I am a Sonic FTTN customer who is being forced to rent the 5268AC FXN to receive service. There are some serious problems with this device, not counting the ridiculous rental fees we're forced to pay for it.
For me, the most serious one is there is no true bridged mode on this device. The best you can do is DMZ+. The two are not the same. Bridging is performed at OSI levels 1-2, while DMZ+ is done at level 3. DMZ+ basically forwards all the ports to the device you specify, but the routing functions are still there. Because the 5268 AC FXN does not have a true bridge mode, whenever there are problems, they are glaringly obvious.
There is one particular problem which is not just annoying, but a potential security vulnerability. Basically, whenever you put your 5268AC FXN in DMZ+, the "block ping" function ceases to work. Instead of forwarding pings to the router behind the 5268AC FXN to handle, the 5268AC FXN replies to the ping. A consumer connection does not need to reply to pings. In fact, replying to them is even dangerous and can lead to attackers flooding your visible address with traffic. As far as I know, you can't even change your IP address to mitigate this problem.
The 5268AC FXN does have a "block ping" function, but the function doesn't work when you enable DMZ+. Are there any workarounds? Not really. You can go with double NAT instead of placing the 5268AC FXN in DMZ+. It will then block pings properly. But then you run into all the problems that double NAT might cause, which could vary depending on how you use the connection. Ultimately, the reason I want to be able to bridge (truly bridge, not just DMZ+) AT&T's device is because I don't like its bug-ridden, unintuitive, and laggy interface, and I want to use my own router in its place. Even my local cable ISP allows me to bridge its modem.
I am not the only person who's noticed this problem. Others have reported this problem, and there are no signs that AT&T cares, let alone has any intention of fixing it:
https://forums.att.com/t5/AT-T-Internet ... -p/5150057
http://www.dslreports.com/forum/r314580 ... -my-5268AC
https://community.sophos.com/products/u ... 1-and-ping
This is a serious enough problem that I'm going to cancel service very soon; if I don't, I'll be past the period during which I can cancel without incurring an early termination fee. Since I'm not technically an AT&T customer, I can't do anything to persuade them to fix their buggy firmware. I know this isn't directly Sonic's fault, since the 5268AC is from AT&T. But surely you have enough of a business relationship with them to convince them to fix this problem. Sonic's wiki indicates that bridging was once a possibility, but since I am a recent customer, I must have gotten a newer version of this garbage that no longer offers a true bridged mode:
https://wiki.sonic.net/wiki/Pace_5268AC#Bridged_mode
For me, the most serious one is there is no true bridged mode on this device. The best you can do is DMZ+. The two are not the same. Bridging is performed at OSI levels 1-2, while DMZ+ is done at level 3. DMZ+ basically forwards all the ports to the device you specify, but the routing functions are still there. Because the 5268 AC FXN does not have a true bridge mode, whenever there are problems, they are glaringly obvious.
There is one particular problem which is not just annoying, but a potential security vulnerability. Basically, whenever you put your 5268AC FXN in DMZ+, the "block ping" function ceases to work. Instead of forwarding pings to the router behind the 5268AC FXN to handle, the 5268AC FXN replies to the ping. A consumer connection does not need to reply to pings. In fact, replying to them is even dangerous and can lead to attackers flooding your visible address with traffic. As far as I know, you can't even change your IP address to mitigate this problem.
The 5268AC FXN does have a "block ping" function, but the function doesn't work when you enable DMZ+. Are there any workarounds? Not really. You can go with double NAT instead of placing the 5268AC FXN in DMZ+. It will then block pings properly. But then you run into all the problems that double NAT might cause, which could vary depending on how you use the connection. Ultimately, the reason I want to be able to bridge (truly bridge, not just DMZ+) AT&T's device is because I don't like its bug-ridden, unintuitive, and laggy interface, and I want to use my own router in its place. Even my local cable ISP allows me to bridge its modem.
I am not the only person who's noticed this problem. Others have reported this problem, and there are no signs that AT&T cares, let alone has any intention of fixing it:
https://forums.att.com/t5/AT-T-Internet ... -p/5150057
http://www.dslreports.com/forum/r314580 ... -my-5268AC
https://community.sophos.com/products/u ... 1-and-ping
This is a serious enough problem that I'm going to cancel service very soon; if I don't, I'll be past the period during which I can cancel without incurring an early termination fee. Since I'm not technically an AT&T customer, I can't do anything to persuade them to fix their buggy firmware. I know this isn't directly Sonic's fault, since the 5268AC is from AT&T. But surely you have enough of a business relationship with them to convince them to fix this problem. Sonic's wiki indicates that bridging was once a possibility, but since I am a recent customer, I must have gotten a newer version of this garbage that no longer offers a true bridged mode:
https://wiki.sonic.net/wiki/Pace_5268AC#Bridged_mode
