bought an ASUS AC-87U Router, do I still need an AV?

Turn on parental controls for your MAC, then block porn, try to hit porn. Does it load?

Also you could load a sandbox, or VM, or Sandboxie and hit some links on CleanMX or Malware Domain List and see if they block.

 

You're right, it didn't block the porn

 

It means that firmware is garbage, and broken.

 

I wouldn't expect much more from manufacturer firmware on a consumer level router. I certainly wouldn't use an Asus router without at least installing Merlin's firmware.

 

Unfortunately also Merlin firmware has its problems... for example QoS and application filtering its partially broken in the last versions (all traffic is categorised as "general") while it seems to work fine in latest official firmware. Lets say you need to assess the bugs in both and then go with the one that best fit your needs.

 

A remarkable achievement by ASUS development team: with just one firmware they manage to break completely parental control and Aiprotection across three different models (68U, 87U and AC3200)

 

LOL! I think they're all drunk

 

I agree, Merlin's latest isn't that good either. In fact I thought Merlin bricked my ASUS, my throughputs dropped, and I eventually had to factory reset it. At this point if you own one, I recommend rolling back to one of the previous, more stable versions. For me, this device is a magnificent WAP! Seriously, we sell $400, $800, $1100 WAP's here all day long, and the ASUS RT-AC series can compete with all of them! Those quad core ARM's are - remarkable.

 

Yes, but its really a pity relegating it to a WAP with such a refined hardware. Its like having a Ferrari and then use it only to go to the grocery store.

I am still hoping for a better firmware from ASUS sometime in the near future.

 

Sort of.. But then realize the quality/reliability of a WAP is paramount in an active wireless environement, so it's not a waste. Turning it into a WAP essentially bypasses most of the firmware, it's almost running in core HW mode, and that proves to me the issues are entirely firmware on this device as it performs so incredibly with most of the firmware turned off in AP mode. ASUS is really becoming a problem with their shoddy software development tacked on to amazing hardware.

 

New Merlin Firmware for RT-AC87U and RT-AC3200 v378.51

Changelog:

Link for AC87U: https://www.mediafire.com/folder/bkfq2a6aebq68//Asuswrt-Merlin

Link for AC3200: https://www.mediafire.com/folder/bkfq2a6aebq68//Asuswrt-Merlin

 

the AC3200 imo sucks at this point in time. i no longer even stock them and got rid of mine. it just had constant issues. and clients hated the disconnects. the 87u is better but still imo has issues. the 86u imo is the most stable out of them and ddwrt runs great on it. and if you are a tmobile cust you can get one for next to nothing and flash it over to a full fledged 86u (does require some work to do this on the newer versions they have you locked out of telnet)

i want to like these new asus routers but just so many issues. i just got the new tp link c9 ac1900 and am now playing with that thing and while it doesnt have the added features of the 87u its rock solid as far as wifi goes with even better range (i have one spot where the 87u just cant stay connected at all the c9 does no problems) not a single reboot and no dropouts at all. just no aftermarket firmware for it yet, once we can get one over to them im hoping for ddwrt at least.

i use an old pc i had laying around for my firewall it works great and cost me nothing.

 

For one, I don't believe you stocked these - I haven't met an IT company that stocked much of anything in ages (and if you don't know why, then you aren't in IT), and I also don't believe you ever owned one. The 86u is an anemic router in comparison to the 87R/U or 3200, and suffers from many of the same firmware issues as all ASUS routers. (ASUS's issue isn't HW, it's FW) For the VAST MAJORITY of people the ASUS is a performer. We recommend them to our corporate clients for home use (T&M), and never have had an issue - just stay with the most stable firmware and forget about it.

Hardware wise, these routers are remarkable, and surpass $1000 WAP's like the FortiAP 320 series, actually in our throughput and load testing the AC87 outperforms the 320, and the 320 is considered a high performance corporate WAP. So let me say - it's ENTIRELY a firmware issue with the ASUS, and that's something they will overcome. 86u is anemic, and even more anemic with that crippled T-Mobile version that nobody in their right mind would waste time trying to flash over to a full 87u because once you factor time you've just blown the cash you saved.

So which firewall do you run on an old PC? Ideally that's what everyone should do, but few people possess the skills to setup and properly configure a Pfsense, Sophos, or Endian. If you don't have a lot of experience in NETWORKING (not IT, IT guys are usually awful at real networking) then it's going to be a nightmare. So that's not an option.. Even a basic UTM isn't an option for most people. Anyone that would like a Layer-5 UTM that has DPI+Malware/URL ASUS w/Trend is almost plug-n-play for the home, and the best option by far. Also if you are running an FW on an old PC, why would you even own an AC3200? Just use AP's, and depending on the solution an AP controller on the UTM. A nice switch off of the PC, and some strategically placed AP's and the world becomes a better place.

Also from a networking point of view... It's actually possible that a stronger, more powerful router/AP actually works WORSE in some environments. RRP can fart pretty badly at times. But channel allocation can be done manually with a proper site survey, and planner. No proper IT company skips a floor plan with planner codes, and wifi overlay maps. Mortal said he lives in a small apartment, he's probably flooding 3 floors of his building with a signal, and multiple RRP overlays - which can cause the dropouts. Interference can range from Co-Channel, Adjacent-Channel and Non-Wi-Fi interference, and then cascade to RRP drop. Remember there are really only THREE true WiFi Channels - every other channel is a co-channel. 1/6/11 are primary non-overlaps. Most consumers don't know this, and RRP is staged for 1-11, set your gear to use only 1/6/11, and co-channel bleed is dropped out.

 

I hated everyday of my life after getting the AC3200. I paid an arm and a leg for a router that cannot even keep a stable connection for more than 60 minutes then disconnects. I waited and waited checking for a new firmware on the ASUS site like 5 to 6 times a day in despair.... just before going toe the computer shop and buying an AC68U again which has been very stable for me before, ASUS release firmware 3.0.0.4.378.4145 and to my surprise, that fixed the disconnections completely. Hadn't had one disconnection since I flashed to that firmware. I didn't even bother trying the latest Merlin Firmware because I'm too scared to break what I already just fixed but it's rock stable now alabeit their new firmware broke the Trend Micro protection, I'd take a router which doesn't disconnect any time of the day over one that has an AV and disconnects. Now I know it's just a matter of time till they also fix their Trend Micro crap that they caused in the new firmware and hopefully keep this stable connection.

 

Aiprotection is back working with this beta build

 

actually i had three in stock on my shelf. i tend to sell higher end routers here. not sure why but people come in asking for the "best" one. so i stock them. otherwise they head over to staples and pay more. and yes i stock other routers. im not a "okay ill order it for you" type of place. i have hardware here 98%+ of the time unless someone wants specific things. i ALWAYS have hardware here to do builds otherwise they can go elsewhere and buy pre made. around here you cant sell what you dont have in stock. and yes i owned the 87. i sold it. when it worked it was an awesome piece of hardware i totally agree with you on that. one of the best currently but i had way to many dropouts and reboots under heavy load i got tired of it. this was even in the next room less than 15 ft away. my archer c7 or c9 or 86u are rock solid. no they are not overall as nice but they are reliable and just work. imo this should have had more time in beta before being released. though thats the way it is with many routers including the others i mentioned those are just rock stable now especially with openwrt or ddwrt running on them. also i do not run the asus firmware on any of them i personally own. i did at first but i actually had less issues with ddwrt running on it. sadly there is no openwrt which i prefer to ddwrt myself. i have been told someone is working on a tomato firmware but i have not seen it yet. also i actually beta test hardware for tp link and netgear (used to for linksys as well before the buyout) and i can say there are times where we suggest not to release yet but they do anyway and they should be in beta longer.

yes i know all about channels and how to set them and how they overlap. trust me im not an idiot.....

no offense but you can believe anything you want. also the tmobile version is not in anyway crippled, with the firmware it comes with.. yes... once flashed over to the 86u or ddwrt no. and yes you can easily flash over if you can hex edit and know how to flash the cfe. hardware wise ITS THE SAME HARDWARE with a crippled FIRMWARE from tmobile. i do not run the asus version at home i am running the tmobile version i can assure you once flashed its exactly the same thing. if you would like more info you are welcome to pm me.

i set up business' and handle networks all the time. so again no offense but you are not the only person on wilders who knows about these things as you seem to think. and before belittling people maybe you should find out more first.

 

as a matter of fact here is all the info you could want to read on how to flash the tmobile version over to an ACTUAL 86u

http://slickdeals.net/forums/showpost.php?p=70991738&postcount=2576

 

I know how flashing T-Mobile's work, but is it really worth the $20 savings? Raw hardware, the 87 and 3200 absolutely kill the 86 - firmware will be fixed - 68 has had a couple years of FW to get where it is.. If you want to see how powerful the 87 and 3200 are put them in AP mode, and toss 40,000 sessions through them with latency diagnostics. It's impressive.. ASUS won't let their flagships suffer with bad firmware for very long.

So what FW Distro are you running on your PC?

 

the tmobile version are free or 25$ for suscribers (depending where you go some stores will still wave the 25$ deposit which is what i did so my version was free and i just have to flash it back before i hand it back to them) so no not a 20$ difference even to buy outright its only 99$ the 86u right now on amazon is 185$ and the same on newegg. so again not a 20$ difference...as far as fw distro's ive messed with ipfire, alpine, untangle, pfSense, clearOs, smoothwall, ipcop among others the two i keep returning to are ipfire, and pfsense. right now im running ipfire, personally i like it a bit more then pfsense.

 

I agree, ipfire over pfsense anyday. Pfsense is a mess if you ask me. Right now Sophos UTM is king though. Surpassing even $20,000+ Fortinets in functionality.

 

i agree which is why every time i go to try pfsense again it doesnt last to long. i end up going back to ipfire. i do know people who run pfsense and love it though. is the sophos fully free to run?

 

Sophos is fully free for SOHO, and you can deploy up to 10 managed AV clients from within without requiring additional licensing. It uses Sophos+Avira engines, has it's own HIPS, utilizes the Web Filtration from the UTM, and is fully configurable from the UTM for all managed clients. Very powerful.

 

In AC87U own router security assessment (the same for all ASUS routers with AiProtection) the UPnP is flagged as a point of concern.

I would be curious to know your approach towards it. What is the best practice around UPnP? UPnP can have its own advantages in automatically sort out connection problems with UPnP aware devices. Is it really essential to disable it? What is the likelihood of been hacked due to UPnP been active for a normal users at home? Not asking about security paranoia setups for which I already know the answer. i.e. first thing to disable

Thanks a lot for your views on this!!

 

I'm wondering the same thing hope Mayahana can answer us.

BTW on my AC3200 there is a bug where even if I disable UpNP it always shows as a concern when I run the security check

 

I run UPnP off, and just punch through anything that complains via port forward or virtual addressing. I wouldn't leave UPnP open.