@Arion You can also refer to this to know about how to set up Stateful ACL:https://community.tp-link.com/en/business/forum/topic/586060

Arion wrote

With the new firmware (v1.3.0) TP-Link added a new feature, Stateful ACL in Firewall -> Access Control. (I'm using Standalone mode)

I upgraded my ER605 router maintaining my previously used configuration. It has had no issue regarding this but yesterday I wanted to test something and therefore I needed to change one ACL rule. Then I realized that I couldn't make changes. All I wanted was to change the effective time (from Any to Night).

 

When pressing OK it points me to an alert to define States and change it from "---" to checkmark one or more of that four options.

I had no idea what to do but when I tried to mark just New, it still didn't let me save the changes.

 

Later I checked an emulator on TP-Link's website and saw that whenever you create a new rule (which I didn't attempt to do), at the moment of choosing either Block or Allow, it automatically sets either 3 or all 4 states marked.

As I say, I have no clue how it actually works, so I would not mess with it if not necessary but the fact that the update* doesn't present the rules correctly, concerns me.

 

*I can't verify if the State field remained with "---" or the update process did the job right and the problem happened only because after a reset I restored the config (that had been saved in previous fw version). Unfortunately I did not backup the config after updating to the new firmware, my bad...

 

My question is, what to do now? Should I leave everything as it is? Should I change the States field in all the rules from "---"?

And if so, what to checkmark? Or simply should I just change the Policy first (back and forth), so it automatically sets the right form for States?

If I had more spare time, I could also try downgrading the router to previous fw, restoring that same config (backed up on previous fw), updating to the new firmware and see what is set for States.

Or if anyone could check this in their router for me, please?

 

Is there any instruction guide for this new feature somewhere? I haven't found any yet.

  @Dahliana 

I appreciate your time and effort to reply my post. I went to the link, also watched all of the youtube videos provided in that link.

Unfortunately, even though they mention ACL rules in every video and on that page as well, there is ZERO information about ACL rules! It's funny but true.
Not to mention that it shows instructions using Omada SDN platform that may differ from the standalone administrator page.

I'm still waiting for someone to brighten my mind about this new Stateful ACL feature in standalone mode.

Also I'd like if the developers were aware of the issue that I mentioned above, when the ACL rules become incomplete and difficult to modify without setting up the States parameter correctly.

  @Clive_A 

Thank you for your info.

It's a bit over my knowledge base yet. But I suppose that what the software offers in standalone mode when I choose a Block rule marking all 4 options is what it should be. And choosing Allow rule marking the 3 except Invalid.

However the questions still remain:

- what to do with the inherited rules that now has "---" in States field?

- do the rules work correctly and is it okay if I leave those rules with "---" in that field?

- was it supposed to be filled in correctly after the firmware upgrade that introduced the new feature?

I still plan to try out: downgrade -> restore -> upgrade and see if it changes anything under the ACL rules automatically regarding the States field.

  @Clive_A 

Still there are questions:

- if you say that I have to choose States, does it mean that ACL rules will always have to be Stateful? Can't we choose stateless ACL anymore?

- doesn't Stateful ACL degrade performance of the device? (because every source of the matter says that it does.)

- or do you mean, if I choose all 4 options in Block mode and the 3 options except Invalid in Allow mode, will these configuration perform as stateless ACL rule?

Thanks for the reply, in advance.

  @Clive_A 

Calm down! Your reaction was not necessary. I was not attacking TP-Link for adding new features.

It's just odd that there is ZERO published documentation about the funcionality and usage of that newly added feature.

Providing an emulator showing this new feature is already a miracle. But still lacking detailed explanation.

Therefore I was brave enough to post here, first of all, I wanted to inform the developers and the community about the "---" problem when you restore a configuration saved in previous firmware.

Actually, It seems that the lack of states definition in the rules didn't break operation so far. But I will try to correct it doing downgrade and upgrade again.

  @Clive_A 

You misunderstood my posts. I haven't requested instructions for one specific version, not even for one specific model. I was searching on the web and also on this forum for any useful instruction, case scenario for any model, what to do if you want this or that rule to create.

The Help sideprompt on the router's admin page is just not the answer to my question.

I also haven't complained about not developing more features for this V1 product.

You mentioned multiple times that ER605 V1 is EOL. Well, be aware that this justification can make most of the users/owners of the device infuriated.

Let me explain:

ER605 is the sucessor of t470+/t480+ and it came to the market literally premature, lacking essencial functions that caused a lot of trouble for everyone who have bought it to replace T470+, being the first budget model (if not the only) to have gigabit ethernet ports.

I bought the ER605 at the very beginning with the initial firmware that was buggy and incomplete, letting intervlan traffic uncontrolled, for example. There wasn't even VLANs available in that version, if I remember well.

For most of its lifetime this router has been running on beta firmwares(!!!) because each and every new firmware introduced a new bug that made the device unstable.

And now you are glad to tell us that it's an End Of Life product.
I think we customers would deserve more respect for the infinit pacience and for the loyalty.