I discovered to my great surprise that tp-link has started using ports 8043 and 443 to update devices instead of 29813, this is the same port used to manage the Omada SDN V5 controller,
For security reasons I have always had these ports closed, but I suddenly had problems updating devices on the remote site and had to open 8043, now my controller is open to everyone and in my opinion a big security problem, many of my remote site have dynamic ip and therefore must open up to everything. it is also not possible to approve on FQDN. so my question is, is it possible to block controller management or do you have to have a controller for each site to solve this.
It's a little scary that something so simple is so poorly thought out.