Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Update as of Jan 30th 2023
TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
As the official firmware has been released to fix the issue, this thread will be locked to stop updating.
Any further issues or concerns, please feel free to Start a New Thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
Updated on July 29, 2022:
Add the Beta firmware for ER605 V2.
ER605_v2_2.0.2_Build 20220727 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
This Article Applies to:
ER605(UN)_V1_1.1.1_Build 20210723 and earlier firmware
ER7206(UN)_V1_1.1.1_Build 20210723 and earlier firmware
Issue Description/Phenomenon:
From time to time, we received feedback that Omada Gateway cannot pass GRC Shields UP test, when using the ShieldsUp Website (grc dot com) to scan the ports, some ports are showing "Closed" instead of "Stealth" as expected.
Available Solutions:
The R&D team has made a Beta firmware to optimize the issue above. After upgrading to the Beta firmware, Omada Gateway will discard and not reply to inbound TCP SYN attempts to the WAN port, which should comply with Shield!up requirements.
Welcome to download the Beta firmware below, and verify it does resolve your concern effectively.
ER605(UN)_v1_1.1.1_Build 20220117 (Beta)
ER7206(UN)_v1_1.1.1_Build 20220117 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
Feedback:
If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valued feedback!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Fae is that already scheduled or is the date unknown?
- Copy Link
- Report Inappropriate Content
Dear @mackworth,
mackworth wrote
@Fae is that already scheduled or is the date unknown?
Next firmware will include the change of this Beta firmware, but the release date is unknown yet.
I'll update this post once the new firmware is available, welcome to subscribe.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae I just recently got my ER605 and also found the newest iofficial firmware did not stealth all of my ports. Thank you for providing this beta release. GRC reports all 1055 ports are stealthed. Performing an external nmap scan against my public IP reports full stealth.Looking forward to it being included in the official release! For reference I am self hosting the Omada controller in a container using podman, works fantastically well and without issue! No problems upgrading via Omada controller. Cannot thank you enough fBor this.
- Copy Link
- Report Inappropriate Content
@Fae Any update on when this will be integrated into 1.2+ firmware versions?
- Copy Link
- Report Inappropriate Content
Dear @mackworth,
mackworth wrote
@Fae Any update on when this will be integrated into 1.2+ firmware versions?
Sorry that I haven't been informed of the time for the next firmware update yet.
I'll keep an eye on the new firmware and update this post once a new firmware is available.
- Copy Link
- Report Inappropriate Content
Hi there,
I've updated this topic, please check the main content to get the beta firmware for ER605 V2.
[Solution] Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
Updated on July 29, 2022:
Add the Beta firmware for ER605 V2.
Thank you for your attention!
- Copy Link
- Report Inappropriate Content
@Fae - thanks - I can confirm that the new firmware has done the trick!
I note that the status page of the ER605 V2 now has "Confidential Only For Test" written on it; I guess this is just because it's beta.
It's working though, so thanks very much to you and the dev team!
Mark
- Copy Link
- Report Inappropriate Content
Thanks!
I can also confirm using the new beta firmware that i now get full stealth ports according to GRC. (R605 V1 running in standalone mode).
- Copy Link
- Report Inappropriate Content
Dear @gruntfuttock, @Adoril,
I've updated the Beta firmware for ER605 v2, which has also fixed the DHCP Reservation issue mentioned in this post.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 14157
Replies: 44