What's new

[Official] Ai Protection

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

oletuv

Regular Contributor
Researching the various options for a new wireless router, the Asus AiProtection feature got my attention. I´d appreciate input from Asus users regarding the following questions:

1. Does AiProtection work flawlessly?
2. How much does AiProtection degrade the speed?
 
Researching the various options for a new wireless router, the Asus AiProtection feature got my attention. I´d appreciate input from Asus users regarding the following questions:

1. Does AiProtection work flawlessly?
2. How much does AiProtection degrade the speed?
2. It doesn't.
 
I have mostly had good luck with aiprotect, with one exception. The last option (to stop malware from running on clients themselves) seemed to conflict with my webroot protection. It would cause the router to lock up once a day when webroot did its scans. Everything else worked well, and I have not tested if the latest firmware still has this conflict. I have not noticed any speed issues when using it.
 
Here:
1. Yes, works very well and I would personally recommend it
2. There is no any noticeable degradation

P.S. No issue with Webroot (WSA) when I was using it.
 
I have posted previously that I had problems with the Infected Device option (false positive and AFAIK no way to tell it to exclude devices from the protection), but that was some time ago so I thought I'd give it another whirl. So far, everything works well.
 
I've re-enabled that last feature, and over the past 18 hours, have not seen the conflict I used to with webroot. Hopefully, it is now resolved. I'll repost if it is not.
 
@bradbort : If you enable anti-virus of PC and you find something abnormal, suggestion you to disable Vulnerability Protection of AiPotection.
 
@bradbort : If you enable anti-virus of PC and you find something abnormal, suggestion you to disable Vulnerability Protection of AiPotection.
I know. i was just checking to see if the issue shad been resolved, since others reported that webroot was not a problem. So far so good. no lockups in 24 hours.
 
In general, AiProtection seems to work, but it has issues.

One of the major problems with AiProtection (all firmware versions) is that it blocks FTP client traffic, specifically ACK packet traffic from the FTP client to the remote (outside of network) server.

When "AiProtection - Vulnerability Protection" is enabled, ACK packets are blocked at the router, This has been a problem since the RT-AC3200 release, and none of the firmware upgrades have corrected it. I have verified the issue using Wireshark and other tools. If "Vulnerability Protection" is disabled, everything works fine.

NOTES:
  • Current (junk) firmware version 3.0.0.4.378_7838 in use that works best with a variety of other flaws.
  • It does not matter which FTP client is used.
  • No problems using other routers or when Vulnerability Protection is disabled
  • Verified using Wireshark, ACK packets blocked
  • Server is NOT within network, in fact it is all the way across the country
 
In general, AiProtection seems to work, but it has issues.

One of the major problems with AiProtection (all firmware versions) is that it blocks FTP client traffic, specifically ACK packet traffic from the FTP client to the remote (outside of network) server.

When "AiProtection - Vulnerability Protection" is enabled, ACK packets are blocked at the router, This has been a problem since the RT-AC3200 release, and none of the firmware upgrades have corrected it. I have verified the issue using Wireshark and other tools. If "Vulnerability Protection" is disabled, everything works fine.

NOTES:
  • Current (junk) firmware version 3.0.0.4.378_7838 in use that works best with a variety of other flaws.
  • It does not matter which FTP client is used.
  • No problems using other routers or when Vulnerability Protection is disabled
  • Verified using Wireshark, ACK packets blocked
  • Server is NOT within network, in fact it is all the way across the country

Dear SamsS-NV,

You mean FTP server from port 21? example: ftp://superuser.com

Best regard,
ASUS Global
JK
 
Negative.

Use of the FTP port 21 forward is unrelated. As I stated, this is ONLY related to AiProtection >>> Vulnerability Protection. As I also stated, the server I must regularly connet to is NOT within the network (i.e. behind the router). The PC FTP client is behind the router, within the network. Trying to connect to any point outside the network fails because ACK packets are blocked at the router.

Unfortunately, your response exemplifies one of the biggest issues with ASUS Support --- where clear comments do not seem to be read or undrestood. If the issues had anything to do with port 21 I would have stated so.

I've been hoping for over a year to receive functional fully firmware, and after monitoring this site for months I decide to make a post and receive a similar response to the dozens I've received by email. An extremely frustrating process.
 
Negative.

Use of the FTP port 21 forward is unrelated. As I stated, this is ONLY related to AiProtection >>> Vulnerability Protection. As I also stated, the server I must regularly connet to is NOT within the network (i.e. behind the router). The PC FTP client is behind the router, within the network. Trying to connect to any point outside the network fails because ACK packets are blocked at the router.

Unfortunately, your response exemplifies one of the biggest issues with ASUS Support --- where clear comments do not seem to be read or undrestood. If the issues had anything to do with port 21 I would have stated so.

I've been hoping for over a year to receive functional fully firmware, and after monitoring this site for months I decide to make a post and receive a similar response to the dozens I've received by email. An extremely frustrating process.

No need to be rude. I read your post, and it wasn't clear for me at first either if you were talking about a remote server or one within your LAN. And ASUS_ASUSWRT actually did get it right: your issue is when trying to access a remote FTP server that's outside your LAN, he only asked you if you could confirm it to be the case (which it is).

English ain't everyone's native language.
 
I understand your point RMerlin. However, after almost a year of trying to work with support staff on an expensive consumer product and getting virtually nowhere, any reasonable person would be considerably upset. I started support correspondence with ASUS the day after receiving the unit, and I have a list of features./functionality that still do not work properly. (Yes, I've tried the latest and beta firmware and it does not fix any of the issues I've experienced, and often creates more problems, and why I went back to the version posted above). The responsibility of the manufacturer to solve problems with their products should exceed what most of us have experienced.

I've tried various setting adjustments within the router's FTP configuration, although these should not need to be changed regarding default FTP traffic. Nothing solves the problem other than disabling "Vulnerability Protection". At this point everything is default, with VP disabled so that my FTP client can connect.​

My own background in networking presents above average skills and knowledge, including an IT/Networking degree and other experience. I can easily program the dozen or so commercial Cisco routers/switches, and other appliances I have in my own lab, yet waiting this long for a fully functional firmware product on a consumer product is ridiculous. I'm not stating I know everything---only that I have more experience than the average customer, therefore I can perform other types of tests using various tools at my disposal.

As stated previously, I've been watching these threads for some time---sent here by ASUS support and their social media staff. I do appreciate your efforts to provide working solutions for their products, but ASUS engineers should be on top of these issues themselves and handle them quickly and efficiently. Although I do not know how to write/edit the firmware for these units, I have provided detailed solutions to ASUS engineers regarding functionality failures. Their response --- wait for new firmware. I feel I've been considerably patient.

I do realize this is not the thread to vent, and I apologize. I've wanted to start a new thread that lists all the issues I'm experiencing, but many are similar those of other users, s I decided to wait and watch, hoping something would develop on its own.

If you'd prefer a PM regarding the list of issues I've found with this product, please advise.

Best Regards,
 
Chances are, you got most of their answers from their level 1 and 2 tech support, which are more trained in fixing the mom'n'dad's "where do I plug my Internet thingy?" than addressing network level issues.

Posting here is probably the best thing to do at this point. I know for a fact that Asus engineers (those who actually write the code, not their tech support reps) do read the forums here. Hopefully one of them will be able to reproduce the issue, and look into it.

Just to provide additional details, were your FTP sessions using passive or port-based connections?
 
Default ... passive. My primary FTP client is FlashFXP, and my connection is typically Explicit SSL (TLSv1.2).

I tried active mode (Port) and it made no difference. I also tried other clients, including web-based. Every one of them show an ACK packet block at the router when VP is enabled.
 
Dear SamS-NV,

You need to relax and grab some beer :)

I have feedback your issue to our team and i will get back to you asap.

By the way, we aren't those email tech support team...

Feel free to drop us PM of the issue you encounter.

Best regard,
ASUS Global
JK
 
Thanks JK:

Would you prefer individual threads related to specific issues, or a general post that includes them all (but might get messy with responses)?
 
Thanks JK:

Would you prefer individual threads related to specific issues, or a general post that includes them all (but might get messy with responses)?
Hi Sam,
Could you try this beta firmware here?
http://www.snbforums.com/threads/be...king-bug-in-traffic-analyzer-statistic.28098/

I should be fixed this issue for a long time, this firmware is too old. If you still encounter issue again, you can contact with me directly via smallnetbuilder conversation or send mail to router_feedback@asus.com, please add title [AiProtection for Vanic], hope I can help you!

Thanks,
Vanic
 
Hi Sam,
Could you try this beta firmware here?
http://www.snbforums.com/threads/be...king-bug-in-traffic-analyzer-statistic.28098/

I should be fixed this issue for a long time, this firmware is too old. If you still encounter issue again, you can contact with me directly via smallnetbuilder conversation or send mail to router_feedback@asus.com, please add title [AiProtection for Vanic], hope I can help you!

Thanks,
Vanic
Hello Vanic, can you make a build for the RT-AC68U? Or do one of the two you have in the dropbox, would work for my route model? I was having the same issue as Sam. AiProtection->Vulnerability Protection had to be disabled for ftpes (TLS) to work.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top