Router Security New Router Website by     
Michael Horowitz 
Home | Introduction | Router Bugs | Security Checklist | Tests | Resources | Reviews | About | Search |

2016 saw a new wrinkle regarding setting up a new router - routers that have to be online to be configured. Prior to 2016, the only router I knew of that worked this was the ZyXEL Armor Z1 router - it did not let you access the routers' administrative interface without an Internet connection. The Google OnHub line of routers also can not be accessed, even locally, unless they are connected to the Internet. I believe the same is true of eero and Luma. It is not true of the Netgear Orbi or the Ubiquiti AmpliFi router systems.

I think this is a bad idea. For one thing, if the hardware manufacturer goes out of business, the router becomes a paperweight. Also, you can never be sure what data is being collected by the hardware manufacturer. So, none of what follows applies to a router where the manufacturer requires it to phone home. I have ruled out all such routers from consideration.

New Router Initial Setup

Every set of instructions I have seen from a router manufacturer says to start the new router setup by plugging the router into the Internet. I disagree.

While a new router needs to be online to get bug fixes (a.k.a. updated firmware) I would first make the changes below while off-line*.

You may even want to turn off WiFi altogether.

I would not make all the changes suggested elsewhere on this site however, because new firmware may modify or wipe them out.

Even after changing these default values, I would still not put the router directly on the Internet. It is safer to plug it into a LAN port on an existing router. This puts a firewall in front of the new router, yet still lets it download updated firmware (the operating system in the router is referred to as firmware).

This plan has one potential problem however: IP address conflicts. If the existing router is, for example, and the new router also defaults to the same IP address, bad things will happen if the new router is plugged into the old one. When plugging a new router into a LAN port of an existing, online, router you want each router to use different IP subnets. That is, if both routers are using 192.168.1.x, then modify the new router to use 192.168.22.x or anything other than what the existing router is using. Changing the default IP address of the new router, is something that should be done anyway.

Once the new router is plugged into a LAN port on the existing router, then update the firmware in the new router. The procedure for doing so varies drastically, so I can offer no step-by-step advice. However the router updates its firmware, experience has taught me not to trust it. Even if it says that it has the latest and greatest version, I suggest verifying this manually at the website of the router manufacturer.

Be aware that you may need to update the firmware more than once. For example, a router that shipped with firmware version 5, may have to update to version 6, then version 7, then version 8. It may not be able to update directly from version 5 to version 8.

After the firmware is brought up to date, take the router off-line and make the changes suggested elsewhere on this site.

My experience has been that it is faster, easier and more reliable to make these changes from an Ethernet connected computer (plugged into one of the LAN ports) rather than WiFi.

This page was last updated: November 2, 2016 5PM CT     
Created: June 3, 2015
Viewed 6,497 times since June 3, 2015
(11/day over 595 days)     
Website by Michael Horowitz      
Copyright 2015 - 2017