ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL

ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL

ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-08-23 03:50:19
Tags: #IDS/IPS
Hardware Version:
Firmware Version: 5.14.26.1

Hello,

 

Hardware is ER8411, controller is Omada Software Controller Windows v5.14.26.1

There are two issues with IDS/IPS:

1. Site Settings - Network Security - IDS/IPS - IDS/IPS Settings tab - Security Level:

    Select the option, Security Level:, then IPs with a Bad Reputation - (check box) DShield

    With DShield selected, iPhones FAIL to connect to the Internet (iPhones all have the latest iOS 17.6.1)

    This is easily confirmed with a toggle of the DShield check box control.

     iPhones will connect or disconnect from Internet within a few minutes.

     Android phones are unaffected.  

Question 1a - why does the DShield option cause this failure mode?

Question 1b - Can it be corrected by TP-Link so the DShield security option functions properly?

 

2. Site Settings - Network Security - IDS/IPS - Block List tab

    With iPhones confirmed blocked by IDS/IPS, there are zero entries in the Block List

     Identifying the cause of iPhone Internet connectivity failure would have been much easier if

      the Block List actually functions at all.

Question 2a - with some functionality confirmed as blocked by IDS/IPS, why is a client or something not listed in the Block List?

Question 2b - what causes or effects do get listed in the block list?

Question 2c - what is the expected behavior causing a listing in the block list?

Question 2d - can TP-Link correct the Block List so it properly displays what exactly is blocked?

 

Please see the attached screenshots.

 

 

 

 

  0      
  0      
#1
Options
8 Reply
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-08-25 12:04:04

  @MDowns 

 

From what I can tell, The IPS is driven by Suricata engine...  That plugin is maintain by suricata and not TP-Link.  Dshield itself is a separate from Surciata.  

 

Dsheild blocks "attacks" per IP and DNS name.  It's usually tracking data going in and out of the wan.

 

I wouldnt think it would be blocking DHCP between the iPhone and the DHCP server.  Especially without any errors or alerts.  

 

Is your 8411 completely updated?  Also your APs?

 

 

 

 

 

 

 

 

 

 

I can not teach anyone anything - I can only make them think - Socrates
  0  
  0  
#2
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-08-27 06:38:44

  @MDowns 

Please visit Insights-Threat Management and provide me with the information displayed there.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#3
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-06 02:13:15

Everything is the latest version.

This bug is easily verified in my configuration by toggle of the DShield option.

Don't know anything about suricata and why would TP-Link have that plug-in?

  0  
  0  
#4
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-06 02:28:10

  @Hank21 

 

I have not found anything in the Threat Management tab.

The only time that tab has shown anything in that tab is during testing by intentionally breaking a policy.

 

  0  
  0  
#5
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-06 10:00:50

  @MDowns 

Can you check the DNS server on your iPhone? We have tested this feature locally. We do not have the same problem with you.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-06 17:17:17

  @Hank21 

 

The iPhone DNS > Configure DNS > is set to Automatic

  0  
  0  
#7
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-10 19:31:56

  @MDowns 

 

This post was helpful in helping me isolate an iPhone connectivity problem on our business network, but wasnt quite the same situation.

 

Some of our clients, especially on our guest SSID (with all sorts of ACLs as well as guest mode on the SSID) were getting....sporadic connectivity to some things in some apps.

 

Eg - Could load FB messenger and read messages and recieve them, but not send.  Same with whatsapp.  Some web apps wouldnt load at all, others were fine.

 

I disabled everything i had configured like all ACLs, DNS proxy, even changed DNS servers etc

 

Eventually saw this thread, disabled IDS/IPS.  All was immediately fixed.

 

My suspiciion is some weird interaction between IDS/IPS and apples own icloud anti tracking internet proxy thing (which i always turn off on my apple devices)

  4  
  4  
#8
Options
Re:ER8411 Omada SDN - IDS/IPS With DShield Selected, Causes iPhone Internet Connectivity To FAIL
2024-09-12 02:12:56

  @MDowns 

What exactly is the DNS server you have? Normally, it is located under Automatic.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#9
Options