NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Enable one way connectivity from one VLAN to another
Routers like Ubuiquiti allow devices on main VLAN to initiate connection with devices on IoT VLAN, but protect devices on main VLAN from IoT devices being able to connect to them. Unfortunately Network Isolation feature in Orbi Routers isolates all devices on VLAN so that no device outside VLAN can connect them. This is too limited and makes the feature of separating IoT devices into a separate IoT VLAN almost useless, because way too often devices on Default VLAN (e.g. Phone or Laptop) need to connect to IoT devices to be able to control them. The only way to achieve this is by disabling Network Isolation feature, which then completely negates the whole security value of IoT VLAN separation. I am quite disappointed that an Orbi Pro range of routers does not have such a simple firewall rules definition capability. IoT VLAN is presented as a major security feature of the router that on the surface makes sense, but only when used in reality turns out to be totally unusable the way it is currently implemented in Orbi Pro Routers. I really hope a firmware update is released to correct this major flaw.SXK80 Inter-VLAN Firewall Rules
It would be helpful if the SRK80 router supported defining firewall rules between VLANs. This would enable administrators to allow limited access to devices in other VLANs, more precisely than "Network Isolation" on (completely closed) or off (completely open). A common use case of this feature would be to place IoT devices such as Chromecasts on an IoT VLAN and allow personal devices such as smartphones to control these IoT devices from a personal VLAN, withouth allowing IoT devices to access the personal VLAN. An example of this use-case is illustrated in OpenWRT which is already what the Orbi Pro Wifi 6 firmware is based on: https://www.youtube.com/watch?v=UvniZs8q3eU&t=310sVPN Certificate Change
Dear Netgear & Orbi Pro Supporter I recently bought the Orbi SXR80 router and want to use VPN to remotely connect to my office. But I am amazed that the certificates for the connection cannot be changed in the administration interface. VPN is unusable because if the certificate falls into the wrong hands, anyone can connect to my device via VPN. This happens quickly if a cell phone is lost or stolen. Why not add a function to change the certificate? This should be very easy to do. According to the following link, this was apparently already planned: https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/Orbi-Pro-SRK60-Revoke-OpenVPN-client-certificate/m-p/2139485 This function is also required by other users: https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/How-to-renew-VPN-private-key/m-p/1689399 I urgently ask you to install this function, because without a VPN switched on is a major security problem! Kind regrads Carlos
Orbi Pro VPN : Add external IP address option for VPN configuration page.
The scenario : If the Orbi Pro's WAN connection is to another router that's connected to the Internet, the Orbi Pro's VPN config doesn't "see" the external Internet address. With dynamic DDNS turned off, the VPN download package has 0.0.0.0 as the address and not 214.34.12.3 (for example). Other files have 0.0.0.0 embedded in them, so it's not a simple fix of just "typing in the Internet address" into the .ovpn file. IF dynamic DNS is enabled, the no-ip.com / other providers DDNS address is passed over to the VPN section and an active Internet address is included in the VPN download package. This is fine IF you need dynamic DNS. If you have a static Internet IP address, then you don't need dynamic DNS. The solution is either : 1. Fix the 0.0.0.0 issue where Orbi Pro checks to see what Internet address it can actually see (it has Internet access to all of the VLANs, because if you open a browser on a device connected to the VLANs, you can access the Internet), and it automatically adds the correct Internet address to the VPN download package. or 2. Add a section on the Orbi Pro VPN config page to allow the static Internet address to be manually entered, so the correct Internet address is added to the VPN download package. ThanksHide the IoT network
It make zero sense to me that Netgear would offer to separate out an IoT network to put all of ones smart home devices on and then advertise the IoT network to all by not hiding it. My crappy cable modem can hide networks. It seems to me a network no-one knows is there might be more secure.Bug with Alexa Netgear Skill and Previously Registered Devices
Hello, This is more of a bug finding than an idea. (Netgear Support asked that I post here. Apologies is this is the incorrect spot.) When I recently added the Alexa Netgear skill to my Echo Dot, it added two Netgear devices. The problem was I only own a single Netgear device now, which is registered on my.netgear.com. (I had previously owned the other device and returned it, then removed it from my list of registered devices.) I came to the conclusion that the database that the Alexa Netgear skill uses includes unregistered devices, bringing over ghosts from registrations past. Also, these devices, since they don't actually exist on your network, cause delay problems for users of the Alexa Netgear skill (they did for me), because the phantom devices don't respond. My request is that the Alexa Netgear skill team keep their list of registered devices in sync with those that are in my.netgear.com. This will improve the usability of the skill and reduce device clutter in the Alexa app. Many thanks in advance, Steve