Business Community > Routers > ER707-M2 - IPsec ports open to internet, firewall not restricting
< Routers

ER707-M2 - IPsec ports open to internet, firewall not restricting

ER707-M2 - IPsec ports open to internet, firewall not restricting

ER707-M2 - IPsec ports open to internet, firewall not restricting
ER707-M2 - IPsec ports open to internet, firewall not restricting
Monday - last edited Yesterday
Tags: #VPN #Gateway ACL
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.3

Hi All,

 

I've recently switched to an Omada router after previously using Opnsense. I've noticed that the behavior for IPsec VPNs is different from what I've experienced with other firewall vendors.

 

Typically, other firewall vendors restrict the source IP for IPsec firewall rules to the destination IP specified in the configuration. However, Omada doesn’t seem to enforce this restriction, leaving IPsec ports (500 and 4500) exposed to the entire internet.

 

I'm wondering if there’s a way to limit this exposure, possibly using Gateway ACLs, or if there might be plans for a firmware update to address this.

 

Thanks!

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:ER707-M2 - IPsec ports open to internet, firewall not restricting-Solution
Monday - last edited Yesterday

Hi @rquigley 

Thanks for posting in our business forum.

Using the ACL to limit that.

Exposing that port to the Internet does not hurt a thing since they don't have the keys to make a proper connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
1 Reply
Re:ER707-M2 - IPsec ports open to internet, firewall not restricting-Solution
Monday - last edited Yesterday

Hi @rquigley 

Thanks for posting in our business forum.

Using the ACL to limit that.

Exposing that port to the Internet does not hurt a thing since they don't have the keys to make a proper connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options

Information

Helpful: 0

Views: 65

Replies: 1

Tags

VPN Gateway ACL
Related Articles
ER707-M2 VPN IPSec Internet access
336 0
 ER707-M2 now with IPv6 Firewall?
634 0
Android VPN Client IP-SEC IKEv2 supported at ER707-M2 ???
3070 0
Disable LAN ports on ER707-M2
587 0
LAN port isolation on ER707-M2
357 0
ER707-M2 -> Internet Wan Off-line. (HW-upgrade from ER605-V2 to ER707-M2)
1087 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.