Where is the DOS Protection & WPA3 features of the Archer AX6000 Router?
Coming from a user of a battered Asus RT-AC68U, I was expecting a big improvement on the more expensive TP-Link Archer AX6000 Router. I just bought it today. But so far, I have encountered a major problem already. I can't upgrade to the latest Firmware version. It says error with cloud connection or something similar. Thus I manually downloaded and upgraded to the latest available Firmware version from our country (PH) website of TP-link. The only Firmware version available therein is Archer AX6000(EU)_V1_200212 which has a publication date of 2020-03-12.
Upon refreshing the Update page, I was presented with an info that there is another newer Firmware (1.1.1 Build 20200714 rel.18254) available. Still, upon pressing the Upgrade button nothing happens and the error message about connecting to the cloud appears again (see image below). What can I do to fix this?
---
---
Besides these issues, I also can't seem to find the WPA3 security & DOS Protection feature (as advertised) in the admin interface. These security features are the main reason that have convinced me to buy the Archer AX6000. You see, our ISP's Modem is experiencing constant DDOS attacks and Port Scans. I was thinking the Archer AX6000 can help prevent/lessen these attacks more than my Asus Router since its DOS Protection is quite basic. So far, I noticed the Admin system interface and features of Asus routers looks to be much better and more stable than TP-link's. I haven't experienced any problems with my Asus RT-AC68U when I bought it in the past and all advertised features were already intact and working on day one. It's just that I wanted to have a more modern router with higher specs and better security features hence I opted to replace my old Asus.
Can someone shed some light on these please?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@RendCycle I also came from Asus and after using this router for a few days, I set it to just be an access point and went back to my Asus AC86U as the router. It has a bad 5G radio so it is only being used as the router for the AX6000 access point. The features in it, especially running Merlin firmware, are much better. The WPA3 isn't available until the firmware that you are trying to install so once you get it installed, you should then be able to use WPA3. I can't answer the DOS protection peice since I am using it as an access point only. I haven't upgraded mine yet since you cant downgrade once you go to that version. I am not having any issues so I am playing it safe for now and leaving it alone.
- Copy Link
- Report Inappropriate Content
Thanks for the reply @Chipworkz. Wow, after all these months there are still major issues with this Archer AX6000? I only saw glowing positive reviews before I bought this... Anyhow, I cannot use my old Asus Router anymore because I believe it has an unremovable Malware. If I cannot use the better security features of the Archer AX6000, I will just return it to the shop in exchange for another brand. I did not pay all that cash to receive a bad router without all the features I need. TP-link should not advertise them if they're not presently working or the features are incomplete. This is quite disappointing. :-(
- Copy Link
- Report Inappropriate Content
JUST AN UPDATE. I was able to finally patch the Archer AX6000 through the TP-Link Tether app in my mobile device. I was able to access the WPA3 options now but still couldn't fully utilize it since I also need devices that support WPA3?
I also couldn't find the DOS Protection feature and a way to restrict devices from accessing specific websites for each. I thought that this router model has more flexible Firewall controls compared to my old Asus Router. I saw in some user reviews that these features should be present in this Router.
Besides this, I noticed there seems to be a bug with the ARP and IP & MAC Binding. It kept insisting on giving some connected devices a different IP Address even if I already assigned them specific values before. Is this a bug or is my network (or those devices) infected with Malware?
in addition, the Device Name info of some connected gadgets in the router's user interface kept getting the actual device's Operating System Name instead of what I assigned them with in the TP-Link system. Thus the Device Name becomes different in some user interface window so its kinda confusing as I still have to remember the MAC Address.
- Copy Link
- Report Inappropriate Content
After further tinkering with the admin interface, I was able to understand how ARP and IP & MAC Binding seem to work. I have to add all the devices first under Network->DHCP Server->Address Reservation list. Then enable Security->Access Control and also add devices again in the Devices in Whitelist (if I activated that too). After those steps, I activated the IP & MAC Binding toggle under the Security->IP & MAC Binding page. Continued to start connecting the various devices to the Network available in the "refreshed" ARP List therein. I did that by just clicking the "Chain icon" to bind the indicated MAC Address and IP Address of each device in the list that I've also checked to be correct beforehand. By doing that, the "Unbound" text indicator per device will turn into "Bound" and automatically add the device in the bottom list labeled "Binding List". That's it.
I noticed some bugs:
- Selected devices especially TVs, does not reflect the custom Device Name you've assigned to them and instead reflect "localhost". This usually happens when both Wired and Wireless are connected to the Internet (LG TVs). But one of our TV (Samsung) still has that error even if it only uses one network connection type.
- Under IP & MAC Binding page, the Device Name ("Description" column) is always blank even if you're already assigned a custom name for the devices. Even editing a record to input a name for the device will only show an error indicating the "IP Address is reserved..." and won't let you save. I think the Device Name should have already been grabbed previously from your DHCP Server -> Address Reservation settings or even when you've added the devices in the Access Control -> Devices in Whitelist.
For the blocking of websites, it looks like it can be configured for each device under Parental Controls. I just haven't tested how effective this is.
But after everything, I still cannot find the DOS Protection settings wherein I can configure a threshold for blocking ICMP pings, SYN Flood attacks, etc. aside from enabling other important attack prevention options. This is the major feature I'm looking for.
- Copy Link
- Report Inappropriate Content
The AX6000 does have DoS protection, but it is within the Trend Micro Antivirus option of "Intrusion Prevention System". Similar to how the parental control websites that get blocked which is done by working with Trend Micro's database the same is for the IPS.
- Copy Link
- Report Inappropriate Content
@Tony Is this what you mean? hmm... There's just a toggle and it seems there are no other screen nor more details available on how this feature works. There's a similar thing in Asus Routers but another screen is available containing a list of reports from Trend Micro. Aside from that, the Asus Router has a separate "DOS Protection" on/off radio button under the Firewall section. I thought the Archer AX6000 has more advanced DOS protection feature as seen in the previous image I posted.
- Copy Link
- Report Inappropriate Content
No, not for router that have HomeCare. The image you referenced for the DoS are for routers that do not have HomeCare so they are not using Trend Micros IPS, but rather the IPS is on the router itself.
- Copy Link
- Report Inappropriate Content
@Tony Oh that's sad. I was looking forward to the DOS Protection feature and it's what made me decide to go for the Archer AX6000. Since old TP-Link routers seem to have them based on some Youtube videos I've seen, I thought the newer models also has it. Now I understand that if there is Trend Micro's HomeCare, there is no built-in DOS Protection. Got confused especially some info I read mentioned the "DOS" feature. For example, the data sheet of this Router model indicates it under Firewall Security (see below screenshot and previous link to document) with a different section mentioning details about TrendMicro's HomeCare so I thought the two features are separately different.
Another disappointing news I just learned today is the removal of the IFTTT feature too from the Archer AX6000. I thought that would be extra useful to have. I also noticed it's strange that there are no dedicated LED Lights per Ethernet Port, nor for Wi-Fi on/off indicator, and WPS on/off indicator in the Router's hardware. That's kinda difficult as I already got used to looking at those lights to check LAN cable connections and features' activity state of the Router. Anyhow, the only new feature for me that seems to be useful which I realized that I might need is the ARP and IP & MAC Binding... aside from the usual DHCP Address Reservation of course.
All-in-all I felt the value I got is actually less for the price I paid for the Archer AX6000. If the expected lifespan of this Router is only good for 3 years as mentioned in some of TP-link's article in relation to Trend Micro's HomeCare, then by that time, I might not be able to actually fully utilize the WPA3 security as well as the WiFi 6 connection type features since the hardware might already be dead by then. In addition, it's a little scary to think that if Trend Micro's HomeCare suddenly got removed from this Router like what happened to IFTTT, the security feature from malicious external attacks like DDOS (which are so very common) will disappear too. That huge risk is what customers will have to greatly consider when buying the Archer AX6000. By the way, Asus Routers also has a similar Trend Micro feature and also has free lifetime subscription plus a separate basic DOS Protection under Firewall.
I hope TP-Link can still add their own advanced Firewall DOS Protection feature in the Archer AX6000 as precautionary measure and for customer's peace of mind. Besides, the Archer AX6000 does not have a Dual WAN + Load Balancing / Failover with support for USB 3G/4G Modem which most Asus Routers at the same or lower price point have already. For me, that feature is one of their Wireless Router's great selling point. It's super convenient to connect a Mobile Phone's Internet connection to the Router as backup line. I gave that up for the advanced Firewall DOS Protection... which actually does not exist in the TP-Link Archer AX6000. :-(
- Copy Link
- Report Inappropriate Content
@Tony Sorry, but I think you're mistaken. The DOS Protection should be included in the Archer AX6000 (V1) as stated in the online Configuration Guide here. Also see screenshot of said article below. I think DOS Protection was suddenly removed and some write-ups/articles/reviews available in the Internet were not updated. That is confusing to customers because their expectation will not be met if they can't find the feature they're supposed to find on a product they just bought.
- Copy Link
- Report Inappropriate Content
The previous page screenshot mentioning the DoS Protection feature, which is totally different from Trend Micro's HomeCare, can be accessed under the FAQ section of the Archer AX6000 (V1) router with the title "How to protect the network from cyber attacks of the Wi-Fi Routers (new logo)?". There is even an image of the user interface of the DoS Protection feature to further provide proof that it is a different software feature than HomeCare.
A separate FAQ page for the HomeCare is also available therein entitled "Can I still use the TP-Link HomeCare or HomeCare Pro features after the complimentary expires?" which just explains how its subscription plan works for Trend Micro and Avira.
So far, I still haven't seen any log reports on blocked DoS attacks in the Archer AX6000. Where can I see them if ever? i know our ISP's Modem is continually receiving a barrage of DDOS attacks as reported in its Log previously before I changed its connection type to "Bridge". So now, I'm trying to find that kind of log reports in this TP-link router. Doesn't those reports carry over from Modem to the Router and it should say "blocked SYN Flood attack" or something similar? Trend Micro's HomeCare does not reflect anything under its "Alert History" page. Nothing related is also found in the Router's System Logs.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4448
Replies: 10
Voters 0
No one has voted for it yet.