Firewall settings and other questions

[Mihle]

Is there a list of what Firewall settings in modem should be? I think the standard one probably isn't good.

 

Also, how does it work to have two Access points with same SSID but they aren't made for mesh use?

 

We have problems with the range of Asus AC1300GPlus or whatever it's name was on 5Ghz network. I am quite sure ISP router had better range but it has other issues. The place is 101 M2.

 

Should I get just another Access point and use or together with the Asus so the hole place is covered, (if another issue with had with it is gone) just replace it with one with better range as just a few meter longer range would be good enough, or should I buy mesh network kit?

 

If replace it with another more powerful one, how do you figure out what the range of them are and if it's better?

[Falcon1986]

4 hours ago, Mihle said:

Is there a list of what Firewall settings in modem should be? I think the standard one probably isn't good.

The firewall in your modem/gateway from your ISP doesn’t normally need to be touched unless you have a very specific need to go “punching holes” through it. The built-in firewall, no matter how simple it is, is meant to protect your network. Why do you need the firewall to (not) do?

 

4 hours ago, Mihle said:

Also, how does it work to have two Access points with same SSID but they aren't made for mesh use?

Mesh systems work by communicating with each other and offer network/internet access to the wireless clients connecting to them.

 

When you wire 2 or more access points to a router/switch for increased wireless coverage, you’re basically creating small “zones” of wireless connectivity, hopefully with slight overlap in the range. This allows your client devices to switch over to the new access point source when the stronger signal is detected within range. Here, the uplink is wired to a central router/switch that is managing the network traffic; a much more robust and reliable solution than mesh.

 

When it comes to setting up the APs, you can use the same SSID, but you also have to use the same password and wireless security/encryption so there is easy transitioning between APs for your wireless devices.

 

4 hours ago, Mihle said:

We have problems with the range of Asus AC1300GPlus or whatever it's name was on 5Ghz network. I am quite sure ISP router had better range but it has other issues. The place is 101 M2.

 

Should I get just another Access point and use or together with the Asus so the hole place is covered, (if another issue with had with it is gone) just replace it with one with better range as just a few meter longer range would be good enough, or should I buy mesh network kit?

 

If replace it with another more powerful one, how do you figure out what the range of them are and if it's better?

That area is just less than 1100 sq.ft. Is it a 1-level or multi-level space? Where is the current wireless router located? Can it be positioned to somewhere more central to the house? Place it higher and away from walls.

 

5GHz has higher potential speeds but shorter range than 2.4GHz. It is also more likely to be affected by interference/barriers because of the nature of higher frequencies. Getting another wireless router won’t necessarily remove interference; it’s still a challenge for wireless in general.

 

If you can run ethernet, you can wire in another wireless router in AP mode to the location where your signal gets weak and expand coverage that way. Whatever your budget can cover, at least make sure it has wireless AC, dual-band or better, MU-MIMO and gigabit ports.

 

If you absolutely can’t run ethernet, a mesh system can work but be prepared for a high up-front cost for the units and a “you’ll-only-know-when-you-try-it” experience based on how your house is laid out. Look for wireless AC (AX if you have compatibe devices), tri-band, ethernet ports for a wired backhaul if you need it in the future, and MIU-MIMO. Orbi, ZenWiFi and Velop are maturing, but I can’t comment on their reliability since I’ve never used them myself.

[Mihle]

1 hour ago, Falcon1986 said:

The firewall in your modem/gateway from your ISP doesn’t normally need to be touched unless you have a very specific need to go “punching holes” through it. The built-in firewall, no matter how simple it is, is meant to protect your network. Why do you need the firewall to (not) do?

I mean, I think the standard settings might allow too much, but I dont know that unless I know that it should be set to?
This is the standard setting(medium):

Spoiler

There is also the High setting:

Spoiler

And there is also custom.
How do I know what to set it at and what that will conflict with stuff?
 

1 hour ago, Falcon1986 said:

Mesh systems work by communicating with each other and offer network/internet access to the wireless clients connecting to them.

 

When you wire 2 or more access points to a router/switch for increased wireless coverage, you’re basically creating small “zones” of wireless connectivity, hopefully with slight overlap in the range. This allows your client devices to switch over to the new access point source when the stronger signal is detected within range. Here, the uplink is wired to a central router/switch that is managing the network traffic; a much more robust and reliable solution than mesh.

 

When it comes to setting up the APs, you can use the same SSID, but you also have to use the same password and wireless security/encryption so there is easy transitioning between APs for your wireless devices.

That area is just less than 1100 sq.ft. Is it a 1-level or multi-level space? Where is the current wireless router located? Can it be positioned to somewhere more central to the house? Place it higher and away from walls.

Two floors. It is at the end of the corridor in the second floor, so close to one of the outer walls. The only of two places it can be. The other is under the TV also at an outside wall.
When we only had the ISP router/modem (that we got issues with the 5Ghz, that continued to persist even after replacement) It was under the TV, but Unless I want to buy a switch to have on second floor, the router in AP mode will have to stay on the second floor.

It could be placed higher up on some shelves on the second floor but then its even further away from where its bad coverage.

Where its i placed now, second floor, its poor connection in the garden. and my mother complains about it.
Its also partly because the TV might be between parts of places where she want to sit.

Also, I am quite sure the ISP router had better range, but that got issues so...

I can get some home layouts and put red dot on it if you want to.

1 hour ago, Falcon1986 said:

 

5GHz has higher potential speeds but shorter range than 2.4GHz. It is also more likely to be affected by interference/barriers because of the nature of higher frequencies. Getting another wireless router won’t necessarily remove interference; it’s still a challenge for wireless in general.

I dont really want to use 2,4 tho as it supposedly have slowr speed.

1 hour ago, Falcon1986 said:

If you can run ethernet, you can wire in another wireless router in AP mode to the location where your signal gets weak and expand coverage that way. Whatever your budget can cover, at least make sure it has wireless AC, dual-band or better, MU-MIMO and gigabit ports.

 

If you absolutely can’t run ethernet, a mesh system can work but be prepared for a high up-front cost for the units and a “you’ll-only-know-when-you-try-it” experience based on how your house is laid out. Look for wireless AC (AX if you have compatibe devices), tri-band, ethernet ports for a wired backhaul if you need it in the future, and MIU-MIMO. Orbi, ZenWiFi and Velop are maturing, but I can’t comment on their reliability since I’ve never used them myself.

Both possible locations to place it have Ethernet, and the only two places where it is possible to be. Second floor it has to have 4 ethernet ports, first floor it can do with one as ISP modem/router can handle the NAT and IP things (with WIFI off).

Whats really the difference between buying just an AP or buy a router and put it in AP mode?

The options are now really:

1. Go back to having my desktop and Printer on Wifi and put the router in AP mode in first floor, while my NAS is the only thing using the one ethernet cable that goes between first and second floor. (Worked fine when the ISP router was working without issues, other than the printer on wifi being little bit more pain)
2. Buy a small switch and put it second floor and move the router in first floor, might probably be better than what it is now.
3. Just buy a router/AP that is tested to be more powerful than AC1300GPlus but place it where it is right now.

4. Some combination mix of the three above. (If buying new one, I doubt I can sell the AC1300GPlus used and buy a small switch and have money from the sale left, so then its no point getting rid of it.)
5. Buy a new AP/router in AP mode, and place it in first floor with the same SSID and stuff as the one in second floor.

[Falcon1986]

@Mihle

 

The default firewall rules are generally OK. You don’t have to change them. If you want to experiment with the higher setting, try it out, but look out for communication errors with your applications.

 

I see that you’ve put a lot of thought into this, but keep in mind that this doesn’t have to be complicated. My advice to you is to get another wireless access point (it can be a wireless router that you convert to AP mode), wire it to the existing router, and position it on the next foor close to the other end of the house (not all the way to the wall or else you’ll be wasting wireless broadcast into the yard!).

 

If you can, post a sketch of your house’s floor plan and the locations of the important network stuff that you have now.

[LWM723]

You could use Powerline Networking

[Mihle]

1 hour ago, LWM723 said:

You could use Powerline Networking

I have zero use for that.