Business Community > Controllers > Threat Management howto
< Controllers

Threat Management howto

Threat Management howto

Threat Management howto
Threat Management howto
Yesterday - last edited 17 hours ago
Tags: #Controller #Logs
Model: OC200  
Hardware Version: V2
Firmware Version: 2.22.7 Build 20250923 Rel.34968

Hello all

 

Is there a howto that shows how to use this feature ?
I'm looking for a way to see possible threats from outside !

1x ER7206 v1.0 1x OC200 2.0 2x EAP653(EU) v1.0 2x SG2008P v3.20
  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Threat Management howto -Solution
17 hours ago - last edited 17 hours ago

  @ProSumerTester 

 

you don't have it on Omada yet. I think it will come eventually :-) what you see is probably region blocking on unifi, you can do that with Omada too but you don't get any fancy logging on it yet. to activate region blocking on Omada you go to router acl then you create a wan in acl and choose which region you want to block.

 

 

Recommended Solution
  1  
  1  
#6
Options
7 Reply
Re:Threat Management howto
20 hours ago

  @ProSumerTester 

 

go to IPS/IDS and enable. if you don't have that menu then your router doesn't support it.
what version is your router? if it's V1 then I don't think you have support for IPS/IDS

 

 

 

  0  
  0  
#2
Options
Re:Threat Management howto
19 hours ago - last edited 19 hours ago

  @MR.S 

Thanks for responding to my question and yes I have enabled IDS/IPS but detect ONLY.
Does this also show status from outside?
For now I only see connections from inside --> out (my own services so its all good).

1x ER7206 v1.0 1x OC200 2.0 2x EAP653(EU) v1.0 2x SG2008P v3.20
  0  
  0  
#3
Options
Re:Threat Management howto
18 hours ago

  @ProSumerTester 

 

IPS/IDS is from the inside out, try this command on your pc to check if it works. you have to run the command twice

 

curl -A "BlackSun" tp-link.com

 

 

 

  0  
  0  
#4
Options
Re:Threat Management howto
17 hours ago - last edited 17 hours ago

  @MR.S 
I see notifications so it works but I would like to see blocked traffic from outside inn if possible. 
Something like this (from unify dashboard view)

1x ER7206 v1.0 1x OC200 2.0 2x EAP653(EU) v1.0 2x SG2008P v3.20
  0  
  0  
#5
Options
Re:Threat Management howto -Solution
17 hours ago - last edited 17 hours ago

  @ProSumerTester 

 

you don't have it on Omada yet. I think it will come eventually :-) what you see is probably region blocking on unifi, you can do that with Omada too but you don't get any fancy logging on it yet. to activate region blocking on Omada you go to router acl then you create a wan in acl and choose which region you want to block.

 

 

Recommended Solution
  1  
  1  
#6
Options
Re:Threat Management howto
17 hours ago

  @MR.S 

Thanks for clarification. This is most helpful.

Regarding gateway ACL region blocking. its shame that this is not available/visible in controller.
If one wanted to implement this it should look something like this ?

1x ER7206 v1.0 1x OC200 2.0 2x EAP653(EU) v1.0 2x SG2008P v3.20
  0  
  0  
#7
Options
Re:Threat Management howto
17 hours ago

  @ProSumerTester 

 

 

I have done it like this, a rule for Gateway management Page to block router services (VPN) and then IP Group_Any to block port nat and thing like that.

 

 

 

  1  
  1  
#8
Options

Information

Helpful: 0

Views: 75

Replies: 7

Tags

Controller Logs
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.