As mentioned earlier, the RT2600ac runs Synology's SRM router OS. Craig's RT1900ac review does a good job detailing SRM features, so go there if you want a rundown. SRM has now advanced to V1.1.3 (for both routers), bringing new features to both routers.
Synology RT2600ac landing page
Synology provided the following summary of new features in SRM 1.1:
- Smart Connect: 2.4 / 5 GHz band steering, customizable by signal strength, load balancing or both.
- Smart WAN: Designate a secondary WAN interface and set up automatic network failover or load balancing. Customizable routing policies also make it possible to route traffic through a specific interface according to the destination or source address.
- Application Layer or Layer 7, Quality of Service control shows the bandwidth consumed by individual applications and devices. Restrict the amount of bandwidth for specific applications, without affecting the rest, and generate traffic usage reports sorted by application and device.
- Intrusion Prevention (Beta): With the intrusion detection system (IDS) and intrusion prevention system (IPS), SRM 1.1 can analyze network traffic in order to detect or detect and block malicious packets and requests from entering the user's local network.
- Content filtering: Parental control and traffic filtering now includes Google SafeSearch integration and the ability to add three customizable profiles to fine-tune and block access.
- File syncing and backup: SRM 1.1 supports running Synology's Cloud Station Suite, allowing users to sync files to computers with Cloud Station Drive or back up files from Windows, MacOS, and Linux computers in real time with Cloud Station Backup.
The Intrusion Protection feature bulleted above is one of the two add-on packages that are new to SRM 1.1. The other is the VPN Plus server shown at the top of the Package Center screenshot below. Both are Beta versions and add significant features to the SRM OS.
Synology RT2600ac Package Center
Intrusion Protection is said to add intrusion detection system (IDS) and intrusion prevention system (IPS) features. You need to connect USB storage before you can install the package. I threw a 2 GB flash drive on, which was enough to allow installation. The package automatically allocated 500 MB of storage for logs. Synology doesn't officially specify a minimum storage value for the Intrusion Protection package, but estimated it was probably around 256 MB. However, this wouldn't allow storage of many (if any) logs.
Intrusion Protection add-on package
Intrusion Protection signatures
I ran a quick internet speed test with Intrusion Protection enabled and it didn't appear to affect my 10 / 1 DSL connection at all, which I realize isn't saying much. Synology's reviewer's guide said its internal tests clocked SSL VPN bidirectional throughput at 103 Mbps and OpenVPN at 53 Mbps, but didn't spec WAN / LAN throughput with IPS enabled.
VPN Plus expands secure connection options beyond the PPTP, Open VPN and L2TP/IPsec options in the original VPN Server add-on, which is still available, but now marked as a "legacy" package. VPN Plus adds licensed Synology SSL VPN, clientless WebVPN and SSTP options to the non-licensed PPTP, OpenVPN and L2TP/IPsec options supported in the original VPN server add-on. One license is included for the new VPN servers, with the ability to purchase more licenses coming later.
Intrusion Protection add-on package
While we're reviewing features, let's take a quick look at Wireless controls. WPS is supported and enabled for PIN and push button methods by default, but can be disabled. Although it's not a wireless feature, but is of interest for security, UPnP is also enabled by default, but can also be disabled. A list of devices and ports opened by UPnP is also available.
As mentioned above, Smart Connect aka band steering is supported and can be tweaked by signal strength, load balancing or both as shown below.
Smart Connect settings
A guest network can be enabled for each band. Each has controls for wireless security, enable time, AP isolation (prevents clients from communicating with each other) and local network access. Wireless controls for each band are shown below. Some settings shown have been changed from the defaults, which set channel to Auto. Transmit power options are high / medium / low and WPA/WPA2 Enterprise options are also supported. Some 5 GHz DFS channels are supported, too (52,56,60,64,100,104,108,112), but channel 165 is not when channel width is set to 20/40/80 MHz. If you set this selector to 20 MHz, you'll see channel 165.
The only glaring omission is support for wireless bridging (Synology says is will add support for WDS bridging "later this year"). But the router can be set to AP mode.