NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
OrbiOS 2.1.4 availability
A quick update. We're about to release an updated version of OrbiOS 2.1.4 in the next few days through our auto-update mechanism for all Orbi models. When it goes live, you should see a prompt in t...
ZoneMaster wrote:
In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.
I respectfully disagree, for instance, I use the Orbi as an AP, all security protection is handled by my router + pfSense. I definitely do not want an auto-upgrade. I rather do it when I feel confident that will not break my network.
Even working as a router, for a particular security update, with the correct knowledge the owner/admin can make the informed call that it does not apply to your particular configuration. I am not saying that there it should not be an auto-upgrade option, I am saying it should be optional. The decision is up to the user,
I agree that an auto-update option should/must be enabled by default but with an option of turning it off.
setham wrote:
ZoneMaster wrote:
In this day & age automatic updates are necessary. There are too many network threats to leave the possibility of a vulnerability being unpatched.
I agree that an auto-update option should/must be enabled by default but with an option of turning it off.
Be smart about it. Roll out slowly to your users so you can get some feedback AFTER regression testing is complete in house. Then schedule the update at a time that is less likely to be busy for most users... say 3AM. I still think the idea of flashing the Orbi LEDs a color/sequence to notify/warn those users would be appropriate. Then they would at least know since these things sit out in plain view. My samsung smarthings hub automatically updates but they generally email me to let me know it's happening and what to expect.
I guess I'm next going to figure out what update servers samsung uses for thier firmware updates and just block them at my firewall.
netadmn wrote:
I guess I'm next going to figure out what update servers netgear uses for thier firmware updates and just block them at my firewall. (fixed samsung -> netgear)
So it looks like updates1.netgear.com is the domain to block via your favorite dns sinkhole. I just created an alias to point to my pfblockerng alias in pfsense. Easy enough to disable/enable. For everyone else... look into something like pihole to create your own dns block list. Or, do a nslookup on that domain and create a static route in Orib to a non existent next hop(s)... Problem with this approach is those IPs can and may change often depending on where you are if its a cdn.updates1.netgear.com
Won't work for me since I'm AP mode but it should work for those in router mode... if you can ping updates1.netgear.com but not after... you know it worked. Trying to FTP to those addresses after (using cli/filezilla) should fail.
I can see my images when I'm logged in but not when I browse a public page... so here is what I uploaded in case you can't see the images.