Just purchased RT-AX86U. Few Questions (please help).

[jpthsd]

I don't know about privacy, but AiProtection doesn't cripple 500Mbps ISP at all on RT-AC86U. Shouldn't affect RT-AX86U as well, the CPU cores are the same. This is not a true IDS/IPS, but some sort of lightweight router optimized... something. True IDS/IPS like Snort/Suricata needs multi-core i5 CPU.

At some degrees, AiProtection inpsects the traffic and it does affect the overall network traffic ingress & egress! Beside, it does utilize the resources of the router . My experience is whenever AiProtection was enabled, everything's slow, router became sluggish, inoperational and ended up rebooting! I just disabled it!

Install Home Sophos, pay for premium, turn on Windows Firewall to block in&out port and application uses on the workstation PLUS install Microsoft Defender Application Guard (now available for Edge Chrome) ...

 

[ColinTaylor]

@jpthsd I don't know why you keep telling people to turn on their Windows Firewall. It's already be on by default. If you manually turn it off it comes up with a warning and nags you to turn it on again. Nobody else in this thread said anything about the Windows Firewall, let alone turning it off.

 

[Tech9]

My experience is whenever AiProtection was enabled, everything's slow, router became sluggish, inoperational and ended up rebooting!

Not in my experience. The router is flying with AiProtection enabled. Folks around report speeds about 750Mbps. Something else is not right with your setup. About Sophos - your choice. I use pfSense with Suricata, no extra fees. Netgate devices with pfSense Plus are a more expensive to purchase - one time "fee" for guaranteed compatibility and newest features first.

 

[wmmallette47]

Yes, it looks like your WAN IP address is a public address so you should be good with bridge mode.

Use the regular 1Gb WAN port on your router not the 2.5GbE. This is to avoid potential compatibility issues with your particular modem.

Stock firmware is fine as long as it's updated to the latest. It's there. On the left side from the settings front page click the WAN tab, then it will say Internet Connection tab at the top left, screen scroll to the bottom under Special Requirement from ISP... there is a setting to select DHCP query frequency. Try selecting Normal Mode then click the Apply tab.

When I get a little more knowledge, I am sure Merlin will be the way to go.

 

[SoCalReviews]

When I get a little more knowledge, I am sure Merlin will be the way to go.

Yes, make sure things are working right for you with stock firmware. Merlin firmware is another nice option available to you.

 

[wmmallette47]

I would recommend either Quad9 (9.9.9.9 and 149.112.112.112) or Cloudflare Secure (1.1.1.2 and 1.0.0.2) for DNS. Both filter malware sites.

Do you have any thoughts on Quad9 vs. OpenDNS?

 

[wmmallette47]

Yes, make sure things are working right for you with stock firmware. Merlin firmware is another nice option available to you.

Well, one of two things has happened, either my ISP’s issues have cleared up or changing the SSID of the 5G band helped resolve my buffering. We have had no issues with our Ethernet wired TVs or any wireless connections in a week. I’m feeling good about it.

 

[Tech9]

Do you have any thoughts on Quad9 vs. OpenDNS?

OpenDNS allows custom block categories, Quad9 doesn't. Test the latency to closest servers as well. In my area Quad9 is significantly slower than OpenDNS and even worse with DoT. OpenDNS has local servers in my city, Quad9 sends my requests through another country. OpenDNS doesn't have DoT though, if you want DoT. So, basically whatever you prefer and works best for you. CleanBrowsing is another excellent filtering DNS service too.

 

[wmmallette47]

OpenDNS allows custom block categories, Quad9 doesn't. Test the latency to closest servers as well. In my area Quad9 is significantly slower than OpenDNS and even worse with DoT. OpenDNS has local servers in my city, Quad9 sends my requests through another country. OpenDNS doesn't have DoT though, if you want DoT. So, basically whatever you prefer and works best for you. CleanBrowsing is another excellent filtering DNS service too.

Thank you! How do I test the latency? And does Open DNS he8ng located in the US give any concerns over true privacy of information if you choose to have them log info on my network traffic?

 

[Tech9]

How do I test the latency?

GRC's | DNS Nameserver Performance Benchmark

DNS Nameserver Performance Benchmark

www.grc.com

true privacy of information

There is no such thing. If you rely on external services, someone sees your requests. The only way to spread around your browsing history is to use your own DNS resolver - Unbound in AMTM for Asuswrt-Merlin, for example. Different root servers will have only parts of your browsing history.

 

[Paliv]

Not in my experience. The router is flying with AiProtection enabled. Folks around report speeds about 750Mbps. Something else is not right with your setup. About Sophos - your choice. I use pfSense with Suricata, no extra fees. Netgate devices with pfSense Plus are a more expensive to purchase - one time "fee" for guaranteed compatibility and newest features first.

Agreed! On an AX86U I can get an aggregate of about 1200Mbps down with multiple devices speed testing. This will probably depend on which model you have, but AiProtection is pretty lightweight.

 

[wmmallette47]

GRC's | DNS Nameserver Performance Benchmark

DNS Nameserver Performance Benchmark

www.grc.com

There is no such thing. If you rely on external services, someone sees your requests. The only way to spread around your browsing history is to use your own DNS resolver - Unbound in AMTM for Asuswrt-Merlin, for example. Different root servers will have only parts of your browsing history.

I gotcha. I could care less if my third party service sees it. I just don’t want these others using it to track me. I dont want my history to be used to target me for the next political candidate or it to be sold by FB or Amazon to be marketed to in some targeted fashion.

 

[Tech9]

I understand, but you pay with your privacy for services offered for "free", no matter what the company promises on their website.

 

[wmmallette47]

GRC's | DNS Nameserver Performance Benchmark

DNS Nameserver Performance Benchmark

www.grc.com

Does the DNS Benchmark tool on a Mac?

 

[Tech9]

I don't know, sorry. This is a Windows tool only.

 

[wmmallette47]

I don't know, sorry. This is a Windows tool only.

It’s ok. I will likely end up with OpenDNS just for some customization that’s a little easier for a less experienced user.

 

[Tech9]

OpenDNS applies your settings based on your external IP address. Make sure you have OpenDNS Updater running. Read on their website how it works. The service is pretty decent - it's a lightweight version of Cisco Umbrella commercial service. If you choose to enable "Stats and Logs", it offers simple DNS history for your network. You can see what was blocked and for what reason. It also allows custom white/block listing. I personally like it better than Quad9. Some folks around use NextDNS, but it's not a free service. There are many filtering DNS services to choose from. Pick the one you like best.

 

[jsmiddleton4]

? On the two WAN ports. I’m using the 2.5 for WAN. Have a Motorola 8611 with 2.5gb port and I’m at the 1.2 speed on Comcast/Xfinity.

Can I use the 1 gb WAN port as a LAN port?

 

[Paliv]

? On the two WAN ports. I’m using the 2.5 for WAN. Have a Motorola 8611 with 2.5gb port and I’m at the 1.2 speed on Comcast/Xfinity.

Can I use the 1 gb WAN port as a LAN port?

Yes, it should work. I’ve not had a need to try it to be sure, though.

 

[jsmiddleton4]

Yes, it should work. I’ve not had a need to try it to be sure, though.

I'll test it later when we're not working......

Edit: Tried it on break. Works fine. 5 LAN ports and 1 2.5gb WAN port. The R7800 had been my best value router for a long time. Its really something and a great value. Looking like the AX86U about to unseat the R7800.