Blocking access to Remote Management on Deco units via Firewall
I recently purchased the Deco AXE5300 WIFI 6e Mesh 3 pack.
As has been mentioned in other threads on this forum, by default setup and managing the units is done via a IOS or Android app from the TP-Link cloud. Unfortunetly access to your local LAN Deco units cannot easily be disabled from the Internet via this app which is protected only by a simple login/password combination.
I am using the AXE5300 units in the AP Access Point mode. I have a pfsense router that I use to provide firewall protection of my network. In the pfsense router I set static mappings for the DHCP address assignment for the three AXE5300 MAC addresses of the units so that I know exactly what IP addresses they will be assigned on power up. I used the IOS Deco app to setup the AXE5300 units initially. But now I have setup filters in my firewall to drop ALL traffic from the AXE5300 IP addresses that tries to leave my local LAN. Keep in mind this is just IP traffic originating from the AXE5300 units themselves. Traffic from device IP addresses on the WIFI network serviced by the AXE5300 units is allowed to pass.
This seems to be working fine. The Deco management app on my phone is now unable to connect to the Deco units both locally and when connected to an outside network on the Internet. (which is what I want).
My question is will the Deco AXE5300 units operating in AP mode eventially stop functioning or forget their configuration settings if they can no longer communicate with the TP Link cloud or remote management servers after the initial configuration has been completed? I don't care about using the Deco units in router mode.
I recognize that my ability to manage the AXE5300 units is minimal on the local URL web address of the UI and non existant from the Deco IOS app when it cannot reach the units. I just want them to keep working as is with out the remote management access enabled.