Synology SRM 1.3 Software Review Part III – Network Management

 

Synology Router Manager 1.3 Review Chapters

SRM 1.3 Synology Router Software Review, ALL Parts - HERE
SRM 1.3 Synology Router Software Review, Part 1, Design & Control - HERE
SRM 1.3 Synology Router Software Review, Part 2, Safety & Security - HERE
SRM 1.3 Synology Router Software Review, Part 4, Safe Access - HERE
SRM 1.3 Synology Router Software Review, Part 5, USB Storage Services & Conclusion - HERE 

Synology SRM 1.3 Review – Network Management

The more premium a router is (i.e expensive!) the more you find that they start to feature features and services that are more often found in switches. Indeed, it still surprises me that Synology has yet to make the jump towards its own range of switches in the way that the other NAS brand QNAP has. That said, the network management and control that is featured in SRM 1.3 is quite extensive for a router, even if the complaints surrounding how long it has taken Synology to feature virtual network creation have been fairly constant these last few years. The Network Center application largely provides the bulk of network management resources, opening up into a brief overview of available connectivity and enabled SSIDs. There is also a live graph of activity covering uploads, downloads, system hardware resources and the status of those individual physical ports.

If you dig a little into the Port Status area, you are able to see any live connections and the bandwidth currently available on that connected line. This was one area of design that I was a little underwhelmed by on Synology’s part. Aside from the user interface in the Network Center application featuring a few different options whether you used the router on its own or as an additional access point (which makes sense logically), SRM 1.3 still lacks a larger topographical overview of the network, virtual networks and SSIDs. I appreciate that this would fall more into ‘network switch’ territory, but with the RT6600ax router with SRM 1.3 supporting 5 virtual networks, 15 SSIDs on a network, 4 LAN ports and the ability to bond them together in a custom way – that would be MUCH easier to comprehend graphically or in a breadcrumb/tree style.

There IS however a clear and quick-to-setup means to create a failover connection involving multiple ports. Although in the diagram below WAN and LAN 1 were featured, this is customizable via dropdowns. Additionally, you can factor in the USB SIM dongle or Mobile Phone USB tethering services to be used as a failover for the WAN and a wired internet connection. This failover also has a few straightforward rules and system policies for how the switch would take place in the event of your primary connection dropping, as well as what happens when it gets stored. Fairly straightforward stuff, but presented very well in SRM 1.3 and makes having a backup internet connection a lot more justifiable and easy to implement.

The newly added virtual network creation (vLAN) support in SRM 1.3 is pretty straightforward and (as this system is a router) also benefits from a few extra things (as well as supporting a few things you might expect), such as:

  • The ability to assign custom VLAN IDs
  • The option to completely block a vLAN to access the SRM 1.3 Controls/GUI
  • The option to block any communication/visibility between one vLAN and all other networks
  • The option to bond (attach) a physical port to a specific vLAN
  • The option to connect the vLAN with an existing SSID or create a new one during the creation wizard
  • Later in the access and user panels, you can permit levels of access to virtual networks

Again, this is all not really groundbreaking stuff, but 1) it’s something people have requested in SRM for a while, 2) brings a lot of network switch functionality to a router and 3) is presented in that special Synology ay that makes it remarkably straight forward. Bearing in mind we are talking about vLAN creation (something very few domestic users will ever know how/need to do) being made as easy as setting up an old Hotmail email account, I respect the effort.

This slideshow requires JavaScript.

Once additional networks have been created, they are displayed in a list on the main Network center page, each able to be completely reconfigured or their identities and ports changed with ease. Again, I am surprised that Synology was not able to show this information in a bit more of a pictorial fashion (something the likes of Netgear and QNAP have shown on their routers and switches for years).

As you might expect, creating a new SSID is INCREDIBLY easy in SRM 1.3 and you can create a whole lot of them too. Each can have its own identity, security protocol (eg WPA 3 Enterprise style or something more modest for legacy devices), and assignment to a specific frequency or band (eg 2.4-5Ghz and/or over 80Mhz or 160Mhz) to ensure that the right wireless connections are getting the benefits of the better coverage. That really is just scratching the surface of it and it’s impressively detailed in its configuration options.

As you might expect, SRM 1.3 (of course) features port forwarding rules that can be changed and allows you to create those more targeting but tactically placed means of accessing your network when needed, whilst keeping the safeguards in place. This is something that Synology cannot really make very user friendly and frank it should not be! Aside from the fact that a basic-mid level of understanding of port placement and protocol is needed, too much bad news surrounding ransomware injections from the likes of Asustor and QNAP in the last year or two has demonstrated the folly of inexperienced users punching holes in their firewalls etc (or worse still, brand’s offering to do it for you with little warning to the consequences). A standard by often vital feature, that is getting the respectful treatment it deserves here.

For those of you that have high priority internet connections running into your home or business premises, there is a specialized setting for giving PoS to IPTV (so online TV services and VoIP (voice over IP) phone lines. Along with numerous profiles for each that can be selected from a drop-down, you can also create custom profiles manually. This will likely be only of use to specific users and perhaps a greater range of external internet services might be added over time (as they increase in popularity) but still a handy feature for some and a nice extra for business lines certainly to ensure that phone calls over the internet are clear as/when needed, rather than giving a specific port priority of service generally, which might lead to unnecessary network throttling for everyone else accidentally. Better to identify a service specifically, rather than the port.

Talking of identification, as devices are connected and disconnected from the machine SRM keeps a record and along with names, will try to assign a device identity (classing it as a phone, laptop, printer, NAS, etc), which will be useful later to know what devices are on which network (As well as assigning access to these later in the ‘Safe Access’ tool. This is by no means full proof in how accurate it will identify devices and you can add custom icons as needed.

Returning to external checks and monitoring, SRM 1.3 also includes a few bits and bobs in the ‘Network Tools’ area for monitoring how packets of data are moving externally. These include a Traceroute service for when you connect with a website, so that you can see where data you get travelled along the way, particularly routers. A traceroute provides a map of how data on the internet travels from its source to its destination and although is often limited by connections along the route, can be a handy way to troubleshoot, as well as test site identities. Next, there is a ping measurement tool that allows you to measure the reply speed in milliseconds from a site to test your connection to/from a given internet location. Finally, there is an incredibly easy to use Wake on LAN (WoL) service that will automatically list available devices that are on the network and allow you to power them on/off if they support that feature. Again, this is now exactly groundbreaking, but it is presented in a very easy to understand way, which is what SRM 1.3 seems to constantly strive for and (for the most part) succeed at.

This slideshow requires JavaScript.

The last thing I want to touch on is the ability to generate remarkably professional reports of system activity (as well as internet, user, device and specific network service activity) in a scheduled and repeatable form. These generated reports can be tailored to a specific date or time, and can also have the range of data/services that they include be customized too. So, if you want a once a day, or once a week report that details the network behaviour of your staff, this can be set up automatically to be emailed to you on the frequency of your choosing.

Alternatively, you can create a much more general and system/network-wide report that covered the activity of everything in-house (as well as external connections where appropriate) and from there get a good understanding of the main active users/devices. This is all presented in a great balance of textual and graphical language and is something that IT admins will be able to use and learn from. Synology provides an even better and more dynamic version of this kind of reporting in their multi-site/system monitoring platform ‘Active Insight’ (a paid subscription platform), so I am impressed that Synology has not attempted to play this tool behind a license or cloud wall.

This slideshow requires JavaScript.

There is also a fairly common feature in SSRM and on the Synology routers to create a guest WiFi SSID that allows you to create a network that has lower network importance, access and connectivity to the rest of the system. This is hardly new, but it is worth highlighting that this Guest WiFi mode is a great deal more customizable than many I have seen and you can change a great deal of the rules, timing and allowed behaviour permitted on it.

You can even very quickly create a custom login portal screen (much like many of the public WiFi spaces you may have logged into previously) with SRM 1.3 and this adds an interesting extra degree of policy to your business class router operation.

The network management of SRM 1.3 is still good and something that those inexperienced in this rather double-niche area of I.T will certainly find beneficial. Those more aware of this subject are likely to want to look past the user-friendly GUI and ask for the more aggressive customization tools (many of which are absent and/or are more at home in a network switch, such as port trunking or even semi-automated loop detection when switches are introduced to the router LANs), but when you have here is still remarkably well presented, very responsive, more customizable than I thought it would be and you are still getting a decent mix of a router and switch features packed into a single software platform in SRM 1.3. Let’s sink our teeth into Safe Access – possibly one of the main reasons that mainly look at the Synology Router series.

 

Synology Router Manager 1.3 Review Chapters

SRM 1.3 Synology Router Software Review, ALL Parts - HERE
SRM 1.3 Synology Router Software Review, Part 1, Design & Control - HERE
SRM 1.3 Synology Router Software Review, Part 2, Safety & Security - HERE
SRM 1.3 Synology Router Software Review, Part 4, Safe Access - HERE
SRM 1.3 Synology Router Software Review, Part 5, USB Storage Services & Conclusion - HERE 

You can watch the FULL review of the latest WiFi 6 Router from Synology, the RT6600ax, over on YouTube below:

Alternatively, you can watch my full review of Synology SRM 1.3 on this NAS in the video below:


DISCUSS with others your opinion about this subject.
ASK questions to NAS community
SHARE more details what you have found on this subject
CONTRIBUTE with your own article or review. Cick HERE
IMPROVE this niche ecosystem, let us know what to change/fix on this site

ASK YOUR QUESTIONS HERE!

74 thoughts on “Synology SRM 1.3 Software Review Part III – Network Management

  1. Great video … as usual. Based on your previous review of Synology’s RT6600ax, I recently bought one (yeah… tough to locate one in Spain) and have been THOUROUGHLY impressed. So my comments are really directed at both reviews. As I work my way through all the rich features of SRM 1.3, this deep dive has been wonderful and helped me close down a few missed security holes.

    While the RT6600ax didn’t provide as good of a range boost over my ISP’s LiveBox 6+ as I hoped nor did it fix the intermittent service problems I have (which Orange tech support keeps claiming is how and where I have the router it installed), the control and security of SRM has more than made up for it. It is the proverbial light years ahead of what Orange offers in their residential router.

    I know this is a review and comparison channel and less a “how to”. However, I’d love to see a more in-depth connection/setup/security video as I did have a little trouble trying to connect and set up the RT6600ax. Not Synology’s fault but the limitations introduced by my ISP and their router limitations. Initially, I was hoping I could connect it directly to the ONT but it seems I don’t have the technical wherewithal to figure that out. I hoped the LiveBox could be set up as a bridge, but that option is not immediately available. I then tried connecting to the LiveBox router and setting up as an Access Point. That sort of worked but was pissed that I couldn’t use all the features of SRM. I then tried connecting to the ISP’s router using the Wireless Router operating mode but, as to be expected, ran into double NAT issues. I finally had to set up a DMZ on my LiveBox and pointed it to the RT6600ax. This seems to work as I have not had problems so far. However, I am not yet sure if opening a DMZ is an inherent risk (I would love feedback on this option). However, one would assume using a router with firewall rules enabled in a DMZ is probably one of the safer options.

    So my next comment is with regards to the Threat Prevention feature of SRM. To see the attacks and where your vulnerabilities lie is both a blessing and a curse. Of course, with my ISP’s router, there is nothing of this reporting. I guess the average person just assumes and accepts that they are safe behind the router provided the ISP… and maybe they are. However, when you can actually see the types of “Malicious Events” available in the Threat Prevention app (e.g. Network Trojans, Attempted Information Leaks), where they are coming from, and the intensity/frequency, I am left a little shell shocked and worried. It is like watching the news… the more bad things you see happening around you, the more anxiety and fear you feel. If I just play naive and ignore that there are bad elements out there, as happens with your ISPs router, I can just live happily in my little bubble and not worry about bad things until there is a problem. So, a more deep dive on how to handle the threat reporting in SRM and steps you can take to harden your system would be much appreciated.

    So again, great video and if anyone has references, advice and help for points raised above, I would love to hear about it.
    REPLY ON YOUTUBE

  2. My new rt6600ax refuses to go above 100Mbps download, and suggests (via popup in SRM) it may be the cable. My older router (which this one is supposed to replace) is getting nearly 500Mbps download on my 16″ macbook pro m1 ultra, and my synology NAS is showing around 940Mbps on ethernet (again, on the older router). But on the new 6600, my NAS via ethernet is maxing at around 94Mbps 🙁 Any ideas? Very frustrating.
    REPLY ON YOUTUBE

  3. Hi there,
    Thanks a lot. So after your review i bought the RT6600ax. So now i need to upgrade my home network to manage and separate my iot network (home assistant, cam, aquara, shelly, etc.) from my home / work network. Can you help on guiding me to choose a switch (i guess it will be managed) and give so hints on configuration (both the router & the switch). Maybe i should add that today y network is build on the RT2600 plus 2 MR2200 because of concrete.
    Philippe
    REPLY ON YOUTUBE

  4. Does the dns package support local network dns entries? I currently use ddwrt and have local dns records configured for a few server IPs…that way my desktop and mobile clients can connect to files and emails using those fqdn names locally
    REPLY ON YOUTUBE

  5. Does the dns package support local network dns entries? I currently use ddwrt and have local dns records configured for a few server IPs…that way my desktop and mobile clients can connect to files and emails using those fqdn names locally
    REPLY ON YOUTUBE

  6. The biggest flaw in synology product line – its not complete. No switches. No PoE. this router show again cheap plastic 4 port ethernet on the back. There is no way to build even small size home network with just router. They should add two 12/24 port switches, with/without PoE and SFP support running the same software. together with NAS they can have a good solution
    REPLY ON YOUTUBE

  7. Ill agree to a Great rewiew, and you have mentioned a lot of things which are really helpfull (not for me) but for other sure.
    What i want to comment on, is your surprise that the RT6600ax comes with the SRM 1.3 and the older devices are still SRM 1.2, well this is what synology was presenting from the “Day One” when the RT6600 was presented by end of 2021 so no surprise for me here, the SRM 1.3 for the RT2600 and MR2200 will be or according to synology should be in June so we need to wait for this one as well.
    What im glad and really glad that the support for the MR2200 and the mesh is there, and also with another RT6600, which you cannot do with a RT2600 so a huge step forward i like, AAAANND well if you do a MESH then you will have TWO USB ???? Ports, the question is if the can be used but i think this is an alternative for those who will be having a MESH network.
    REPLY ON YOUTUBE

  8. Amazing review. Thanks a lot for your effort. It’s almost like we’re dealing with a Nas Station here. In terms of user experience anyway. I think if they added Plex, a lot of basic users wouldn’t have bought a Nas Station anymore, so I think is is a selling strategy here. Anyway, great review, I am considering buying an unit after watching your video. Well done mate! Keep up the good work!
    REPLY ON YOUTUBE

  9. Looks fantastic. As mentioned previously, I am using a net gear R9000 which to be fair has been working brilliantly. I flashed it with DDWRT recently using my iPad Pro, it took an absolute age to login but finally it worked. I am registered as a blind person but enjoy fiddling around with technology. I am waiting for your video next week for The router shootout vid but, am quite taken with the RTÉ 6600.
    Thank you for all of your videos they are very helpful
    REPLY ON YOUTUBE

  10. Synology does produce nice devices but it’s all fine when you have warranty. When it’s over and your device will stop working, synology won’t repair it even if you could just pair for the repair. They just dont give a f**k. Think twice before you buy an synology router.
    REPLY ON YOUTUBE

  11. This looks like an unboxing, not an actual review. You’re holding a device that is capable of sophisticated beam-forming, but we don’t have any speed tests / comparisons / ping results for a typical wood-frame house for example. I like the new features, but I was really into that I’d just set up a pfSense box, or a UDM pro. Why would I buy this thing instead of a cheaper WiFi6 AP/router? Why would I buy it instead of a UDM pro + AP? I had an ac2200 before and I returned it, because SRM is a far cry from DSM, and here they are cramming features into a device with just 1GB of RAM. If you’re saying that it strikes the perfect balance, I’d like to see come figures proving that. Otherwise the video should be titled either “unboxing” or “first impressions”.
    REPLY ON YOUTUBE

  12. When the videos get this long ( which I do very much appreciate ), I head straight to the conclusion. If you conclusion is positive, I generally go back to the beginning. That’s what I’m doing here. Your opinion at the end is exactly what some of us need. I currently have an RT2600ac but now I will buy a new 6600 model and use the 2600 as an access point in the upstairs of my home. Many thanks for all of the time that you put into these reviews.
    REPLY ON YOUTUBE

  13. That’s for a great review. Worth watching it all. Look forward to future videos on this router.

    Three questions; Do you think Synology will release a WiFi 6 upgrade to the MR2200ac? Maybe an MR6600ax?

    Also, can devices be assigned a frequency? Orbi takes control of that an many times connects 5GHz devices (like FireTV) to 2.4GHz when only in the next room. ????????‍♂️

    Lastly, I’m sure the answer is yes, but I didn’t see it covered, can you assign static IP’s or reserve IP’s for devices?

    Thanks again! I really love the ability to create a VLAN that merges with an SSID to isolate my IoT.
    REPLY ON YOUTUBE

  14. The usual lan limitation of all router you have only one 2.5gbe port. Now a router should have at least one 2.5 gbe (Better 5gbe as in Italy a phone company started to sell a FTTH 5gbe fiber connection at a good price in selected city) wan AND one 2.5 lan port (better 5gbe) and let a multi-g switch to manage the signal. Also it should manage analog phone otherwise we must pay for the router that provider offer
    REPLY ON YOUTUBE

  15. Very interesting review so thank you. You say you will be reviewing the Asus RT AX series….will you be doing this one?
    ASUS RT-AX89X 12-Stream AX6000 Dual Band Wi-Fi 6 802.11ax Router
    Cheers
    REPLY ON YOUTUBE

  16. Felicidades, es un buen ejemplo.
    250 sentadillas son unos 4.FO/L-J27g1 muchas y un buen ejercicio.
    5:25 Se deja ver que hay muy buenos resultados ????????

    Saludos desde la Cd.. de world ????????????
    los mortales abian apreciado tan hermosa mujer.
    REPLY ON YOUTUBE

  17. Hey
    Thanks so much for this very informative Video! 2 Questions though:
    1. Can you connect the router to a VPN, so your whole home internet traffic is secure? If so, what VPNs can be used?
    2. As some might know, wireguard is a very simple, fast and secure VPN solution. Is it possible to run wireguard as a server or as a client on this router? If there’s a option to install packages, really one should be able to potentially develop or manually install the option for wireguard as a client and perhaps even as a wireguard VPN server…..

    Many thanks!
    REPLY ON YOUTUBE

  18. Great review – thank you. Is there any way to limit the internet bandwidth available to a specific user / device or IP range? I usually allocate only 80% of the available internet bandwidth to make sure that no single user or device hogs all the bandwidth and that my downloads always have bandwidth available without impacting anyone else.
    REPLY ON YOUTUBE

  19. I have a Net Gear r9000 x10, do you think this rt6600 would be a good upgrade? R9000 has started dropping Wi-Fi and kicking me out of plex, on paper they seem to have similar specs, although net gear have tried to kill the router with firmware numerous times.
    REPLY ON YOUTUBE

  20. Just wondering. The new software disabled support for 4G dongle. But I noticed in your video around minute 31.45 that there is a mobile network section in the settings.

    I hope I can use my SIM with dongle. Been wanting to switch to Synology router for the longest time but couldn’t due to the poor support for SIM card.
    REPLY ON YOUTUBE

  21. Thanks for the thorough review but this is too little too late from Synology as an existing customer… I welcome SRM 1.3 VLAN and multiple SSID but these were promised and should have been out several years ago however they stalled SRM development to focus on DSM7. It has left a really sour taste in my mouth as I invested heavily with RT2600ac and 2x MR2200ac (along with multiple NAS) but have had to relegate the RT2600ac to just doing WiFi as an access point because of all bugs and the lack of development. I’m now using a PFsense router which is far more stable and has had better features, scalability and resilience for years. I’ll look at SRM 1.3 when it lands for my existing devices but when it is time to upgrade my mesh WiFi hardware I have no loyalty to Synology or confidence in their support for their network devices so i’ll be looking at other offerings.
    REPLY ON YOUTUBE