We are pleased to introduce the upcoming Firmware v4.9. This release focuses on delivering more precise network control and improved traffic management capabilities for a more reliable user experience.
Highlights of the v4.9 Evolution
New Features: Advanced Traffic Intelligence
New DPI-Powered Flow Control: We’ve split our upgraded Deep Packet Inspection (DPI) engine into three specialized tools for total visibility:
Data Statistics: Deep, real-time insights into traffic consumption by device and application.
Content Filtering: Intelligent application-level blocking to secure your network from unwanted content.
QoS Integration :Prioritizes critical traffic during network congestion.
New IoT Network
v4.9 introduces native IoT network support, allowing you to isolate smart home devices into a dedicated, secure environment without compromising your primary network's speed or privacy.
New AmneziaWG 2.0 Support (Server & Client)
Native support for AmneziaWG 2.0, an advanced WireGuard-based protocol. It offers enhanced connection security and a higher level of privacy for your data, available for both Server and Client modes.
New Access Control List (ACL)
Professional-grade traffic control that allows you to manage device access and network permissions with granular flexibility.
New SQM (Smart Queue Management)
Making its debut in v4.9, our SQM features a completely new architecture. Unlike traditional limiters, it manages packet queuing to eliminate "bufferbloat," ensuring ultra-low latency for gaming and VOIP even when the network is under full load.
Major Reconstructions: The VPN Evolution
The core of v4.9 is the total reconstruction of our VPN Failover architecture. We have replaced the previous "Waterfall" logic with a new Isolated Group Mode, designed for users who require absolute predictability in their routing.
The Evolution: v4.8 (Waterfall) vs. v4.9 (Isolated Group)
Group-based Matching Logic
Traffic is matched sequentially against policy groups (Group 1 → Group 2 → Group 3 → …).
Once matched, traffic is handled entirely within that group and will not fall through to others.
Multi-node Failover within Group (NEW)
v4.8 only supported a single node per policy
v4.9 supports multiple VPN nodes within a group
Traffic automatically switches between nodes when failures occur
Strict Group Isolation (vs v4.8 Waterfall Mode)
v4.8: traffic could “spill over” to other groups during failures
v4.9: traffic remains strictly within its matched group, ensuring predictable behavior
Per-Group Kill Switch Control: When all nodes in a group are unavailable:
Kill Switch ON → Traffic is blocked immediately
Kill Switch OFF → Traffic exits policy routing and enters fallback handling
Fallback Logic (All Other Traffic): For unmatched or exited traffic:
Allow Non-VPN Traffic → Direct WAN access
Enhanced Kill Switch → Traffic is blocked
Key Benefits:
Deterministic routing behavior
True multi-node failover capability
Strong policy isolation
Predictable and controllable traffic handling
Reconstructed Parental Control
A ground-up redesign of our parental control system. It now features an intuitive rule management interface and deeper integration with the DPI engine, providing more robust control over specific applications, content categories, and access schedules.
Refined Experience
Improved UI: Redesigned VPN and Wi-Fi Settings pages for a cleaner, more responsive interaction.
Expanded Encrypted DNS: Full support for DoT, DoH, and DNS over QUIC (DoQ).
Enhanced Tailscale: Support for Mullvad exit nodes, router-as-exit-node capability, and interface masquerading.
Supported Models & Early Access
Firmware v4.9 is currently rolling out progressively. Users of the following next-generation models can now experience these new features via our Beta channel:
Beryl AX (GL-MT3000) | Download Page (Select BETA tab) (More models will be supported in future updates. Stay tuned!)
Important Notes
VPN Kill Switch Reset: Due to the major changes in VPN tunnel failover logic (the new Isolated Group Mode), the Kill Switch for all VPN tunnels will be enabled by default after the upgrade to ensure your traffic remains protected under the new architecture.
Parental Control: As the Parental Control system has been completely reconstructed for better performance, previous configurations will be cleared during the upgrade . You will need to re-configure your rules in the new system.
I just hope that 4.9, and every future firmware release, brings consistency across all supported router models, along with solid quality and great documentation. We need stability and security first. Features are secondary.
Surprised the Flint 2 isn't listed in the early beta, Considering the specs of the router, Flint 2 to me anyway is still the flagship of the company when it comes to routers
honestly besides the Flint 2, I find it strange that the Brume 3 isn't following 4.9 with the other newer models since Brume 3 is still a new model.
Brume 3 was the first one with the beta DPI, and it was told to me that other models will follow up with the same beta features, it gave me the impression they would use Brume 3 for the DPI features but now the Brume 3 will be later released for this firmware.
it eye frowned me a little I hope not that they plan to abandoned older routers or routers which are still somewhat new at a later point... because Flint 2 is still a really good router as I use it dailly.
@xize11@Bolton@Aashish.007
The next batch will be rolled out gradually, including Flint 2 (GL-MT6000), Beryl AX (GL-MT3000), Beryl 7 (GL-MT3600BE), Brume 3 (GL-MT5000), and Flint 3e (GL-BE6500).
These devices will receive updates in phases to ensure stability and the best possible experience.
@Lun Can you tell us which routers will not be receiving the 4.9 upgrade? It would help users plan accordingly. In particular, will the A1300 be updated to 4.9? Right now, A1300 owners are stuck on 4.5.22, while most other supported models are already on 4.8.x.
Thanks for your question — we understand how important upgrade clarity is for users planning ahead.
We remain committed to maintaining and supporting older models wherever possible. That said, firmware release priorities depend on multiple factors such as CPU performance, available memory, user demand, and development resources.
For the A1300, the limitation is primarily hardware-related. The available system resources (especially flash and memory) are not sufficient to support the 4.9 firmware and its newer features in a stable and reliable way. In other words, it’s not just a matter of prioritization — the device simply doesn’t have enough headroom to run this firmware properly.
As a result, the A1300 will continue to stay on the 4.5.x branch, where we will still focus on stability and necessary maintenance updates.
We truly appreciate your understanding and continued support.
Thanks for the update re op on flint 2. However asking us to be patient when the op branch hasn't had an update since November is a bit ridiculous! The op branch remember was originally promised regular updates on flint 2 which it has not.
@Lun I can understand that the A1300 is not getting 4.9, BUT it is extremely disappointing news that it is stuck at 4.5, especially since 4.6, 4.7, and 4.8 were all repeatedly promised for the A1300 on this forum, and there is even a 4.7 beta. To learn that the device will never receive anything beyond 4.5 is a serious reversal. It leaves A1300 owners with an orphaned router and undermines confidence in future product commitments.
also why would the size be such issue, I mean most of the features are also integrated as a form of plugin, I noticed that firmwares shipped with DPI are significant more bigger in size.
But maybe these are not needed on routers such as GL-A1300?
I think this can still help with having the firmware up to date, I think all the new vpn features are not a big deal, but the DPI ones are.
It is completely disappointing - you already published 4.7 beta firmware for A1300 and it was mentioned that you skipped the stable version of 4.7 in favor of 4.8 and as was mentioned on Preventive Actions to Safeguard GL.iNet Users from BSSID-Based Location Tracking - GL.iNet , we expect the claimed feature - it was the reason why I’m bought this router also. Can you give any reason why we should buy next Gl.iNet router after that? i can understand if we don’t receive 4.9 firmware, but why we can’t receive firmware with claimed feature for this router?
Adguard Home is completely broken in this build. Using Mullvad as a VPN WG client and trying encrypted DNS on Adguard Home just doesn't work, instead hijacked Mullvad DNS are used no matter what.
Also I have problem with MLO. Every time the router boots MLO isn't working, I have to turn it OFF and then ON again to make it start.
But everything else seems solid so far, love that finally there is a proper encrypted DNS section with more customization.
Important Notes
I hope not that they plan to abandoned older routers or routers which are still somewhat new at a later point... because Flint 2 is still a really good router as I use it dailly.