The TL;DR version of the Roqos service and Roqos Core WiFi router is that it’s a beast of a piece of hardware with a subscription cybersecurity and parental control service.
Also this is based on the software available as of 11/30/2016. As their software is a work in progress if you’re reading this more than two months out you can guess that the issues I mention later will be addressed in later downloadable updates. Or another moving target review that will be outdated shortly.
The hardware on the Roqos Core is quite overpowered for the job it’s tasked with. That’s a good thing. They claim to be the most powerful WiFi router for homes, and processor wise I don’t doubt it.
A router with four 64-bit 2GHz cores, two gigs of operating memory, and eight gigs of storage built in makes this more powerful than an average computer. If you’re technically minded you can flash other things to it and run whatever you want as your router config of choice. Also looks like you can expand on it as well.
It’s a dual band n/ac router with a total bandwidth of 1600Mbps. Seems to work pretty well in a heavily WiFi trafficked area. There was never time for a fair test in either of the locations I can properly benchmark, but it’s working great in the office.
Aimed at parents?
Here’s where my issues start. This is a major beast of a product that does enterprise grade packet inspection, IPS, content filtering, and it’s being lobbed at homes/parents and not small businesses.
As I do that baby blog and take on a parental perspective quite a bit, and having used other parental-based routers such as Cleanrouter, I find the Roqos current parental controls and reports lacking.
While you can limit times of day that a child’s devices can be on the internet, and you can block sites based on some sort of list, you can’t set time limits per site. If you’re not a parent you might not have wanted to block YouTube after hearing the song “Daddy Finger” for 30 minutes straight. All the rest of us want kiddo off YouTube and Barbie.com after a certain amount of minutes.
Also in the current version, you cannot view what sites your child has been to or what has been blocked and attempted. I did a quick test and was able to be blocked by accessing a blocked domain name, but I could look up the IP address using a non-blocked tool online, then enter that in, and bam… stuff I shouldn’t be into.
Without a detailed report I have no idea what a kid could be doing to try and circumvent the blocks I’ve put in place. I have no idea that they’re visiting a 4chan mirror. Why’s my kid laughing right now? Are they on smbc-comics?
I also have no idea if they’ve installed a VPN and are just completely bypassing the router blocking anything. How much bandwidth is Suzy using? Why is Bobby’s computer making 1,000 connections on port 6889?
I’ve gotten emails that they’re working on fixes in the next couple of months that will let you find more out about what your kiddo is doing, but for now the parental aspects of this are lacking.
There also seems to be no way to rate-limit your cousin’s kids, or block an IP, or stop VPNs that get around everything, no options I can find for QoS for your Vonage phone, etc.
So aimed at small businesses then?
The hardware is more than powerful enough to handle hundreds of connections. It really shouldn’t have any issue inspecting traffic at up to the speed limit (based on their ports,) of a gigabit if I did the math correctly, so I decided to try it in my small business.
One of the first things I did was put a tenant who’s constantly infected behind it. He’s running Windows XP or 7, been hit with at least two cryptolocker viruses, and occasionally his computer has been known to attempt to route all traffic through his network card. So far so good, although the lack of it saying suspicious connection attempted on his computer, when my phone gets blocked on a regular basis, does worry me.
The block notifications are simply that it found something suspicious and blocked it. No word as to why it’s suspicious, it gives you the IP address but leaves it up to you to pull ARIN or RIPE info from it, and you get that notification on your account.
I added a couple more people we provide internet to, things were going swimmingly until one day I got a call that the internet was absurdly slow.
I checked the Roqos and discovered it had lost the internet settings and pulled new ones via DHCP. As I have multiple gateways with routers behind them, it pulled a DHCP address to the slowest possible connection. I didn’t even know DHCP was on at the gateway.
Turns out if the Core loses internet for some short number of minutes it attempts to pull DHCP. Not an issue in a home, but if you’ve got a small business with multiple gateways it’s something you want an option to disable. There’s no option currently.
There’s also currently no IPv6, no DMZ (although you can forward port ranges,) no tertiary plus DNS, no ability to define a DNS server for a DHCP client, no port isolation, and no firewall configuration in case you just happen to find out you need to block port X going in or out. Port triggering? Not seeing it.
In short the software is not quite what a small business wants yet.
Who’s it perfect for?
I don’t know yet. The person who wants the hardware to flash a new router ROM on it isn’t going to be interested in paying for a year’s subscription to the service. The home and parental units it’s aiming at are going to not particularly be thrilled that they can’t see what their kid is doing and they’re paying essentially an automatic shutoff timer.
It looks like Roqos may have also started selling just the router with a year of service included as opposed to a free router with a year of service contractually obligated. I’ll skip talking about the service plans at the moment.
The hardware has the potential to be the greatest router on the market. The software is somewhat underwhelming at the moment. The interface is acceptable.
They’ve got the potential to be great, and the hardware’s already there. Just the software is a wait and see.
I’ll check back with this in a month or two. Great potential, but whether the company will follow through we’ll see.