Synology RT2600ac + MR2200ac in 2021

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone thank you so much for being here i appreciate each and every one of you in today's video we are going to take a look at these two new babies the rt 2600 ac and the mr 2200 ac as a mesh unit but we are not going to do a regular unboxing and review because this has already been done these guys are not new in the market in fact let's throw the boxes away we don't need them anymore we are going to take these devices and configure them with security in mind and we are going to see how do they measure up in today's 2021 world when these guys came to the market the entire industry was very different and the world was very different there was no ubiquity udm there was no typical in comada the competition was completely different there wasn't any emphasis on remote working because today's world is in in 2021 very much covered covid influenced so we are going to configure them and see how do they measure up in today's 2021 world full disclosure these guys were supplied to me free of charge by synology but they are not paying for this review they are not editing it and every opinion you're about to hear is completely my own so let's go over to the computer start configure them and see how do they measure up in today's world let's go ahead all right guys so we are at the computer and just a second before we start in the configuration process first of all who is this device being aimed at first of all it's the average home user and maybe the tech savvy home user but also this device is being aimed at for a businesses in the s and b space you can see it by having a usb port in the back for seller a seller internet failover and the fact that it has a four gigabytes gigabit lan ports that one of them can be assigned as a secondary when port for a secondary isp and then you can fail over and even load balance and even policy route that first for a for example that the zoom calls are only going to be a forward forwarded to a different isp and i don't know regular web browsing will be routed through the the secondary isp et cetera this device has a 1.7 gigahertz processor five 512 megabytes of ram it has a 4x4 mu mimo so this means that multiple devices are going to be able to send and receive at the same time but what you're going to see in a few minutes is where this device really shines a lot brighter than any other competition out there is the user interface it's something that synology actually wins awards for almost every year both in their nest devices and they've really implemented here in this in their router devices the user interface is exquisite we are going to talk about it when we get there so the device has been factory reset connected to isp connected to my computer you are going to take it out of the box and connect it and point your browser to router.synology.com you're going to be taken to this welcome wizard i am not going to stop on every screen because i do want to keep this video as short as possible we have a lot to cover let's go right ahead and click on start we are going to select an admin user an admin user please avoid using the default admin like almost everyone does this is the first the first account that attackers are going to try to brute force just think of another username to use give it a password the stronger the better i'm going to click on next and now we are going to be in presented with a a wi-fi setup wizard so let's give it i don't know a new a ssid let's call it sino employee just to mention that just two single this is going to be our internal network let's give it a password a super secret one and a location now depends on where you are located i'm just going to pick on united states this will change the bandwidth frequencies that are in let's say regulated regular regularly approved by the government of each country let's click on next now this device can act as a wireless router but it can also act just as an access point we are going to use it as a wireless router and at this point i'm going to keep external access to the srm srm is the name of the operating system i'm going to keep it as disabled for now i am going to enable it in a more secure way later on let's click on next now as for internet connection my internet connection uses dhcp so i don't need to do anything in this screen if you use dsl so you will probably need to change it to pppoe fully supported here let's click on apply and now this device will set up itself set up the wireless network set up the internal network set up the operating system itself i am of course going to pause the recording right here and resume it when this process is already finished all right now we are going to be taken to the srm actually it's not a user interface it's really an operating system with windows that you can minimize and maximize and multitask on it's a real operating system i'm going to keep on okay and really this is where synology shines a lot brighter and synology is light years ahead of their competition it's the user interface it's the perfect balance between keeping things simple for the average user and keeping things advanced and having a lot of features that the prosumer or the professional user or the tech sub user will really have a lot of control over what's going on in the network so this is the default desktop we are bringing we are being presented on upon completing the wizard so let's work in an orderly fashion the first thing i recommend you do if it's a synology router or any other router just go and see if there is a firmware update available to you to go into control panel and go into system and just see if there is an update available for me one thing that synology does extremely well is keeping their devices both nas and routers very well updated i have used a few a wireless routers that had i don't know in in four years just i don't know two updates so synology does an excellent job on this area alright so seems like we don't have an update waiting for us so we'll start working our way top down we'll go to the network center and this is where you'll configure your internet connection your wi-fi networks as you can see i have a i have my ip address already configured let's go into internet and i've pulled out pulled out an image from amazon as you can see there is a usb port right here this is where you connect a a cellular modem for redundancy and as you can see this lan port can be configured as a secondary when port now these are features that we are probably used to seeing in enterprise level a products it's available for us right here on the synology router so as you can see these are my isp settings if i need to change my connection from auto to pppo i will do it here and this is something that i want to do right now is configure quick connect and ddns so i will have some sort of an external access to the device and later on it will help me configure vpn so we'll enable quick connect and let's call it i don't know tmo rt sorry rt 2600 ac for the lack of a better idea that's great one more thing i'm going to enable is ddns and again this is something that i will use later on when we configure vpn so keep watching definitely something worth watching let's click on add service provider let's keep it synology and let's give it the same hostname tmo rt 2600 ac let's accept the terms and click ok now in the process as you can see we are also requesting a let's encrypt certificate sometimes i have seen this process fail but then when you go into the certificate section in the interface and request a certificate it works so either way we will cover the let's say let's encrypt certificate in this video all right so the process is complete it took about two or three minutes but we have ddns configured and a certificate automatically requested from let's encrypt and already been been configured as the default certificate that's great moving on to port forwarding i think that a lot of people use port forwarding and look how easy it is on the srm interface to create a port forwarding rule just give it a name give the ip address of where you want to port forward and i already get a an autocomplete of the device that i want to use just name the public port that means that this is the port you are coming in from the internet towards your synology device and the private port if you want in the internal port to be a different port you can you can configure it right here select tcp or udp or both and that's it that's how easy it was to create a port forwarding rule local network this is where you'll assign the local network address in this default example it's 182 168.1.1 that's great you can change it you can leave it the dhcp server i'm going to configure at least 20 addresses that i will be able to assign statically and i'm going to end the pull at 240 if i want to assign some static ip addresses at the end of the pool traffic control now this is an excellent feature that a lot of devices simply can't do this is where we can establish a sort of a qos and give priority to a single to a single or several devices or even give priority to a an application let's go to the advanced tab and click on enable traffic control now you will need to tell the the device what is your isp bandwidth that you are getting for me it's 500 down and 50 up now the default policy this means that even though i have 500 megabytes up and 50 sorry down and 50 up i can also limit every client to a maximum bandwidth on the local network on on the guest network this is especially think of a of a hotel use case even though they have i don't know 500 megabytes maybe of a downspeed they can limit each and every device to i don't know maximum of 10 megabytes that's a great way to prevent a device from hogging all your bandwidth and leaving very little for others so let's click on ok and now we can configure things like on for my device for example i can create an app rule let's see if there's skype for example all right skype call i can give guarantee bandwidth or maximum bandwidth or guaranteed download or a maximum download speed look how fine-grained we can be for a device to even set an application on the device itself for example if you have i don't know a child or an employee or something like that that uses i don't know downloads torrents and hogs all the bandwidth you can go in and create an application rule that will limit its usages on the internet okay let's just cancel out of it you get the id this is a very very powerful tool that will allow you to manage almost every little thing that goes through your network not only that you can take a device and give it a high priority and this means this device when it competes with other devices for bandwidth this device is going to win so that's again a very powerful tool and there's also a way for you to ban this device from the network if you look at this device and you don't think that it needs to be connected maybe it's not yours maybe someone connected to your wi-fi network you can ban this device from the from your network completely moving on to security i do recommend enabling ddos protection i do recommend do not allow srm to be embedded click on apply and one of the most important things i think that you should do is go to the firewall tab one thing that you can do which really easy to do and really something that i think everyone should do is create some sort of a geolocation filtering i'm going to give it a name and select in this case in the source selector region and for example i am not expecting anyone from north korea to communicate with me and for me to communicate with him so i'm going to select north korea and you can select additional countries as you see fit on all ports on all addresses and the action will be deny and this is how easy it is to create a geolocation type filtering on your synology firewall really easy to do and really something that you should think about doing let's go into services of course i want to save it services this is where you can see just in a glimpse what services are running on your firewall and for example if you don't think that ftp should be running you can uncheck it autoblock again something that i really recommend enabling so 10 failed login attempts within a time frame of 5 minutes will create a block on the user and it will be unlocked after 30 days so that's a great way to prevent brute force attacks on you operation modes like of course i want to save it operation mods this is where you can switch from router mode into a access point mode not relevant for us all right so this is the network center for you we are going to move forward to wi-fi connect this is where you would configure your wi-fi network in the password and this is where you will connect additional wi-fi points or mesh points and this is exactly what i'm going to do so first things first i do want to enable the 2.5 and 5 gigahertz auto selection that's great i am going to change the 5 gigahertz channel statically to 36 and 2.4 to channel one i am going to create a guest network and let's call it sino guests again give it a password super secret one maximum connections if you're not expecting more than that then you can leave it on and i'm going to say this is a feature called ap isolation i am going to disallow clients from communi communicating with with each other sorry and not to mention allowing guests to access my local network which is a big no-no so this is the first thing i'm going to configure but this is something that a lot of devices can do create a guest network but where synology can give you a little bit of an of an extra right here on the schedule for example let's say that this device is located in your store or something like that and you're only working from nine to five there is no need for the wi-fi to be always on so you can customize the schedule in which you can disable the guest network for example from midnight to seven o'clock it won't be available and from 6 to 11 the guest network is not going to be broadcasted so you will have a guest network only between working hours that's very logic to do and you can also enable a guest portal and you can customize it to have a certain logo a certain background and every time guest will connect to your guest network they will be presented with this guest portal they will click on connect and this is where you can even i don't know put in your logo or do a little bit of promotion i'm not going to enable it i don't need it i'm going to reset so we're all set on the wi-fi settings what i'm going to do right now i'm going to pause this video i'm going to take my mesh unit actually it's right here the mr 2200 ac all i'm going to do is to plug it into power that's it nothing else now you need to connect it at first somewhere relatively close to the base unit to the rt unit and just give it 30 seconds or a minute just to be powered on and then we are going to try to maybe let's call it adopt it or configure it and bind it to our rt 2600 ac so i'm going to pause the video and connect this guy to power all right so the device is connected it's blinking blue this is the state that it needs to be in and i'm going to go into wi-fi point click on add and hopefully auto magically it's going to find it and configure it let's make sure the wi-fi points are ready they are let's click on wi-fi points ready it's going to search around maybe send out a few broadcast messages and hopefully it will find the device found it let's give it a name let's say it will be in the garage that's great click on next all right so as you can see the device is still updating so i'm not going to wait for it as you can see luckily we don't have a web interface we have a web operating system that we can open windows on so we'll jump right over to the next thing for me it's the most killer feature of this device it's the safe xs what this allows you to do we'll circle back to the wi-fi to the wi-fi connect application but what safe access allows you to do is create a profile assign devices to this profile and create a sort of a web policy or web filtering that will be applied to this device or devices and this is where parental controls are being really been taken to the next level in really in ways i have not seen in any other device the synology have really done a superb job of creating this safe access application let's in let's dive right in and create a a profile and we'll use and we'll first create a profile for the network for for the the entire network all devices on the network will be subjected to this policy this will be applied into applying on my local lan let's create and this will serve as a sort of a baseline then when we'll configure profiles for the individual users the the individual policy or profile will be will win over the network policy all right so let's set access rule and since this is only going to be a general broad baseline i am going to turn on web filtering i'm going to use custom and i'm only going to um i'm going to name it general and i'm going to block only let's say um i don't know and advertising why not and it's ready all right i can also for safe search i'm not going to implement it right now now let's say you have kids around the house and you want to make sure they're using the internet in the safest way that you can provide let's create a user profile in this case and let's name it kids will assign devices in this case it will be my device to this profile it can be one or several it can be a computer or tablet let's click create and let's set access rules all right web filtering let's you can choose from predefined templates that synology have created for us let's click on the child now the disadvantage of creating a predefined web filtering profile is that you cannot really customize it now i have assigned my computer into this kids profile so if everything goes well if i'll try to go in to espn.com i should be getting a block a blog page let's try and as you can see the website is indeed blocked so this is how synology really took it to the next level and created web filtering and web management and parental controls in a way that i have never seen in any other device almost any other device out there except of course the enterprise grade devices that have web filtering in a whole different way i can also create a profile for my guest wi-fi let's create the profile and this means that everyone that's connected to my guest wi-fi network will get a web filtering policy i know of a guest so now everyone that's connected to my guest network will get the guest policies applied to it it doesn't i don't if i don't have to configure each individual device individual device so that's a great way to to manage who gets what you can create a strict profile for your kids a more permissive web filtering profile for the parents you can even customize the block page really super super job on this application you can even enable threat intelligence database that means that a malicious website will automatically be blocked and the the device will um i think that twice a day it gets the database updated still in the safe access you we can see activity if something got blocked for example my attempt to go into espn.com was logged so then you can see at the end of the day who tried to get into what website and that can give you a lot of insight of what maybe your kids are trying to do when they're alone in their rooms with their computers super job in that case notification is where you can configure the application to send you i don't know an email every time um someone reached the site and it got blocked so this will really keep you up to date on what's going on in real time super job on that case now let's close this window even though the system update failed the device is now being restarted so we'll give it a few minutes to jump back into work the next thing that i would like to show you is the package center again something that is very different from every other device out there you can extend the functionality of your device by downloading certain applications like vpn plus due to a time shortage i'm going to create a whole new video just on the vpn capabilities of this device i don't want to cram too much into a single video i will create a separate video just on vpn but as synology pushes more and more applications into the package center you will gain more and more functionality again something that is i think years ahead of any other competitor out there especially in the smb and home market will enable all the firewall exception rules that this application needs we'll click on ok and just like that from the package center we now have a full suite of capabilities with a vpn plus server application and just as uh i know as a as a teaser we have a web vpn that means a client-less vpn that we can configure for our users and from this web a portal users will be able to gain access to internal resources from their web browser super a job on that one so we have a web vpn we have let's say a regular ssl vpn with a with a client we can enable remote desktop this means that through the usage of behind the scenes a reverse proxy we can allow the users to gain remote desktop access to their devices again without needing the whole usage of a client we can use standard vpn like open vpn pptp l2tp very i don't know these two are not commonly used openvpn i can understand and we also have side to side vpn again a feature that is just until not too long ago was only in enterprise grade devices side to side vpn if you have a device in the 26 ac and maybe your friends and one you can connect your networks together this will require a license but again a super a super feature let's just circle back to the wi-fi connect and see what's the status of our a wi-fi point and looks like everything seems to be in order i do want to take the time and talk about what i didn't like in this device and there are a few disadvantages disadvantages for example this device does not support vlans so you cannot segregate each port into different vlans sadly not an option this device does have a usb a usb 3 a port to connect an external device an external hard drive and use the in the router almost like a like a a nes but i didn't like the fact that the usb port is on the side for me it makes mounting the device a little more difficult i wish it was on the back one more thing that i don't like in this device is the safe access policies that are predefined are not not customizable but they are not even telling you what are the categories that they are blocking so these are the things that i didn't like in the device just to be honest and objective otherwise this device is even in 2021 is secure is safe giving you the control you need on your network it's really up to power it's easy to configure it's a it's fast and if you have a a an isp connection that is up to a one gigabytes down this device will have no problem in handling it i need to to put a little checkbox on it because if you do download and configure the ips application which i will do a video about this will take down this will give you a penalty and will slow your your connection but otherwise this device is again years ahead of its competitors easy to use pleasant beautiful give you a lot of functionality in my book it's a clear clear clear winner so join me on the next video that i'm planning to do only on vpn but a deep dive on vpn usage on this device otherwise thank you so much for being here please hit the like button it will really help me a lot with the youtube algorithm and i'll see you all in the next videos bye bye guys thank you [Music] you
Info
Channel: Tech Me Out
Views: 5,508
Rating: undefined out of 5
Keywords: Synology RT2600ac, synology rt2600ac setup, synology rt2600ac review, synology rt2600ac vpn, synology rt2600ac setup guide, synology rt2600ac wireless router, synology rt2600ac parental controls, synology rt2600ac firewall, synology rt2600ac router, synology rt2600ac vlan, synology rt2600ac mr2200ac, synology rt2600ac manual, synology rt2600ac vpn setup, synology rt2600ac reset, synology mr2200ac, synology mr2200ac mesh device, synology mr2200ac mesh, parental control
Id: D0MFEVmujRU
Channel Id: undefined
Length: 34min 9sec (2049 seconds)
Published: Tue Apr 27 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.