How to Set Up Deep Packet Inspection(DPI) on Omada Router

How to Set Up Deep Packet Inspection(DPI) on Omada Router

How to Set Up Deep Packet Inspection(DPI) on Omada Router
How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-01-31 02:54:44 - last edited 2024-05-27 02:23:25

Background:

 

This post provides a configuration guide to set up DPI to monitor your network traffic.  The guide will show steps in Controller mode. For standalone, the steps are similar.

 

This Article Applies to:

 

Routers with DPI feature.

 

Application Scenario:

 

 

Configuration Steps:

 

1. Start your Controller and access the Organization, choose the site.

2. Go to Settings > Network Security > Application Control > Deep Packet Inspection, Enable. If you need Logging Traffic, please enable it accordingly.

 

 

3. Go to Rules Management > Create New Rule. This is choosing the apps that are being blocked.

 

 

4. Go to Application Filter > Create New Application Filter > Select Rules - Add.

 

 

4. Go to Deep Packet Inspection > Assign Restriction > Create New Assign Restriction.

 

 

 

5. Now, the setup is complete.

 

 

Verification:

 

Go to Statistics > Application Analytics. View your block result/traffic on this page.

 

 

 

Categories:

 

 

Apps > Allow Apps:

 

 

Apps > Block Apps:

 

 

Users:

 

Note:

 

1. Data is not instantly synced. It may take a few seconds to minutes depending on your network scale.

2. If you are not familiar with the terms of the configuration steps, please refer to the User Guide of Omada Controller and view the term explanation. Or you can click Help Center which is located on the top right corner of every Controller function.

Help Center icon.

3. The DPI Application List is stored locally and is updated through firmware updates. Please be aware that it does not synchronize with the Internet, and therefore, the list may not always reflect the most up-to-date information.

4. If your Controller does not add the DPI function, while the router has been added with this feature, due to the adaptability issue on your controller, you cannot set the DPI properly.

Related posts: No Deep Packet Inspection Option after Firmware Upgrade to 2.2.4 and Reboot - OC200 Not supported?

https://community.tp-link.com/en/business/forum/topic/628384?replyId=1289568

5. Any static routing or configuring the gateway to be the Omada router LAN IP will NOT get your traffic monitored. Clients MUST be located in the VLAN interface from and of Omada router. Put it differently, which means you are getting a DHCP IP from the VLAN interface of the Omada router.

 

Update Log:

 

May 27th, 2024:

Add an note.

 

Mar 28th, 2024:

Add extra notes.

 

Jan 31st, 2024:

Release of this guide.

 

Recommended Threads:

 

Get the Latest Firmware Releases for Omada Routers Here - Subscribe for Updates

Get the Latest Omada SDN Controller Releases Here - Subscribe for Updates

 

Feedback:

 

  • If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
  • If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  9      
  9      
#1
Options
13 Reply
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-02-06 03:55:13

  @Clive_A Hi Bro,

 

Does any information about TP-Link Omada Router that support DPI ? now we only have ER8411, ER7206 and ER7212PC.

 

Thank You.

  0  
  0  
#2
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-02-11 09:12:51

  @Clive_A Im Using the ER605 with the latest Firmware which should support DPI. But i cannot find the mentioned setting. I do not have a menu "Application Control".

 

Using Omada Controller Hardware in Version 5.12.9 1.26.3 Build 20230906 Rel.36269
ER605 in Version 2.2.4 Build 20240119 Rel.44368 

 

OR is this a upcoming feature for the controller? 

  0  
  0  
#5
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-02-14 08:48:13

  @marcwa122 

marcwa122 wrote

  @Clive_A Im Using the ER605 with the latest Firmware which should support DPI. But i cannot find the mentioned setting. I do not have a menu "Application Control".

 

Using Omada Controller Hardware in Version 5.12.9 1.26.3 Build 20230906 Rel.36269
ER605 in Version 2.2.4 Build 20240119 Rel.44368 

 

OR is this a upcoming feature for the controller? 

You might consult this in controller section. I am not responsible for the controller and I recall this reason has been explained by my colleague Hank many times in controller section. It is not an issue with the router instead of the controller.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-02-14 09:37:19

  @Clive_A Hi, thanks! I read https://www.reddit.com/r/TPLink_Omada/comments/1advoiu/er605_v2_oc200_v1_and_dpi/?share_id=F8yCq6e7ktpMEGHmQH38X&utm_content=1&utm_medium=ios_app&utm_name=ioscss&utm_source=share&utm_term=1

 

So i will just wait till the Software is optimized for the OC200.

  0  
  0  
#7
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-03-27 21:43:12

  @Clive_A 

OC200 v1 Firmware v5.13.30.10 Beta 

ER605 v2 Firmware v2.2.4 Build 20240919 Rel.44368

 

Can you give me a reason, why I didn't see the new features update in my ER605, since I bought the item I didn't change anything else default configuration of the ER605. When I upgraded the ER605 to the latest firmware, nothing's changed. Why? Is it field?

  0  
  0  
#8
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-03-28 01:00:21 - last edited 2024-03-29 02:20:58

Hi @MrAlab 

Thanks for posting in our business forum.

MrAlab wrote

  @Clive_A 

OC200 v1 Firmware v5.13.30.10 Beta 

ER605 v2 Firmware v2.2.4 Build 20240919 Rel.44368

 

Can you give me a reason, why I didn't see the new features update in my ER605, since I bought the item I didn't change anything else default configuration of the ER605. When I upgraded the ER605 to the latest firmware, nothing's changed. Why? Is it field?

1. What you asked belongs to the Controller questions. Please post such a question in the controller page.

2. Please do not repeat the questions over and over again. Other people have asked the same question and answered by Hank. The reason has been explained in other posts on the Controller page. If you look it up, you should find it. Please do use the search bar function on the forum.

3. As I recall, if it does not support, that's due to the hardware limitation on OC200. That's the reason. There is no fix to that at this moment. And I am not aware of the controller roadmap. Hank explained many times in related posts. So, consider the software controller that you can use now. The demo is also done on the software controller.

 

Update:

Source link - https://community.tp-link.com/en/business/forum/topic/628384?replyId=1289568

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#9
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-05-19 13:02:07

  @Clive_A As I see, the application filter's granularity is very raw. As I see from this article, I can only filter the application traffic for a specific network. How can I achieve more? For example, I want filter the traffic for a specific users or user group, I want assign some specific application with higher priority, I want to set policy routing for specific application, etc. 

  0  
  0  
#10
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-05-20 01:23:28

Hi @TOHanks 

Thanks for posting in our business forum.

TOHanks wrote

  @Clive_A As I see, the application filter's granularity is very raw. As I see from this article, I can only filter the application traffic for a specific network. How can I achieve more? For example, I want filter the traffic for a specific users or user group, I want assign some specific application with higher priority, I want to set policy routing for specific application, etc. 

Break down your requirements.

We do not support a specific device and this feature's goal is to monitor the whole network traffic.

In what kind of scenario that you only require a single device to be monitored and the rest of them are not?

 

If you need the priority, set up different Application Filters as you need different websites/apps to enjoy a different priority.

The last one is supposed to use Policy Routing. You should find out what URLs they use and set up the group yourself. This is doable. We don't maintain the lists of IP addresses for services available on the Internet. And this might be dangerous to implement as this requires a day-to-day update if their IP changes. Some users may consider this day-to-day update violate privacy.

DPI is not updated unless there is a firmware update. The update comes with the firmware update. We do not connect or sync the lists of service data on your controller without your consent.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  1  
  1  
#11
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-06-14 15:56:29

  @Clive_A 

I have a question

 

DPI ist right a fine thing.

 

But I dont see any Timestamp for any Application?

 

Example: on a Computer on Work someone is surfing private, Tiktok, Youtube, Pornhub etc.

Computers are used dynamically.

 

I see, that on some PC was used Pornhub. But how can I determine the TIME of Pornhub was streamed?

 

Sorry, but it seems to be the biggest lack of important feature, if there is NO timestamp... or am I blind?

 

Thanks!

  0  
  0  
#12
Options
Re:How to Set Up Deep Packet Inspection(DPI) on Omada Router
2024-06-16 05:44:44

Hi  @kogan 

kogan wrote

  @Clive_A 

I have a question

 

DPI ist right a fine thing.

 

But I dont see any Timestamp for any Application?

 

Example: on a Computer on Work someone is surfing private, Tiktok, Youtube, Pornhub etc.

Computers are used dynamically.

 

I see, that on some PC was used Pornhub. But how can I determine the TIME of Pornhub was streamed?

 

Sorry, but it seems to be the biggest lack of important feature, if there is NO timestamp... or am I blind?

 

Thanks!

Are you able to navigate to the Application Statistics? That should be the stats of the DPI.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#13
Options