Firewall flaw
I have 3 sites that have been using Omada products for about 2-3 years, now.
I wanted to mention what I see as a fundamental flaw in TP-Link controllers and routers/firewalls - a feature called "ACL."
Lets say that I have an an SSID called "Guest" that uses VLAN 10. I also have a portal set up for it. I only want to allow VLAN 10 to access TCP on ports 80 and 443 on the WAN.
I setup an ACL to allow that for VLAN 10, and another ACL to block all other WAN traffic for VLAN 10.
When I do this, the portal appears to stop working. Why? The ACL is allowing web traffic without requiring the device to first go through the portal.
I think that this is a flaw. I use Cisco Meraki products at work and I am able to define firewall rules to allow only certain traffic, but the device still has to go through the portal to gain internet access.
I have three sites using ER605v1, which is EOL and needs to be replaced. One of the sites has 2 APs that need to be replaced, a second site has 1 AP that needs to be replaced, and the third site has two EAP620v1 APs that have not received official firmware updates in 2 years.
In short, I'm trying to decide if I want to spend the money to upgrade all of these devices, or dip my toes into the Ubiquiti ecosystem.