Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Update as of Jan 30th 2023
TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
As the official firmware has been released to fix the issue, this thread will be locked to stop updating.
Any further issues or concerns, please feel free to Start a New Thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
Updated on July 29, 2022:
Add the Beta firmware for ER605 V2.
ER605_v2_2.0.2_Build 20220727 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
This Article Applies to:
ER605(UN)_V1_1.1.1_Build 20210723 and earlier firmware
ER7206(UN)_V1_1.1.1_Build 20210723 and earlier firmware
Issue Description/Phenomenon:
From time to time, we received feedback that Omada Gateway cannot pass GRC Shields UP test, when using the ShieldsUp Website (grc dot com) to scan the ports, some ports are showing "Closed" instead of "Stealth" as expected.
Available Solutions:
The R&D team has made a Beta firmware to optimize the issue above. After upgrading to the Beta firmware, Omada Gateway will discard and not reply to inbound TCP SYN attempts to the WAN port, which should comply with Shield!up requirements.
Welcome to download the Beta firmware below, and verify it does resolve your concern effectively.
ER605(UN)_v1_1.1.1_Build 20220117 (Beta)
ER7206(UN)_v1_1.1.1_Build 20220117 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
Feedback:
If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valued feedback!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
It's been almost a year since ER605 V2 Beta firmware was released. When will this officially release?
- Copy Link
- Report Inappropriate Content
@mrusli I returned the router months ago.
- Copy Link
- Report Inappropriate Content
@mrusli All MicroTik routers are fully configurable for which ports should be WAN and LAN. They all can do link aggregation if you need that and can also be configured to do failover for the WAN configured ports if that is what you need. Almost all of the MicroTik routers can also be easily turned into a switch with a single configuration option. MicroTik firmware has one of, or both depending on the product, RouterOS and SwitchOS. These products are at the same price point, generally, than TP-Link but are substantially more advanced and significantly more reliable not to mention are very easy to integrate into full health and monitoring solutions, many of which have free community offerings. Heck even some of those solutions will allow a single pane of glass health, monitoring AND configuration; be aware: community = free = no cost (but paid options yield even more options and functionality if needed plus full support - think like ~$300 USD annually as long as you are not running an enterprise).
Sorry TP-Link but consumers DO have access to better routers and switches at the same price point. The real difference is that more advanced technical knowledge and infrastructure is needed.
Piece of advice to everyone (including TP-Link): Take your infrastructure controllers and monitoring solutions and slap them into containers; no need to use dedicated hardware unless you have any one or more of: security, regulatory, high availability, failover requirements. I would be more than happy to provide further advice (for a fee).
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
does this Beta ER605(UN)_v2_2.0.2_Build 20221025 (Beta) on this Page include the fix in this Beta ER605_v2_2.0.2_Build 20220727 (Beta) ?
Thank you
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
For me the Stealth problem is not fixed in ER605(UN)_v2_2.0.2_Build 20221025 (Beta). In the brief time I had this firmware up I did some benchmarks and the throughput was about 7% slower, but certainly not a good test, just a quick check. I dropped back to ER605_v2_2.0.2_Build 20220727 (Beta). All is okay now.
- Copy Link
- Report Inappropriate Content
Yes indeed! I check the ER605 V2 Router today and find out that the latest version of firmware is not fix for the stealth mode. You are absolutely right about it. I did not know it until you mentioned it in the forum.
Attention to @Fae please take note of the issues on fixing the firewall stealth mode and performance issues
- Copy Link
- Report Inappropriate Content
Any update on this for a 605 v2??
There was a new firmware posted and pulled the other day, not sure if the stealth fix was included.
On 2.0.1 currently, only been setup for like 2 weeks. Should I install the beta or sit tight?? Thanks
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 14353
Replies: 44