ER605 out of the box configuration and stateful packet inspection
I have spent several hours reading documentation and searching the internet and I cannot find the information I am looking for. So:
1) I have a new er605 and am wondering what sort of firewall configuration it has right out of the box. In the past I had one router that came with a reasonable set of rules and another that was wide open and needed rules added. So, Is the er605 safe to put on the wan, or does it need rules added?
2) What is needed to set up/enable stateful packet inspection? I note that in the firewall there is the normal page with options to set the allow and deny rules based on connection state, protocol, and source and destination. Do these need to be added, or is there some defaults that take care of that sort of thing.
3) Does the router have some sort of advanced protection running that that the firewall access control rules are not needed.
I am using stand alone mode right now, but will switch to a controller setup tomorrow when the rest of my devices get delivered. I am researching what I need to put in the configuration once I get the controller and switch.
Thanks for any help. I am glad to look at documentation if I am aware of it. I read the manual for the 605 and did not find what I was looking for.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
out of the box everything is blocked from wan to lan, from lan to wan everything is open. so yes it is protected out of the box
- Copy Link
- Report Inappropriate Content
Hi @Ponzi
Ponzi wrote
Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.
I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in.
Okay. This can't be done yet. We don't support this feature to monitor TCP and UDP yet. The NAT and firewall works by default settings and can stop most common abnormal connection.
- Copy Link
- Report Inappropriate Content
This sort of gives the abcs of the tcp handshake, but is vague on what, if anything, is needed to ensure that SPI is protecting the land from the wan.
https://community.tp-link.com/en/business/forum/topic/618780
- Copy Link
- Report Inappropriate Content
Hi @Ponzi
Thanks for posting in our business forum.
Ponzi wrote
This sort of gives the abcs of the tcp handshake, but is vague on what, if anything, is needed to ensure that SPI is protecting the land from the wan.
https://community.tp-link.com/en/business/forum/topic/618780
This has nothing to do with the DPI.
This one has.
- Copy Link
- Report Inappropriate Content
Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.
I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in.
- Copy Link
- Report Inappropriate Content
out of the box everything is blocked from wan to lan, from lan to wan everything is open. so yes it is protected out of the box
- Copy Link
- Report Inappropriate Content
Hi @Ponzi
Ponzi wrote
Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.
I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in.
Okay. This can't be done yet. We don't support this feature to monitor TCP and UDP yet. The NAT and firewall works by default settings and can stop most common abnormal connection.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 636
Replies: 6
Voters 0
No one has voted for it yet.