Restricting internet access for OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Restricting internet access for OC200

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Restricting internet access for OC200
Restricting internet access for OC200
2023-03-13 15:02:14
Tags: #Omada SDN

Hi all,

 

Due to supply chain issues we were forced to deviate from our network standard.

Since I was already familiar with TP-Link omada I suggested that for the time being as a temporary solution we'd implement an OC200 together with some EAP245's

 

I got a request from our networking department for restricting the OC200's connection to internet.

Which makes sense, because if the appliance get's compromised you don't want it to go all over the internet or compromising other network equipment.

 

Which CIDR address spaces or domains do I need to whitelist in our firewall for the OC200 still being able to fetch firmware updates and maintain manageability over the internet?

 

  0      
  0      
#1
Options
2 Reply
Re:Restricting internet access for OC200
2023-03-13 18:34:02

  @BartvdbB 

 

Why not just completely isolate the OC200 from the internet with Policy Routes, and then use NAT port-forwards from the router's WAN to allow for remote managment.  Firmware updates can be done manually through the web UI (not that they happen frequently) if desired.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:Restricting internet access for OC200
2023-03-14 07:54:20

  @d0ugmac1 that is almost exactly what we intended to achieve.

 

  0  
  0  
#3
Options