I've just bumped into exactly the same issue as described in https://community.tp-link.com/en/business/forum/topic/628374 topic related to ER8411 router firewall.

The ER8411 in my case is deployed in one data center but the OC200 omada controller is deployed in another data center so ER8411 communicates with the controller over the internet.

I've applied necessary rules to the firewall to allow traffic between two data centers to communicate safely and restricted by ip addresses of WAN ports (ports: 443, 29810-29814).

I plugged in the internet uplink cable (which is 1Gb link) to the first WAN only SFP+ 10Gb port in the ER8411 using Omada 10G BASE-T RJ45  SFP+ Module.

Then I reset the ER8411 to factory settings and configure that WAN port #1 I mentioned above to allow the internet connection first. I change the SFP+ first port speed from 10Gb to 1Gb as my internet uplink is 1Gb and internet starts working fine (I don't understand why they haven't implemented auto negotiation for this port and require user to choose the speed).

Then, I applied the controller's ip address in the ER8411 admin portal and the ER8411 comes up in the controller straight away and ready to be adopted.

Once the adoption is initiated the ER8411 starts to download it's configuration from OC200 and overwrites the port speed from 1Gb to 10Gb as part of it automatically for some reason. This breaks the communication of ER8411 to the internet and therefore to the OC200 controller as the port speed supposed to stay at 1Gb but now it is set to 10Gb. So you no longer is able to apply any changes to the ER8411 via Omada anymore.

For some unknown reason the UI developer of the Omada portal decided to not allow to configure the port speed of the ER8411 until the device is adopted. But in this instance once the device is adopted for the first time if the port speed was 1Gb and not 10Gb it breaks the connection and prevents any more changes.

Once the device is adopted it changes the port speed unexpectedly to 1Gb, this breaks the link to the internet port and won't allow to change it via Omada as the ER8411 no longer has access to both internet and the OC200.

I highly encourage the Omada UI developer to change this behavior and allow to change the port speed before the device adoption to prevent this issue from happening. It took me almost 8 hours to figure out this was the root cause and there is no way around it that could work in a logical way.

The way it worked for me is after spending long time in the data center I figured out that once the ER8411 starts downloading the configuration you have roughly 15 seconds to make a change in the UI. As the port speed dropdown becomes available to be changed on the SFP+ port and therefore it can be pushed down to the ER8411 before it has rebooted and lost access to the internet. 

I was literally laughing once this work around has worked and I thought I should share my experience with everyone who might have a similar problem.