NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Ablac
May 07, 2017Guide
Orbi and CUJO working together
So I have an Orbi system (2 Sat) and I have a CUJO firewall. I wanted to share with everyone a way to get this working!!! It's quite a pain, but after spending 5 hours on the phone with CUJO support ...
TheEther
May 07, 2017Guru
This is kinda clever but can you explain why simply disabling the DHCP server on the Orbi doesn't work?
- AblacMay 07, 2017Guide
So with the DHCP disabled, Orbi doesn't see the Satellites, because orbi is running on 10.0.0.1 and the satellites are running on 192.168.0.X so when you open Orbi login the satellites do not usually show up, occasionally they will. But you will not be able to update them and have to manually do every update. Also due to the way CUJO works having the satellites running on CUJO DHCP creates a network loop that eventually slows the network down alittle. Let's say you have a device on Sat One with Orbi DHCP disabled and that device tries to connect to the web. Network traffic goes like this, Device Sat Orbi CUJO. Now that same data also goes Sat Orbi Cujo, and then Orbi Cujo a third time so CUJO is filtering the same data multiple times each way. The above way it's only running through once. Because the Satellites are not protected by CUJO, but the data going through them is scanned when it reaches Orbi. Kinda hard to explain, but my network speed increased to 300MBPs in the above method, where it was only 150-200 MBPS in the standard method.
- TheEtherMay 07, 2017Guru
Thanks for replying. I'm not quite seeing how the double/triple looping through the CUJO is happening. I'm assuming that you have your CUJO set up in Direct mode, not Bridge mode.
The following is my understanding of how CUJO works in Direct mode. Normally, the router has its DHCP server disabled and is configured with IP address 10.0.0.1/24. CUJO functions as a DHCP server and hands out addresses in the 192.168.0.X/24 subnet to end devices. End devices see the CUJO as the default gateway with address 192.168.0.1. Therefore, outgoing traffic from devices will be sent to the CUJO as the default gateway. The traffic may even go through the router on its way to the CUJO. The router won't do anything the first time except forward it to the CUJO. The CUJO will NAT the traffic's source address to a 10.0.0.X address and then send the traffic back to the router. This time the router will NAT the traffic a second time before sending it out to the Internet.
Now, let's consider what happens when the router is an Orbi. It's true that the satellites will receive 192.168.0.X addresses, so auto update won't work. Other than that, the satellite's IP address has no bearing on traffic forwarding. That's because devices don't send traffic to the satellite's IP address; the destination IP address on outgoing traffic will be a public IP address. When a device connected to the satellite wants to send traffic to the Internet, it should logically follow the path described above, namely Device->Satellite->Orbi->CUJO->Orbi->Internet. The Orbi router will see the traffic twice, but the CUJO only sees it once, not multiple times.
Obviously the results speak for themselves, but I don't understand how traffic is looping multiple times through the CUJO, nor how the hack stops it.
- AblacJul 24, 2017GuideWhen you disable thw DHCP on the Orbi, you lose the ability to update Orbi over the Orbi interface. As well as the main orbi hub is unable to see the satellite’s. When you set them up under DHCP there able to view the satellite’s receive updates, as well as being protected by CUJO.
- CR-soundJul 24, 2017Aspirant
Not sure that this is quite right...since my cable modem is a router and provides dhcp, I have the orbi in AP mode with the cujo inbetween. If the orbi is not in AP mode, cujo can't see the individual devices, only the orbi main and the cable modem. Cujo is still protecting all Orbi connected devices since it sees the traffic through the orbi main. In terms of updating, Orbi does go out and check for updates and can see the satellites, so think that the AP mode is OK here.