SENSE Feature Requests
Comments
-
- PPTP VPN passthrough! A must feature for me to use it at all.
- Disable DHCP in Sense
- Assign static IP per device
- Remove old devices
- Statistics per device/Sense on used data, active time, connection speed statistics, blocked threats, tracking attempts etc.
- Speed limit per device (not just block all access as currently).
-
- Guest network (overdue)
- Ability to define VPN details and specify which devices should use the VPN connection and which should not. (For example, TVs and media players sometimes can't use VPN because they are often blocked by media companies like Netflix. So the SENSE should allow you to say "this device use VPN", "this device, don't use VPN".)
-
1.) Option to clear /delete the blocked threats page events.
-----Priority = Moderate. While this isn't a Top 10 feature need, it would be very helpful from a product usability POV.
Summary
More specifically, this feature should allow us to delete individual events or all of them at once.
The issue with not having this functionality is that the only way to "delete" events is to wipe the Sense device and then start over. It's just really easy to get lots of threat events right now (AKA All it takes is one HTTP page that is is a false positive for malware and that your device(s) are making lots of calls to). Once this happens, the logs then get really noisy which in turn completely defeats their usefulness. -
2.) Nex Gen Sense Hardware should support Gigabit Speed Support (w/all Security Features enabled)
Priority = Low for now (see my subequent post explaining more of the reasoning), but a very high priority to ensure that this makes it into the Sense v2 hardware product whenever the right time is for that to happen down the road. The Sense v2 needs to have a future-proof-ed CPU that can support the packet and inspection rates that would be needed. That way, the Sense Team could light up full gigabit support on launch of a v2 product (or alternatively, gradually light up higher bandwidth over time via future software updates that serve to unlock more and more of the underlying CPU horsepower). I'm not sure how much longevity F-Secure is looking to get on each hardware SKU they release (best guess would be 1-2 years each), but given that, I don't think that F-Secure would want to be headed into 2019/2020 without underlying Gigabit compatible hardware given where the market already is (and where it's likely to go).
Summary
The Sense is currently CPU limited to about 350 <-> 650 Mbps of upload/download bandwidth depending on your exact network patterns as laid out here:
https://community.f-secure.com/t5/F-Secure-SENSE/What-is-the-routing-and-WiFi/ta-p/93695This is very challenging for anyone paying their ISP for 400 Mbps+ worth of bandwidth. We are all essentially being capped by our Sense devices vs. our actual ISPs and thus throwing $$$ and precious bits and bytes down the drain every month
Also to be clear, Gigabit speed means Gigabit speed with all of the normal security features that we'd use being fully enabled. Don't give us Gigabit speed only if we strip down our security by disabling a bunch of important security settings. Otherwise, what's the point of buying a Sense vs. picking up one of the many Consumer WIFI routers that is capable of running at Gigabit speeds?
To be more specific, there are at least 13 or so Consumer Routers that can more or less fill a Gigabit link (let's say 930-ish Mb/s) as shown via Small Net Builder's LAN <-> WAN benchmarks.
- https://www.smallnetbuilder.com/tools/charts/router/bar/180-lan-to-wan-tcp/35
- https://www.smallnetbuilder.com/tools/charts/router/bar/179-wan-to-lan-tcp/35
Now to be fair, these routers don’t fit in what we might call the emerging “Consumer Security Router” product category, which I would loosely define as the:
- F-Secure Sense
- Norton Core
- Asus RT-88U (with Trend Micro’s AI Protection enabled)
And that category matters of course, because a Security Router is always going to be doing much more packet / flow intensive work than a regular router would.
That said, Asus is already doing a solid job of blending IOT security features (via their bundled AI Protection from Trend Micro) with the normal benefits that you can get from what I might call a tradtional WIFI router (these devices have lots more features even if they may be lacking in security compared to the Sense). Net, net there is real competition here in this space for Sense (even if the Norton Core team has been busy dealing with product quality issues as of late. For more details, scan the history of the Norton Core's slowly, yet gradually improving Amazon ratings over the last 6 months. Also to be clear, I mean no disrespect to the Norton Team here. My point simply is that Norton will eventually release a v2 and the F-Secure needs to be both ready and to not underestimate it when they do.
Why should this be Addressed?
Here are some key stats to help show the size and growth of how this problem will grow if it is not addressed in F-Secure's next hardware platform
- Analysis of deployments indicates that 219 million people globally now have gigabit Internet available to them (as of 5/2017)
- There are currently 603 (I'm assuming they mean ISPs here) gigabit Internet implementations, up 72% from last June (as of 6/2017)
- The United States has the highest number of people with access to gigabit Internet at 56.4 million (as of 5/2017)
Sources
http://www.broadbandtechreport.com/articles/2017/06/a-look-at-gigabit-s-growth-trajectory.html
http://www.broadbandtechreport.com/articles/2017/05/viavi-gigabit-available-to-219-million-people.html -
3.) MAC Filtering
Priority = Very, very High. IMHO, this should be high on the Product Management and Engineering Team's short list (along with other key table stakes type features still missing like Guest WIFI, etc.)
Summary
Hopefully, MAC Filtering needs little introduction, explanation, nor justification for it to be included towards the top of the list as it's a bread and butter type feature. Without MAC Filtering, we have a a much more limited ability to implement standard Layer 2 security best practices using "Default Deny" type techniques.
-
4.) Tracking URL White Listing
-----
Priority = Moderate
Summary
Implement a list, which collects all tracking URLs that are being blocked and provide a method or setting for users to whitelist them individually in the future. This would definitely be very helpful to have. That said, from a priority POV, I would still put it below other key missing features like MAC Filtering in case it helps.
-
Yeah, 1SK, I 100% agree with you, and so I should probably better clarify my last post there.
I agree with you that the current top priority right now should be to round out the Sense v1 product vs. throwing all of their resources at the Sense v2 product. My point there was simply to say that I feel that the team should keep the CPU in mind one they get to their v2 planning.
The key thing about Product Management and Engineering Teams is that different parts of the team are often simultaneously working on different generations of products at different times of the year. So I just want to make sure that the CPU limitations in the v1 product is something they keep in mind for their Roadmap planning whenever the time is right for them to get to it.
-
Hi!
I bought a Siemens dishwasher which came with application control via mobile phone (Home Connect). Connecting dishwasher to wifi (yes I know) went well but when I tried to connect dishwasher to mobile phone I got errors. It turned out that Home Connect requires multicast-routing from access point.
I replaced Sense with old Apple Airport -access point and Home Connect worked fine and I got dishwasher and mobile phone paired. But when I changed Sense back in duty connection broke down again.
So what we need is to Sense stop blocking multicast-traffic!
Thank You!
-
Decided to also post this info on this topic also, since a lot have been waiting for this:
Happy to inform everyone that the latest firmware and latest beta app now shows the option for the guest network in the network settings.
Firmware version is 2018-03-21_01 - p-1.5.1.48
You can force firmware update with probably just rebooting sense by unpluggin it from the power.
(or set the router updates to immediately before reboot)
-
With the last Windows 10 update, Microsoft killed the HOMEGROUP feature. Since then, my hostnames on my home network are not resolved anymore. Since all my devices connect to SENSE, and it knows which device is connected on which LAN IP, perhaps it could provide a local DNS service for hostnames on the LAN?
-
Umm sense or any other router always provides local dns?
And for the windows issue, check this article on how adapt to the new ms style https://support.microsoft.com/en-us/help/4091368/windows-10-homegroup-removed
-
I don't think this is a normal function of a router, but SENSE is also more than a router, as we are told.
That Microsoft article is only partially helpful, my use case is my Raspberry to which i connect via ssh from my Windows system. As long as I had HOMEGROUP, I could use commands like ping raspy, or ssh raspy. Now, I must use the IP adress to connect.
I know, first world problems, and I am aware this is more a comfort feature than a necessity. But one can always ask - I have no idea how hard it would be to implement, or if anyone other than me would ever make use of a feature like this.
-
DNS seems to be a simple service, but is't very hard to implement properly due to all the extensions made over all these years it existed... Pleas consult the DNS Camel:
-
Please add support for 802.11k, 802.11r, 802.11v protocols and apply WiFi Alliance Easy-Mesh, so we can add multiple WiFi Access-Points and build proper roaming WiFi networks
https://www.wi-fi.org/discover-wi-fi/wi-fi-easymesh
-
Thinking of buying a SENSE router but I miss some features that I find important.
Viruses do not only spread from the internet, some IOT devices are even shipped with malware. A scenario that would leave your other devices on LAN exploited with this router, right?
It would be nice to able to isolate for example IOT devices on a different subnet than your other devices such as PCs, storage aswell.
Maybe this is already in place? But I find it impossible to find a complete list of features or roadmap for this promising router.
Wishlist:
-IEEE 801.1Q (VLAN) on lan/wifi for segmentation
or some other feature for microsegmentaion.
Nice to have:
-IEEE 802.3ad (LACP) Link aggregation
Thanks!
/Ahrmat - "The 'S' in IOT stands for security" -
-
Dear Sirs,
> I got my Bosch washing machine working on Sense.
I wonder if F-Secure Sense supports securing Tesla battery-electric automobiles, e.g. model 3 / S / X / Roadster / Semi?
(Note: Teslas receive frequent firmware updates through Wifi / 3G, including such critical areas as anti-skid braking control logic, so they should be well-protecte when connecting to the net.)
Thanks in advance, BR: Tamas Feher, Hungary.