NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Outbound traffic to Amazon space
Hello, I am wondering why my Orbi AC2200 unit (running latest firmware as of 2/23/2020, RBR20) is constantly making outbound connections to the Amazon space (52.0.0.0/11) over SSL/443. The home ...
Thank you for this thread ... I thought I was going crazy looking at my PA-220 logs and seeing all this traffic. I have a very similar setup as you. Going to add those to my pi-hole blacklists too. The Satellite is making outbound calls too and not just the router in AP mode.
After mocking around, here is my final list of rules with FQDNs/subnet to block/allow (in the top-bottom order, src: Orbi router + satellite):
ALLOW:
www.netgear.com AppID: ping
DENY ANY:
devicelocation.ngxcld.com
fw.updates1.netgear.com
genieremote.netgear.com
http.fw.updates1.netgear.com
peernetwork.netgear.com
presence.ngxcld.com
readycloud.netgear.com
readyshare.netgear.com
registration.ngxcld.com
updates1.netgear.comDENY: 52.0.0.0/11 AppID: Any
DENY: AppIDs: aws-iot, ftp, ping, ssl, web-browsing
this is great, thanks! I just set mine up. Do you see this destination in your PA logs for ICMP?
( addr.dst in 192.168.0.120 )I can only assume that perhaps the wifi backhaul is using that address; however, I cannot see anywhere in the WebUI configuration or general documentation that says what network it uses for backhaul connectivity between router and satellite Orbi. I have the AX6000 series devices.
Thanks!
The Orbi WiFi backhaul is a 5G radio link directly between the router and satellite. Since it is encrypted in a WiFi signal, I doubt very much that this traffic will be "capturable". (word?)
