus devices. Their support sucks eggs, but the SNB Forums are excellent. There is also custom FW from Merlin worthwhile for those, and the author of the Merlin FW is very involved with the SNB site (small net builders). SNB has forum sections for Asus routers, but also for Synology routers and Synology NAS's, as well as others.

On all of our routers we do a couple of things that may improve longevity and reduce issues:
  1. We elevate the routers above surface by about 1/2" to allow lots of free airflow; and
  2. We schedule ours to reboot daily.
Obviously #2 would be out of the question for emergency services, but even though we run 24/7/365 the 3-4 minutes out for a reboot do not create issues for us.
 
We do it to free the memory and resources of all devices on our LANs, and for security. We also elevate the routers to improve cooling.

We do not reboot the modems daily. Those get rebooted when there's a performance issue, any sort of upgrade, etc.
 
Threat Prevention is a waste of time. Learn how to set your router up and you don't need to run resource heavy crap like that in the background. A router only has so much CPU power, and these are no spring chickens. The less you tax it, the better your network will perform. I tried them when I first got the router and it took about a day to realize all that stuff is complete garbage. My routers are rebooted when there's an update, or a power outage, otherwise they may be up for months.
 
Threat Prevention is a waste of time. Learn how to set your router up and you don't need to run resource heavy crap like that in the background. A router only has so much CPU power, and these are no spring chickens. The less you tax it, the better your network will perform. I tried them when I first got the router and it took about a day to realize all that stuff is complete garbage. My routers are rebooted when there's an update, or a power outage, otherwise they may be up for months.
For most consumer applications that may be correct, however it depends on a couple of things: (1) The individual use case; and (2) the horsepower of the router. For our peculiar situation daily reboots work best and TP, although noisy fits our particular niche and budget. Obviously, YMMV.
 
Isn't TP on Synology just Suricata anyway? I'm fairly sure that it is on the Ubiquiti Dream 'nightmare' Machines.

Nonetheless, it is easy enough to build a VM or dedicated box to handle IDS/IDP anyhow.

I briefly tried the original UDM after my Asus RT-AC86 died, long ago. Gave up trying to make it stable on multiple buggy firmwares, bought a RT2600ac and didn't look back. Though I've not had the issues some have had with TP on Synology routers.
 
I came to 2600/TP from a LINKSYS/Cisco Small Business RVS4000, where I learned how ips can load things down. Not seeing this on 2600, but ISP gives me 200/20, so, Like RVS4000. Maybe I’ve not yet hit the cpu data passing limits yet. Until I do, or ESRAM writes corrupt, I’m happy here, With 2600/TP, and with a spare on shelf for nearly $0, that gives me time to determine “What’s next” if first unit dies.
Come on Mr T, let’s see how you think this is funny!
 
I have a rt2600ac and experience the same issues like slow response of srm, no wan access or not being able to login to srm. I too had threat prevention as my main suspect. However after disabling threat prevention for a few weeks the same problems occurred.

I setup a task now to reboot the router twice a week to make sure it will reconnect when not at home. But the problem is still there…

In conclusion, threat prevention might not be the issue….
One thing I forgot to mention was that we put our USB’s onto short extension cords, 6-12”, to give them free air space for cooling away from the routers. I don’t recall exactly why right now, but I do call we were having some sort of issues with… Threat Prevention. Since then we have not had any issues, and it’s been close to a year.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Don’t have high speed internet to test, but I can confirm that SD Cards can degrade over time. I’m now...
Replies
7
Views
1,237
I’m trying to determine how the new TP settings, that I honestly don’t understand, that I referred to in...
Replies
5
Views
1,604
I've never been a torrent user but I think that it allows for bits of downloads to be retrieved from...
Replies
5
Views
1,679
Fredbert (and others), I had a support ticket in on this, and they told me the issue is indeed related to...
Replies
7
Views
2,174
When deploying a business IDS/IPS it is normal to have a period of tuning (aka baselining) over a few...
Replies
3
Views
3,654
There's two approaches to applying access policies when there more than one engine: in parallel and in...
Replies
0
Views
2,143
Only if that combination is not using split DNS. If that device is in full tunnel, then yes, it's fine. TP...
Replies
3
Views
1,137

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top