I’m currently running an Omada setup with an ER605 gateway, multiple SG2210P switches, EAP610 access points, and the Omada Software controller. I’m now planning a 10G upgrade and am considering the following hardware (combined with my old hardware which will only be connected to gigabit devices):

• TL-SX3008F switches
• ER8411 gateway
• EAP773 access points
   

My network makes extensive use of ACLs, so firewall capabilities are very important to me.

While comparing the ER8411 with the ER605 on TP-Link's website, I noticed that the ER8411 does not appear to support Stateful ACLs. Can anyone confirm whether this is accurate?

More specifically, I’m referring to the ability to create Stateful LAN-to-LAN ACLs using Network → IP Group and Network → IP:Port Group, which were introduced relatively recently on the ER605. These features are critical to how I segment and secure my network.

If the ER8411 lacks support for Stateful ACLs, that seems like a significant limitation, especially for a flagship Omada gateway. Is there a technical reason for this, or is it simply a gap in the current firmware?

Additionally:

• Are there any plans to introduce Stateful ACL support on the ER8411?
• Have there been any announcements regarding upcoming firmware updates that address this?
   

Finally, if anyone has experience with a similar upgrade (particularly moving to 10G within the Omada ecosystem), I’d appreciate any advice or things I should be aware of before proceeding.

Thanks in advance!