Three Router Security Featuring Norton Core: Segment & Secure Your Home Network!

Buy a Norton Core: (affiliate link) – Using a Norton Core router I demonstrate Steve Gibson’s “3 dumb router” home network security method. We’ll create two isolated networks that will separate IOT devices from our computers while sharing the same Internet connection. See more Norton Core: and subscribe!

02:10 – Disclaimer: Not for networking experts
02:54 – Public / WAN port defined
03:01 – Local / private network explained
03:39 – NAT / Network Address Translation
05:12 – Device to device on the local network
05:27 – How a lightbulb can infect your computer
06:39 – Norton Core can prevent attacks
07:14 – Using a guest network to isolate devices
07:56 – Setting up a guest network on the Norton Core
08:44 – Limitations of a guest network
09:46 – Introducing 3 Dumb Router Solution
09:57 – Insert Security Now Card –
10:19 – Three dumb router topology
12:44 – Configuring the gateway router
14:52 – Configuring the Trusted Device router
16:34 – Understanding how local IP addresses work
18:58 – Why default IPs for local network might be problematic
19:18 – Configuring the Norton Core to manage untrusted devices
20:39 – Connecting an untrusted IOT device to Norton Core
21:12 – Network isolation demo
23:00 – Connecting directly if configuration changes are required
23:17 – Using Norton Core deep packet inspection for more security
24:54 – Summary of what we built
26:17 – Make sure routers are supported by manufacturers

See Steve Gibson’s podcast on the topic here:

This was a fun project that I’ve been meaning to do for awhile. It’s an easy way for networking neophytes to very easily and securely segment parts of your network.

Why would you want to do this? The main reason is that “Internet of Things” devices have proven themselves to be very vulnerable to outside attack. By making your home computers inaccessible to the IOT portion of the network you lower the risk of compromise.

In this video we also have the Norton Core apply its deep packet inspection to the untrusted IOT segment of the network to further prevent infection.

Subscribe to my email list to get a weekly digest of upcoming videos! –

See my second channel for supplementary content :

Visit the Lon.TV store to purchase some of my previously reviewed items!

Read more about my transparency and disclaimers:

Want to chat with other fans of the channel? Visit our forums!

Want to help the channel? Start a Member subscription or give a one time tip!

or contribute via Venmo!

Follow me on Facebook!

Follow me on Twitter!

Catch my longer interviews in audio form on my podcast!
or the feed at

Follow me on Google+

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to and affiliated sites.


usmle datatransfer says:

Very informative video Lon, Thnx.

Can you please also make a video on how to setup CUJO and Norton Core together on combo router?

Free Saxon says:

The Asus router is the very best

Calvin Hoe says:

Great learning vid, Lonie

Rick-jk says:

I’m sorry to say but this is one of the worst router know to man. I like your video but it make me sad to see you promote such a terrible product.

lotsarats says:

14:36 thats one high quality patch cable you got there

Lon.TV says:

I’ll note a few things and try to answer some FAQs in this pinned comment:

1. This method does not require the Core (it’ll work with any combination of routers) but I do think the Core can add an extra layer of oversight for the untrusted portion of the network.

2. The Core does have subscription fee after the first year of ownership ($10/month) for definition updates. I covered the fee structure in the original review.

3. You’ll note the camera had a different IP address (172.16.1.x vs. the 172.16.0.x) – I think the Core must be doing some internal segmentation as it was running with the IP address I expected when we looked at around 19:18.

Brian Wheeler says:

The concept seems good. Thinking of using google mesh for gateway and attaching trusted and IoT router through switch. Thoughts?

Jose Bonilla says:

I’m going to save this video for future lectures, I’ll let you know when I give that lecture this is a very great introduction to networking security. I hope I have your permission to use this in my class.

TechZACH16 says:

I understand that you’re an independent content creator and that the way I pay for your services is by being subjected to sponsored videos and ads… but please don’t work with Internet security companies anymore. It’s really contentious and I think it hurts you more than it helps you. Just my thoughts. All the best. Hope you have a nice new year.

Larry Phillips says:

Hi,I ,also,watch Security Now; But I use a cable router it doesn”t have any WAN connections. It has telephones connections,also.What can I do ,if anything?

Rich Grega says:

After your first year of use, the Norton Core router’s continued protection costs $9.90 per month, which wasn’t mentioned!

How does the Norton Core router compare to the Cujo firewall device / the Bitdefender’s Box / F-Sense Sense / Bullguard’s DoJo? I had nothing but issues with the Cujo – it finally disabled my main router and I had to do a factory reset to the router to finally get back it back functioning. The Cujo was a disaster and it was returned! I ended up using Steve Gibson 3 router solution for my network security:

Tocăniță de jocuri says:

So Norton/Symantec learns to do stuff that OpenWrt does for years..

charlie brownau says:

Why the HECK would you want to share the internet with Windows in 2017 ? Grab a small Travel Router or proper ADSL/Cable Router/modem/AP

Hacim Llih says:

You are my most trusted geek reviewer Cap’n Lon Sir.. but you lost me at brand mention of ‘Norton’.. renowned for decades for being a fugly resource hog! I’ve been avoiding them like the plague for over a decade now. (McAfee even worse ;])

Justin Krezelak says:

Pretty sure the entire point is that the Norton Core is supposed to be your “trusted router”.

Kobayashi Maru says:

Lon. Wouldn’t setting up a VLAN with your existing router work as well?

Antonio Schneider says:

Hello Lon! Great video, tanks for taking the time to explain. I was wondering if you could help me: I have two routers from Linksys (office and home, I live nearby) and I share the main router internet with my home connected by a CPE from TP-Link. Both are DHCP servers ( and I have an raspberry pi on my house and controlling all my smart home devices. Everything works just fine. My problem is that I also have a few smart home devices at office and I cannot make some of them to work because I cannot read the MAC addresses from where my server is (2.1 to 1.1). I can see MAC addresses from my office to my house (1.1 to 2.1). Any idea why this is happening? CPE is connected to LAN 1 and the other to WAN at home. Thanks a lot!!!

ikkuranus says:

It seems like Symantec is sending that crap to many of my favorite channels.

Adam Kingsley says:

So you’ve double nated everything? Or did you assign the additional routers to a DMZ?

I think the only way to do this with the setup you have is to use the guest network on a router (although this doesn’t give you a port) it’ll create the isolation you need.

Also adding in the extra routers adds extra WiFi signals. You have to make sure you’re not stepping on each other’s toes with that. Could really affect WiFi performance.

 Write a comment


Do you like our videos?
Do you want to see more like that?

Please click below to support us on Facebook!