Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

In Use

You monitor and control CUJO with an iPhone or Android app; CUJO does not have a web-based administration interface. I loaded the app on an iPhone. The app has menus for Account Setup, Settings, Threats, and Devices as shown below.

CUJO Menus

CUJO Menus

The Account menu is a simple menu for entering your email address, cell phone number, and password.

The Settings menu allows you to change modes (Direct/DHCP or Bridge), to enable or disable Push Notifications for security threats, set a PIN code, activate or deactivate the firewall, enable the display of flow details and a menu option called Eyes On. I assume the Eyes On option is intended to turn on/off the eye ball indicators on the firewall, but it didn't seem to work. CUJO's eyes stayed on whether I checked or unchecked Eyes On.

The Device menu shows all the devices CUJO has discovered on your network. With this menu, you can see a list of discovered devices on your network as shown below.

Device List

Device List

Further, you can specify whether the device should have access to the Internet and whether it should be monitored and/or protected by the CUJO. The default is for all discovered devices to have Internet access and be monitored and protected. I tested the Internet connectivity feature by running a continuous ping to Google from a laptop behind the CUJO, then used the CUJO app to disable Internet access to my PC. It worked as expected, the pings from my PC to Google failed until I re-enabled Internet access on the CUJO app.

An interesting feature in the Device menu is being able to see "flow data" on each monitored device. This option allows you to see on your smart phone what each device has connected to and the packet counts and bandwidth (in bytes) used by that device in the last 24 hours. As you can see below, one of my devices has sent / received a total of 48,273 packets and used 7,708,268 bytes of bandwidth in the past 24 hours.

Device Flow Data

Device Flow Data

Missing from the Device menu are tools to edit device names or delete devices that are no longer on the network. It would be nice to be able to assign custom names to devices as desired. Further, once a device is no longer on the network, it would be nice to be able to delete it to reduce the number of devices in the device list.

The Threats menu allows you to see the last 7 or 30 days of threats. You can filter the view of threats by just looking at All threats, Critical threats, Blocked threats, or Unblocked threats. Note that CUJO documentation does not provide definitions of these threat categories. The screenshot shows the threats detected on my test network.

Device Threats

Device Threats

I ran CUJO on a small network with my PC and iPhone actively monitored by CUJO. In two weeks of general Internet and email use, neither my PC or iPhone triggered a CUJO alert or push notification. But that's not really a good test. So I reached out to CUJO engineering for advice on how to see if CUJO blocked actual threats. They directed me to ianfette.org, a non-malicious site for testing malware detection. Sure enough, browsing to this site from a PC behind the CUJO resulted in this browser screen on my computer...

Blocked Webpage

Blocked Webpage

...and this threat message on the CUJO app.

Threat Details

Threat Details

But Firefox 48.0.2 also blocked the site without using CUJO

Firefox ianfette.org block

Firefox ianfette.org block

...as did Chrome Version 52.0.2743.116 m (64-bit).

Chrome ianfette.org block

Chrome ianfette.org block

Only Internet Explorer 11.0.9600.18015 failed to block the site, but showed only "Nothing here" on an otherwise blank page.

To test CUJO on actual malicious websites, I did a Google search on known malware domains. I tried browsing to a listed attack site, ksdiy.com and a phishing site, spaceconstruction.com.au. (I don't recommend browsing to these sites unprotected.) Both resulted in the CUJO messages shown above, indicating the CUJO firewall detected and blocked actual malicious websites.

As a final point on using the CUJO firewall, it appears to me CUJO is designed to be easy to use with minimal amount of controls. As such, there are no traditional small network firewall menu options for port triggering or port forwarding. There also isn't a menu option for creating firewall rules to permit or deny specific types of traffic, although you can override a blocked device using the CUJO app. There also isn't an option to put a device in the firewall's Demilitarized Zone (DMZ), although you can disable CUJO monitoring of a specific device. CUJO engineering mentioned they are working on a possible advanced User Interface to provide these levels of functionality.

Additional future functionality planned for the CUJO are parental controls including content filtering and the ability to schedule Internet use. These features are planned in fall 2016, in other words, within a few months of this review. Other planned CUJO features without a rough release date are URL blacklists and whitelists and VPN capability. CUJO is also planning an additional security checkup service to provide anti-virus protection.

Closing Thoughts

I like CUJO's innovation and focus on home network security. It appears they have met their goal of making a friendly and simple to use firewall. The handheld app is certainly easy to use.

CUJO costs $99, which includes a 180 day trial license. After that, you need to pony up $8.99 / month, $26 for three months, $49 for six months or $80 for a year of service. If you're a true CUJO believer, you can opt for a lifetime subscription for $800.

My main concern is with installation. It's nice to have options, but this runs counter to CUJO's goal of being easy to use. One installation method is easiest, which is what CUJO should have, just like Circle With Disney already has.

Unless all you're doing on your network is web surfing, email, and streaming Netflix, I wouldn't use CUJO's DHCP mode because it creates a double-NAT situation. This will break remote VPN capability and could hinder VoIP or gaming traffic. Bridge mode is the better mode from a network standpoint, but it requires additional equipment. Both DHCP mode and Bridge mode on the CUJO are going to require the end user make changes to their network, which can be a daunting task for the non-technical. In my experience, if a network device isn't plug and play for home users, it's going to be a hard sell.

As I've noted throughout the review, CUJO has big plans to enhance the product's capabilities. But buying a product based on future plans from a young company trying to get established is not recommended. Either buy CUJO based on what it does today, or wait until it has the features you want.

CUJO is not going to be for everyone, particularly those uncomfortable with any cloud service looking at any part of their internet traffic. But for home users who want to protect all devices on their network, whether they run anti-virus / malware apps or not, CUJO could be worth a try.

More LAN & WAN

Top Ranked Routers

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello, first posting, a complete newbie as far a routers go, last purchased the D-Link 615 (Version B).I purchased the AC3100, refurbished router, fol...
just update to 3.0.0.4.380.7743 and am now having problems. After about 30 min. I get message that system rebooted and port # changed, need to disconn...
Hello...been a while since I've been around here but I've got a legitimate issue that some smart minds can definitely help me figure out.. I've got an...
Using the latest Merlin beta firmware on an AC68 and trying to install DNScyrpt. Used the instructions here:https://github.com/RMerl/asuswrt-merlin/wi...
Hey guys,I have two issues with my router, and I'd really really appreciate any help I get:1. Somehow I blocked LAN access of my router. Now to add to...

Don't Miss These

  • 1
  • 2
  • 3
Get Backblaze Now!