Firewall flaw

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Firewall flaw

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Firewall flaw
Firewall flaw
2024-04-01 14:01:02
Tags: #ACL #Firewall
Model: OC200  
Hardware Version: V1
Firmware Version: 5.13.24

I have 3 sites that have been using Omada products for about 2-3 years, now.

I wanted to mention what I see as a fundamental flaw in TP-Link controllers and routers/firewalls - a feature called "ACL."

Lets say that I have an an SSID called "Guest" that uses VLAN 10. I also have a portal set up for it. I only want to allow VLAN 10 to access TCP on ports 80 and 443 on the WAN.

I setup an ACL to allow that for VLAN 10, and another ACL to block all other WAN traffic for VLAN 10.

When I do this, the portal appears to stop working. Why? The ACL is allowing web traffic without requiring the device to first go through the portal.

 

I think that this is a flaw. I use Cisco Meraki products at work and I am able to define firewall rules to allow only certain traffic, but the device still has to go through the portal to gain internet access.

 

I have three sites using ER605v1, which is EOL and needs to be replaced. One of the sites has 2 APs that need to be replaced, a second site has 1 AP that needs to be replaced, and the third site has two EAP620v1 APs that have not received official firmware updates in 2 years.

In short, I'm trying to decide if I want to spend the money to upgrade all of these devices, or dip my toes into the Ubiquiti ecosystem.

  0      
  0      
#1
Options
1 Reply
Re:Firewall flaw
2024-04-01 14:45:03 - last edited 2024-04-01 15:34:35

  @Omada_Armada 

 

I'm just wondering where you have ACL configured? Is it on a switch or a router?
you have to keep in mind that the portal doesn't use 80 or 443 it uses 8088 or 8043 as far as I remember.

 

using router ACL you cannot block guest to lan, it is almost unbelievable but you can actually either open everything or close everything on the router.
but you can block guest to lan when you enable guest on SSID, then all private IPs are blocked automatically.

 

 

 

  0  
  0  
#2
Options

Information

Helpful: 0

Views: 329

Replies: 1

Tags

ACL
Firewall
Related Articles