NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
v7.2.7.15 Firmware on RBR 850. Can someone run GRC.com Shields Up
Can you please run Grc.com’s shields up and let me know if you can get full stealth?
https://www.grc.com/x/ne.dll?bh0bkyd2
This is the best I can get.
I am running Armor. Is that causing ports to appear closed?
13 Replies
Is this with nothing else connected to the RBR850 accept for one wired PC and Armor diabled with a single broswer opening to only the GRC web page?
It’s with 50 or so items on the guest network.. and 10 or so on the primary WiFi.
I also have two RBS 850s connected.
I do have a host that is also hardwired.
I do have armor enabled, it didn’t change much if I disabled it.
The url was opened on an iPad on the primary WiFi
To get a most accurate result from GRC, you can't have anything else connected as those devices can induce connections of there own and either open or cause ports to be seen by GRC to be incorrectly tested. Why only tesing with one ethernet connected PC and one web browser opened to GRC can test the router out correctly.
I also have this on RBK850
Firmware Version
V7.2.7.15_5.1.16I posted back in April and still no changes:
v7.2.7.15 Firmware on RBR 850. Can someone run GRC.com Shields Up | NETGEAR CommunitiesSame issue/same firmware for me (noticed on 06/29/2025) after installing new cable modem CM3000 (with Xfinity service) in front of RBR850. Not sure yet if this is an Xfinity change at the carrier end / new modem, or router firmware. Still troubleshooting. (...regarding yoiur post...I'm faily certain I have ran GRC Shields UP without issue several times since April ~ your original post date).
I too am on Xfinity but with the CGM4981COM modem in bridge mode in front of the RBR850.
I know it ran clean before and didn’t have to remove satellites and only use a hardwired host.
something changed
So I go a bit of information back regarding this. Seems that this is expected behavior seen at the port test site. Since Protection Engine seems to be a hidden feature in Orbi FW, this is actively preventing nefarious scans from intruding into the system. Thus will change the port behavior from stealth to close. Seems that protection engine identifies the port scan behavior as potentially risky and rejects the traffic to prevent possible attacks from internet from RST packets.
I happend to test this out on a Nighthawk router that has this feature and is user changeable to enable or disable PE. With PE enabled ports showed as closed and thus the test fails. Disabling PE, the port all then showed as stealth and the test passes.
Unfortunately there is no user changeable item on Orbi AX/AXE and BE systems to disable PE and I presume form NG intentions, means to leave this running the background as a added security layer for there systems. Older Orbi AC systems never imployed PE so those will report all stealth and thus will pass at GRC.
So Orbi AX/AXE and BE users will just need to be aware of this feature and the results seen with the port test site at GRC. This systems are safe and working as intended from what I understand.
