IPV6 Firewall of ER605 V2 - Vulnerability Concerns

IPV6 Firewall of ER605 V2 - Vulnerability Concerns

IPV6 Firewall of ER605 V2 - Vulnerability Concerns
IPV6 Firewall of ER605 V2 - Vulnerability Concerns
2024-08-05 09:50:37 - last edited 2024-08-09 07:02:41
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.4

My ISP network is running on dual stack and I observe that with IPV6 enabled, the internet is more responsive in comparison to running only with IPV4. I have ER605 V2 managed by OC200 V1 for my clients. Its IPV6 is up and running but my only concern is the safety of IPV6 on ER605. The firewall section on Omada portal doesn't specify if it is for IPV4 or IPV6 unlike other router which has a specific firewall for IPV4 and IPV6. Does the firewall protect both protocols? Is the firewall of ER605 safe enough? From what I understand, IPV4 are unroutable with NAT enabled. I was thinking about the vulnerability of IPV6 and if its worth enabling on ER605.

  1      
  1      
#1
Options
1 Accepted Solution
Re:IPV6 Firewall of ER605 V2 - Vulnerability Concerns-Solution
2024-08-06 01:42:18 - last edited 2024-08-09 07:02:41

Hi @KerZerA 

Thanks for posting in our business forum.

The IPv6 by default is not accessible from the WAN. We have added a default ACL to that.

There is no IPv6 firewall at this moment. The current firewall settings all target IPv4.

Portal is based on v4 now. v6 would bypass the authentication I recall.

 

As for the v6, the default ACL would secure it. AFAIK, it is safe.

Those attack defenses are mainly for the v4. As for the v6, as long as you keep your address from the malicious software, they are safe as the inbound is not allowed. I cannot see a problem with this. If you have a different opinion, would like to hear it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
1 Reply
Re:IPV6 Firewall of ER605 V2 - Vulnerability Concerns-Solution
2024-08-06 01:42:18 - last edited 2024-08-09 07:02:41

Hi @KerZerA 

Thanks for posting in our business forum.

The IPv6 by default is not accessible from the WAN. We have added a default ACL to that.

There is no IPv6 firewall at this moment. The current firewall settings all target IPv4.

Portal is based on v4 now. v6 would bypass the authentication I recall.

 

As for the v6, the default ACL would secure it. AFAIK, it is safe.

Those attack defenses are mainly for the v4. As for the v6, as long as you keep your address from the malicious software, they are safe as the inbound is not allowed. I cannot see a problem with this. If you have a different opinion, would like to hear it.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options

Information

Helpful: 1

Views: 474

Replies: 1

Related Articles