NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

AmitR's avatar
AmitR
NETGEAR Employee Retired
Apr 24, 2018

OrbiOS 2.1.4 availability

A quick update.  We're about to release an updated version of OrbiOS 2.1.4 in the next few days through our auto-update mechanism for all Orbi models.  When it goes live, you should see a prompt in t...
Installation
Troubleshooting
ZoneMaster's avatar
ZoneMaster
Apprentice
May 04, 2018
In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.

HOWEVER, NG MUST PERFORM VERY THOROUGH & VIGOROUS REGRESSION TESTS TO ENSURE ANY FW CHANGES DON’T IMPACT OR DEGRADE COMMON SERVICES THAT USERS RELY ON!

It does not look like NG does regression testing, when something like mDNS/Bonjour/AirPrint fails so spectacularly.
setham's avatar
setham
Star
May 04, 2018
ZoneMaster wrote:
In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.


I respectfully disagree, for instance, I use the Orbi as an AP, all security protection is handled by my router + pfSense. I definitely do not want an auto-upgrade. I rather do it when I feel confident that will not break my network.

 

Even working as a router, for a particular security update, with the correct knowledge the owner/admin can make the informed call that it does not apply to your particular configuration. I am not saying that there it should not be an auto-upgrade option, I am saying it should be optional. The decision is up to the user,

 

I agree that an auto-update option should/must be enabled by default but with an option of turning it off.

  • Retired_Member's avatar
    Retired_Member
    May 04, 2018
    setham wrote:
    ZoneMaster wrote:
    In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.


    ................... I rather do it when I feel confident that will not break my network.

     

     

    when you figure this out be sure to let us all know.

    • bent_wookie's avatar
      bent_wookie
      Star
      May 04, 2018
      Retired_Member wrote:
      setham wrote:
      ZoneMaster wrote:
      In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.


      ................... I rather do it when I feel confident that will not break my network.

       

       

      when you figure this out be sure to let us all know.

      It was pretty obvious that 2.1.4 had multicast problems within hours of its release. I did whatever I could to avoid updating, and was screwed over anyway. I agree that customers shouldn't be expected to make those kinds of judgements, but until Netgear has a better track record with firmware, the reward of always-up-to-date-firmware isn't worth the risk.

      • ZoneMaster's avatar
        ZoneMaster
        Apprentice
        May 04, 2018

        You miss my main point: NONE OF THESE ISSUES WOULD HAVE HAPPENED IF NG DID THOROUGH REGRESSION TESTING

         

        I am not defending NG. Just saying that NG needs to put more emphasis on RELIABLE upgrades. I have worked for decades in the software industry, & have seen how solid, reliable changes get made & rolled out:

        1. Programmers change & test their code
        2. An independant quality control group performs tests:
          1. Test that the changes work & meet specifications
          2. Regression testing
        3. The tested code is pushed to the end users

        Regression Testing is vitally important. It validates that any new changes don't break existing functionality. NG's failure to properly test their FW is the main problem.

         

        Also, NG's "90 day & then you pay" support is terrible! Heck, Apple (which so many love to compain about) still lets you contact them after 90 days & has a knowledge base for questions & error reports. NH has a paywall & community support!

         

        I have a love/hate relationship with my ORBI. I bought it when Costco first offered them at a discount, & when my AirPort Express died. The thoroughput and coverage were beyond my highest expectations, but repeated FW mistakes have been vexing:

        1. 1.?.?.?? Initial FW = Great performance!!!
        2. 2.0.0.74 Nice new administrative features, but TRASHY performance (drop outes etc)
        3. 2.?.?.?? They fixed the issues with 2.0.0.74
        4. 2.1.4.10 Lost mDNS/Bonjour/AirPrint
        5. 2.1.?.?? TBD. Waiting for the next working version

        However, I want automatic updates, because I want fixes ASAP. I don't want to spend half my life scanning for the "perfect" FW version. The only way to get NG to improve their FW process is NOT to complain here... Let's all start sending copies of these complaints to Consumer Reports & the tech media (PC & Mac magazines).

         

        That being said, I will never recommend any NG product to anyone.

    • setham's avatar
      setham
      Star
      May 04, 2018
      Retired_Member wrote:
      setham wrote:
      ZoneMaster wrote:
      In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.


      ................... I rather do it when I feel confident that will not break my network.

       

       

      when you figure this out be sure to let us all know.

      No need to wait. I already figured it out for my LAN. It is stable and I rather do not let the Orbis auto-upgrade

  • netadmn's avatar
    netadmn
    Apprentice
    May 05, 2018
    setham wrote:
    ZoneMaster wrote:
    In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.


     

    I agree that an auto-update option should/must be enabled by default but with an option of turning it off.

    Be smart about it. Roll out slowly to your users so you can get some feedback AFTER regression testing is complete in house. Then schedule the update at a time that is less likely to be busy for most users... say 3AM. I still think the idea of flashing the Orbi LEDs a color/sequence to notify/warn those users would be appropriate. Then they would at least know since these things sit out in plain view. My samsung smarthings hub automatically updates but they generally email me to let me know it's happening and what to expect. 

     

    I guess I'm next going to figure out what update servers samsung uses for thier firmware updates and just block them at my firewall.

    • netadmn's avatar
      netadmn
      Apprentice
      May 05, 2018
      netadmn wrote:

      I guess I'm next going to figure out what update servers netgear uses for thier firmware updates and just block them at my firewall. (fixed samsung -> netgear)


      So it looks like updates1.netgear.com is the domain to block via your favorite dns sinkhole. I just created an alias to point to my pfblockerng alias in pfsense. Easy enough to disable/enable. For everyone else... look into something like       pihole to create your own dns block list. Or, do a nslookup on that domain and create a static route in Orib to a non existent next hop(s)... Problem with this approach is those IPs can and may change often depending on where you are if its a cdn.

       

      updates1.netgear.com

      • netadmn's avatar
        netadmn
        Apprentice
        May 05, 2018

         

        Won't work for me since I'm AP mode but it should work for those in router mode... if you can ping updates1.netgear.com but not after... you know it worked. Trying to FTP to those addresses after (using cli/filezilla) should fail.