feature request...for security firewall and "attacks" from IPs.
hello,
I have seen in my er8411 (thru OC200) quite a lot of "detected WAN Ping attack from x.y.z.w"... Is it possible to add a feture in security that any "detected" attack from IPs, those IPs get block for certain amount of time. Like hours/days. That goes for ip4, and ip6.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @AntonV
Thanks for posting in our business forum.
1. This might be the scan from the Internet. This is expected to be normal. IPv4 scans are very common though some are dangerous. If you don't open any port or leave any loophole, it should be fine.
2. If you don't expect any IP address to access your network, you can set up ACL to block them.
Automatically blocking is a good idea but does not seem to be a proper way in the networking as most stuff should be manually configured. That's what IT does every day. Manually configure via the CLI.
- Copy Link
- Report Inappropriate Content
@Clive_A The catch is not to do it manually. I don't want to block ips for ever, but i want them to be blocked for a while. Doing it manually it is simply...
Alternative, can be a rule(s) on Firewall since you are suggesting it... some kind of a script languager if you wish... you know do it smart, versus do it hard...
Plus i am sure most people don't have time to keep looking into logs.. so something along You are touching my router in a way i don't like... you are banded...
- Copy Link
- Report Inappropriate Content
Hi @AntonV
Thanks for posting in our business forum.
AntonV wrote
@Clive_A The catch is not to do it manually. I don't want to block ips for ever, but i want them to be blocked for a while. Doing it manually it is simply...
Alternative, can be a rule(s) on Firewall since you are suggesting it... some kind of a script languager if you wish... you know do it smart, versus do it hard...
Plus i am sure most people don't have time to keep looking into logs.. so something along You are touching my router in a way i don't like... you are banded...
I understand what you are looking for. Fully automated. Script based automation. Something like this. Like smart defense by triggering the access too much. Like DDOS defense.
My point is that we don't support that and don't plan to do this in the short term.
And this should be what IT guy does if you run the system. Frequent checks on your device is necessary unless you are setting it up for home purposes as long as it works, got no sever issues, and people don't bother looking at it after it completes the setup. But I don't agree with this at all because if you run a server or on public IP, you should pay attention to your security instead of passing this over to someone and expect them to work. Unless you hire somebody like "Cloudflare" to defend you by masking your IP address.
How many other vendors provide such a feature for free? What would be the name of the feature? I need to do some research on its terms and mechanisms based on what you suggested before I write my report/feedback to the team.
I am aware of the script thing but we don't intend to do so in the roadmap we have for V5. Even if there is a script system, the system has to support it - "trigger and ban" before you can even script it.
ACL can block geo IP now. You can filter at least countries where they scan or maybe attack you.
- Copy Link
- Report Inappropriate Content
@Clive_A Thank you for listening to my suggestion. And put into the consideration...
Yes, i am using GEO feauture, which i think is almost a must and really useful.
Having capabilities for scripting is... More devices, more one would want to manage thru using scripts, rather than webgui. I mean any product - serious enough - anyway - on enterprise level have sooner or later a script language...
But my point is also that a lot of your customers (I am sure I am not the only one), are using omada level at home. Simply because i want to have more control, enterprise features (like managing network for my extended family from one spot - e.g.), and automated as much as possible (like upgrades, etc.). And another thing - at enterprise level i can expect longer updates for my devices, comparing to the updates i can expect on home level.
So using unified user interface is nice and i can cover most of my needs, but security is more important than ever these days, so having some kind of scripting would be helpful (if i could decide, i would go with Pyhton :D ), but i guess something like microtik script language would also do.
You might ask why i am bringing up Mikrotik - well - there i have all features open, but for an ordinary home enterprise user with short on time, a little bit too much. Nice to play, but for production at home... you offer a nice balance between features, easy to use, ...
Additionaly, for example GEO feature using web gui to check and uncheck can be lenghty process. Having a script to fill it... (meaning I can edit a text file and then just run a script or simply upload the list - either thru cli or web gui).
Those are small things, but make life a lot easier. I mean with every update, i can see improvements, which is really nice.
You have rather simply firewall in place and I like that a lot of it are automated already... But if this is an enterprise, then why not differentiate yourself from others. Be first.
O... and something about managing logs... Can you put something in place, so it be managed better? Even a feature like "save and delete" for example. for now if i can download easly to my local computer, i can also browse them thru. Having regular expressing in webgui to searching thru logs would be i guess too much to ask...
Thank you.
- Copy Link
- Report Inappropriate Content
Hi @AntonV
Thanks for posting in our business forum.
AntonV wrote
@Clive_A Thank you for listening to my suggestion. And put into the consideration...
Yes, i am using GEO feauture, which i think is almost a must and really useful.
Having capabilities for scripting is... More devices, more one would want to manage thru using scripts, rather than webgui. I mean any product - serious enough - anyway - on enterprise level have sooner or later a script language...
But my point is also that a lot of your customers (I am sure I am not the only one), are using omada level at home. Simply because i want to have more control, enterprise features (like managing network for my extended family from one spot - e.g.), and automated as much as possible (like upgrades, etc.). And another thing - at enterprise level i can expect longer updates for my devices, comparing to the updates i can expect on home level.
So using unified user interface is nice and i can cover most of my needs, but security is more important than ever these days, so having some kind of scripting would be helpful (if i could decide, i would go with Pyhton :D ), but i guess something like microtik script language would also do.
You might ask why i am bringing up Mikrotik - well - there i have all features open, but for an ordinary home enterprise user with short on time, a little bit too much. Nice to play, but for production at home... you offer a nice balance between features, easy to use, ...
Additionaly, for example GEO feature using web gui to check and uncheck can be lenghty process. Having a script to fill it... (meaning I can edit a text file and then just run a script or simply upload the list - either thru cli or web gui).
Those are small things, but make life a lot easier. I mean with every update, i can see improvements, which is really nice.
You have rather simply firewall in place and I like that a lot of it are automated already... But if this is an enterprise, then why not differentiate yourself from others. Be first.
O... and something about managing logs... Can you put something in place, so it be managed better? Even a feature like "save and delete" for example. for now if i can download easly to my local computer, i can also browse them thru. Having regular expressing in webgui to searching thru logs would be i guess too much to ask...
Thank you.
Business product was not developed that deeply like the other competitors. We are aware of that and we are catching up on what has been missing from the products. If you are a users from 2019, you'd see that we have blooming years after the COVID. Tons of features were added to the Omada and we developed some branch products of the business product line.
It is a point of view from the profit and overall development of the company. I don't need to go deep into this but the track is to catch up with others and polish the products before it reaches the same level or close to the vendors.
Which I want to say that some ideas are not gonna be considered in the short term. Or some script things are not fancy to us.
We hope to reach the traditional business vendor level before we make something new or innovative. If we have not matched up with others in the traditional tracks, and we play something fancy but not effective to most common people, that is not profitable or promising for us.
We have the tradition from the very beginning of our products that we don't usually open the root or script authority to the users. We also use chipsets that are not compatible with most open-source third-party firmware. We don't intend to change this so far and we prefer to keep a close environment.
Controller never opens its CLI and we don't intend to do so in the short term. Try to understand how we develop and design the product. Though I know something might be helpful to certain groups of people. But look at it from the broader aspect.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 371
Replies: 5