bought an ASUS AC-87U Router, do I still need an AV?

Why not the RT-65u?

 

65u has gone legacy. 66u going legacy this year.

 

Ask Merlin on Twitter

@RMerlinDev

 

Got my 87u up and running. Surprised that trend Micro isn't slowing anything down. Very well implemented.

 

87-U is "QIS" quick internet setup, not so good, or is additional configing required?

 

Quick internet setup is just to set the basics and make you run. You will set the connection (PPPOE, direct connection, etc), router password and wireless setup. Then you will need to set the router features at your wish.

 

My ASUS RT-AC3200 vs RT-AC87U Review:

Firstly, this is not a technical review of both routers. It is simply a user's experience because the specs on paper do not necessarily translate the same way in a real world user's experience.

My first ASUS router was the RT-AC68U which served me well for about a year, but then I am always open to get the latest and greatest if available.

Enter the RT-AC87U, ASUS' latest router and the successor of the RT-AC68U. On paper, it seemed all better, faster speed (1300Mbps for the RT-AC68U vs 1734Mbps for the RT-AC87U, built in Trend Micro AiProtection (sort of an AntiVirus built into the router to protect all connected devices), 4 antennas for the RT-AC87U vs 3 for the RT-AC68U.

Now, on to the problems with the RT-AC87U..... I have never owned a worse router than this one! Great hardware, spoiled by crappy firmware from ASUS!

The problem with the router is it keeps disconnecting randomly if connected to the 5GHz band! I tried every single ASUS firmware to this date and every Merlin firmware and while the latest Merlin firmware 378.50 finally fixed the disconnections on the 5GHz band. My internet seemed slower. Upon running a ping test I noticed that the router has a very high jitter and suffers from severe packet loss. My VPN connection kept disconnecting randomly and gave me terrible download speeds.

Another problem with the RT-AC87U is when connected to the 5GHz band, when I reboot my laptop the laptop wouldn't connect to it automatically and takes about 30 seconds to connect, causing me delay in starting to use my computer and cloud programs such as Dropbox or OneDrive would display an excalamation mark as if there were was no connection. The problem doesn't happen on the 2.4GHz. band but the packet loss on the 2.4GHz band is horrible going above 3% so I had to stick to the dodgy 5 GHz. Band connection.

Just 2 weeks after I purchased this RT-AC87U, I come to learn of an even newer router released by ASUS called the RT-AC3200 so I ordered one for only 1 good feature, it's the ASUS Smart Connect. What Smart Connect does is rather than you having to decide which band would give you better connectivity (the 2.4GHz or the 5GHz), once you connect, it would automatically choose the best band for your device (either the 2.4GHz or one of the two 5GHz band), yes, the AC320 has not one, but two 5GHz bands!

According to ASUS, the RT-AC87U is the fastest router they offer and the RT-AC3200 is just like an overclocked RT-AC68U with a few more features but speed wise the RT-AC87U is the fastest. Not in the real world.

The RT-AC3200 firstly never gave me even one dropped connection even when it was connected on the 5GHz band and that's just using their initial firmware release! Secondly, my laptop would auto connect the moment it boots up unlike the Rt-AC87U where it would take 30 seconds on average to re-connect after a reboot.

Secondly, the RT-AC3200 has two 5GHz bands as opposed to only one on the RT-AC87U thus allowing you to connect more devices to the 5GHz band without crippling the connection.

Another great thing is now with the ASUS Smart Connect technology, I no longer have to keep wondering which band would give me a better connection the 2.4GHz. or the 5GHz. since now all I have in my router is ONE band which I gave an SSID of ASUS and when connected to it, I notice that I get 866.5 MBPS connection speed so it means that the router automatically chose the 5GHz. band for my laptop whilst keeping my mobile devices and tablets connected to the 2.4GHz band.

Everything seemed snappier, webpages load instantly in my browser, downloads were back to being fast and stable with no connection drops just like they did with my old RT-AC68U. Best of all, no more packet loss. As you can see from the below screenshot, I got a B Grade whereas I used to get a D or C grade if I was lucky with the RT-AC87U:

http://i1313.photobucket.com/albums/t557/MaXimus66622/Ping%20Test%20AC3200_zpsdj5ycini.png

Enabling the Trend Micro AiProtection surprisingly does not slow down the connection or browsing nor does it affect the ping or packet loss results.

This is by far, the best router I've ever owned!

Winner: ASUS RT-AC3200

 

Sounds like you had a defective RT-AC87. I've experienced absolutely none of these issues on my own, and any of the 12 I have deployed for other people. Several people here now own them, has anyone else experienced any of those issues? Granted, right now my AC87 is functioning as a WAP.. A very very nice WAP I might add, easily commercial grade in reliability and power. But even then the WAP-Mode it's flawless. We can hit up to 30ish devices connected to the wireless, and never had an issue with the AC87.

It's not entirely impossible to believe you simply got a bad unit.

Right now my gateway is Untangle (Paid). 11.1 they are introducing a 'real' IPS system so I am holding my breath for that. As of right now I have a fairly advanced network with multiple servers, vlans, statics, bandwidth control, HTTPS inspection, routes, and web caching. Quite frankly, the AC87 or any consumer device is too underpowered for what I need to do. But for normal home networks, it's perfect.

 

I can confirm Mayahana experience with the device I have (on default mode - wireless router), no issues whatsoever and still running the official firmware. No disconnection from 5GHz, no packet loss, fast browsing and very responsive. It must be either a defective unit or a wireless adapter not going well with it (unless you got the same problems even with wired devices).

For what it counts ping test here is quality B as well

 

very strange and glad to know that I had a lemon as I was really shocked with my AC87U it gave me nothing but trouble and daily looking for a new firmware.

But also, the reviews I read about it did mention it had flaky 5GHz connectivity and that it's crippled currently by bad ASUS firmware although it has got a lot of potential for being the best as that's what it was designed to be, the flagship of ASUS routers. The RT-AC3200 was not designed to be the best it was designed for people with specific needs who have a lot of devices connected simultaneously but to me it was better maybe because my AC87U was bad to start off with.

PS: Not just me, read this please:

http://forums.smallnetbuilder.com/showthread.php?t=20660

 

BTW Guys, I fail to see the benfits of QoS......like when I am using the net, I want to have full bandwidth.....but if I use QoS, it takes away some of the bandwidth and keeps it in reserve. Why is this great? since I won't be enjoying the full download speed? I wish it was like it would give me the full bandwidth only until another app requests for some bandwidth it would limit me and give them some bandwidth but right now the way I see it is it only limits my own bandwidth

Tried this with my previous AC87U never bothered even with the RT-AC3200

 

That thread is from November. The firmware has largely been fixed, if not entirely fixed by this point. No issues here, and I'm pushing almost 200Mbps through it now.

QOS use depends. I use QOS on Untangle because it is very granular. I don't like QOS on consumer devices, but it serves a purpose. With Untangle I can assign multiple dozens of 'layers' to everything from individual applications, devices, IP addresses, and even subnet restrictions. THAT is QOS how I will use it. Otherwise I just leave it off.

 

Well, the idea is to prioritize streams for best quality, for instance VOIP or video. That said the QoS feature on my Netgear basically cripples the system if I turn it on. I don't know how well it works on the ASUS routers and if it requires tweaking for best results. In any case it may not be a feature you need.

 

I see, just wanted to make sure there isn't anything I'm missing. I don't like the idea to be honest. When I download something, I want it to download at full speed. Although I understand how QoS can be useful in a large network with lots of users downloading and stuff you would wanna limit them. Not for a single user like me though

 

In simple words, it gives priorities to certain traffic as compared to others. Imaging my system or the systems attached are all busy browsing and downloading files from the net while I want to make a VOIP call and be sure it is of a good quality or not interrupted due to my system or others occupying all my available connection. If QoS is set properly (VOIP with higher priority) it will allow me to have my phone call by redistributing the band.

And yes, other are complaining but I see also posts of happy users with the latest official firmware. Its all relative... in a user support forum you are likely to hear more the complaints than the happy users.

And yes, in my previous router (NETGEAR) the QoS did not work at all apart from cutting the band regardless of the traffic.. lol

 

If you want downloads fast, assign priority stream to file transfers.

QOS is important, almost required in business. I use it at home to funnel myself through at maximum speed, and throttle my kids. ;-) Also I use it to de-prioritize downloads, and speed web surfing and streaming. My connection spikes to 190Mbps I could in theory not run QOS, but I like to be granular. Most consumer QOS sucks. ASUS 87+ has the best consumer grade QOS I have seen - but even then I find it no comparison.

 

wouldn't the computers WLAN card need to be updated, to take advantage of the ac speed improvement.

Any easy way to get this info?

 

Hardware must specifically support AC. Unless you have a newer device it likely doesn't support AC.

 

How can I see what my hardware supports?

Found it:

Mine is 1703 802.1 b/g/n.

 

I have a Netgear ProSecure 25, and I still use an AV on all my machines. A gateway AV does not scan flash drives, CD's, or external Hard drives. Also, I think my local AV has always detected more than my gateway AV.

 

How about Ethernet connected (wired), I have Realtek PCIe GBE family controller, would this support the increased speed & dual band on an 'ac' router?

If not any suggestions on replacement card?

 

Agreed. Gateway AV's miss more than they catch, and you can witness this yourself by running simple tests. Untangle with both ClamAV and Bit Defender running RARELY catches actual Bit Defender recognized threats. I think this is largely because of variables...

Proxy vs Flow?
Unpack vs Pass?
Strict AV or PUA+AV?

Also Gateway AV's seem to be singularly focused on newer outbreaks, rather than giant signature databases. Kaspersky UTM will hit on a lot of new stuff, but almost always miss older things while the Kaspersky Endpoint will pick up the older stuff. A lot of Gateway's are focused heavily on 'true' threats, rather than heuristic, marginal, or grey threats, so they will seemingly miss most of those. Finally, obscure packers, and obfuscation techniques can bypass UTM scanners UNLESS you place a 'Deny' rule on if they can't analyze it.

As it sits now, I consider gateway AV's extremely important, but a 'layer'. IMO (and I stress IMO), IPS is the most important aspect of gateway UTM's. This is where the really nasty stuff gets nailed. Fortinet is very good at stopping ATP's on the IPS circuit, ZyXEL is quite good. Untangle? Terrible.. This is a major pain point for me and Untangle, they devalue IPS, which is largely considered by every other IT pro to be the most crucial part. So Untangle is 'trying' to re-write their IPS aspect - it's in beta right now. I WOULD NEVER deploy Untangle in a critical corporate infrastructure environment because the IPS is flat out garbage.

Nutshell: Endpoint security needs to be deployed, even with UTM.

FYI: ASUS isn't a true UTM, it's a Layer 5 FW with DPS, and Trend's URL+DNA engine. But it's probably better at handling outbreaks and malware injecting websites than some commercial UTM's! I'm close to retiring my Untangle, and moving to a 'real' appliance. My USG's were sold off because their throughput is less than my connection now. I'm considering a Fortigate 80D or ZyXEL USG110, potentially others on the list eventually.

 

Mortal you running Bugspersky now?

Funny thing, I actually saw my first 'infected' machines(in this house) in years when I had KAV on these machines for a mere 2-2.5 weeks. I'm beginning to think that product is a farce, and they spend resources on passing tests, rather than actual, true protection. I don't have evidence of this other than Kaspersky himself saying they 'devote resources' to pass tests. But frankly, I found the product a remarkably buggy underperformer.. I have licenses rotting right now.

 

I was about to install it but decided to eat the performance hit of NOD32 and install that and work with ESET to solve the issue as it's the least buggiest AV overall.

I noticed a huge slowdown when launching Adobe CS 6 products with F-Secure even though my whole system was scanned.

Funny you mention this because 50% of the systems I repair that come heavily infected have Kaspersky IS or AV installed. Which makes me think you're statement is spot on, they spend all their efforts to max the AV tests and get 100% or a bit less consistently topping the charts all the time but they don't necessarily translate into real world protection scenarios.

That and the fact that they would blacklist your license after a few installs even on the same system, same OS, same specs and good luck waiting for their customer service to reply and unblock it and they would ask you for proof of purchase yada yada

 

Anyone else notice the Trend AiProtection NOT working any longer on ASUS?

Or is something borked with min? I did 2 factory resets, and reloaded new firmware, and it still won't trigger for ANY malicious websites. It used to trigger nonstop for them.

Can someone else test this?