TL-R605 Closed ports and Not Stealth
TL-R605 Closed ports and Not Stealth
I just purchased a TL-R605 and added to the Omada Controller. The router seems to work fine except for when using the Shields Up Website to scan the ports almost all of them are showing Closed instead of Stealth. Is this a setting that can be adjusted or is it always going to be this way. All the other routers I have used have showed as Stealth
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @JasonQ, @gruntfuttock,
Thank you for your great patience!
Please follow the solution post below to get the beta firmware for ER605 V2.
[Solution] Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
Updated on Jan 30th 2023:
The official firmware has been released to fix the Full Stealth issue, check the above solution post for details.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
- Copy Link
- Report Inappropriate Content
Dear @dbmet,
I just purchased a TL-R605 and added to the Omada Controller. The router seems to work fine except for when using the Shields Up Website to scan the ports almost all of them are showing Closed instead of Stealth. Is this a setting that can be adjusted or is it always going to be this way. All the other routers I have used have showed as Stealth
Not quite sure how the Shields UP website scans the ports. Perhaps you may use different tools such as NMAP software to test the ports.
If you just want to have the ports to show as Stealth on the Shields UP website, you may refer to this post to have a try.
- Copy Link
- Report Inappropriate Content
@dbmet Having just bought a bunch of EAPs and a TL R605 I also find all its ports closed but not stealth on grc.com
Basically, stealth has been my standard for 20 years, 'closed' is simply not good enough when we know the whole world is constantly trying to break in. Yes there is a possible fix for the R600 which may work on the R605 but it is so convoluted I'm not going to even try it.
Having also registered and configured it succesfully with a new install of omada controller, the next day the controller was telling me the R605 was constantly provisioning / adopting / provisioning.... with a message that said something like the controller software must be reduced to an older version. Hunting around, I found plenty of stuff saying the R605 doesn't really work with Omada controller so I had to hard reset it and start back at zero with a normal standalone login.
Omada controller seems to work great with our EAP's, the TL-R605 handles a gigabit WAN nicely, but I find it is neither secure, or works with Omada controller.
tp-link, I hope you're reading this, this device is not fit for purpose as a business solution and is going straight on ebay so some other poor sucker can have it.
Richard
- Copy Link
- Report Inappropriate Content
Hi, @richardmh,
Having just bought a bunch of EAPs and a TL R605 I also find all its ports closed but not stealth on grc.com
Is the TL-R605 connected behind another router? Is the WAN interface a public or private address?
Which ports are tested as closed but not stealth on the website? Did you try other test tools to scan the ports?
By the way, I searched shields up stealth port from the Internet and found some links for reference.
A FAQ about stealth and close port from the GRC website: https://www.grc.com/faq-shieldsup.htm#139
Discussions about GRC ShieldsUp test from other websites:
https://security.stackexchange.com/questions/147770/grc-shields-up-test-are-stealth-ports-good
https://www.eightforums.com/threads/grc-shieldsup-port-appearing-as-closed-instead-of-stealth.39755/
Hope the information is helpful for your case.
Having also registered and configured it succesfully with a new install of omada controller, the next day the controller was telling me the R605 was constantly provisioning / adopting / provisioning.... with a message that said something like the controller software must be reduced to an older version.
The incompatible issue can be fixed by rebooting the TL-R605 router, will fix it in the next update, discussed HERE.
tp-link, I hope you're reading this, this device is not fit for purpose as a business solution and is going straight on ebay so some other poor sucker can have it.
Sorry to hear that the router is not meet your requirement. May I know your application scenarios and network requirements?
TP-Link values your feedback very much and will try the best to provide great products for consumers.
The TL-R605 router is designed for small-medium business, it supports advanced firewall policies, DoS defense, IP/MAC/URL filtering, and more security functions to protect your network and data; it can also work with Omada Controller, there might be something unfriendly during the configuration but Rome was not built in a day, it would be much appreciated if you could also give TP-Link team some time to modify/correct it.
- Copy Link
- Report Inappropriate Content
@fae
You say TL-R605 supports advanced firewall policies, can you explain this in more detail?
I have not got any firewall policy yet, I can not block VLAN to VLAN, nor can I block traffic from remote LAN in VPN tunnel. the only thing i can block is from LAN to internet.
Maybe I'm done something wrong since you say TL-R605 supports advanced firewall policy.
/shberge
- Copy Link
- Report Inappropriate Content
We require the TL-R605 to be set up as an edge router on our LAN with the gigabit WAN connected to the outside world by PPoE - nothing very unusual.
When connected, the common ports probe at grc.com reports all of the first 1023 ports as closed, but none as stealth. By comparison, my old router (not tp-link) reports full stealth on the exact same WAN connection, I would keep it if it did gigabit WAN, but it's only got 10/100 capability.
Re. the links you sent me, of course its possible to dig dirt on anyone, but basically in the last 20 years as our requirements have changed we've gone through maybe 8 different routers and always tested them at grc.com and this is the first one I've ever had which cannot be easily configured to never respond to port probing, aka be in 'stealth' mode. In my book this makes the TL-R605 insecure.
I installed omada controller 4.2.8. Like I said, the TL-R605 did adopt ok, and I did provision and configure it OK from the controller, but next morning it had got into this loop provisioning / adopting / provisioning... it was impossible to get at any TL-R605 settings and there was a message saying I should downgrade the controller software which sounded like nonsense to me.
I did reboot the TL-R605, it made no difference. I then clicked 'forget' in the controller but once in standalone mode the TL-R605 would not respond to any password, so I had to do a hard reset to get back into it.
It's a shame because I absolutely expected a big operator like tp-link to offer a router with a secure firewall, and was looking forward to the supposed benefits of Omada control, but while it does not do either I stand by my statement this device is not fit for purpose as a business solution.
Richard
- Copy Link
- Report Inappropriate Content
Hi All,
dbmet wrote
I just purchased a TL-R605 and added to the Omada Controller. The router seems to work fine except for when using the Shields Up Website to scan the ports almost all of them are showing Closed instead of Stealth. Is this a setting that can be adjusted or is it always going to be this way. All the other routers I have used have showed as Stealth
The R&D team has made a Beta firmware to optimize the issue above.
Welcome to install the Beta firmware and comment with your feedback from the solution post below:
Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
- Copy Link
- Report Inappropriate Content
@Fae Is there a stealth fix, beta or otherwise, for ER605 V2 hardware? I'm guessing the posted beta is just for V1.
- Copy Link
- Report Inappropriate Content
Dear @gruntfuttock,
gruntfuttock wrote
@Fae Is there a stealth fix, beta or otherwise, for ER605 V2 hardware? I'm guessing the posted beta is just for V1.
Sorry that I don't have a beta for ER605 V2, you may wait for the subsequent firmware updates for the stealth fix.
- Copy Link
- Report Inappropriate Content
@dbmet @Fae I too would like the stealth beta software for the er605v2. Please let us know when it is out.
- Copy Link
- Report Inappropriate Content
@Fae Hi Fae, please let us know when a beta fix is availble for v2. Is there an estimated time frame you could provide us?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4673
Replies: 12
Voters 0
No one has voted for it yet.