Security Concerns with Wide Range Port Forwarding on Deco X55
Hello TP-Link Community,
I am currently using the Deco X55 for managing network access to a home server that hosts various services like Remote Desktop, a media server, and a game server. While setting up port forwarding, I noticed that I can only forward a wide range of ports to accommodate these services, e.g from 3389 to 27016.
While this setup might seem convenient, it poses significant security concerns. Broadly opening such a wide range of ports can expose my network to various risks, including unauthorized access and potential exploitation of vulnerable services.
Typically, it's advisable to open only the specific ports needed for each service to minimize the attack surface. Here are some specific risks involved with opening a broad range of ports:
Increased Attack Surface: Every open port could potentially be a point of entry for malicious actors.
Potential for Exploitation: Certain ports, if left open and unmonitored, can be targeted for exploits, especially if associated services have known vulnerabilities.
Network Performance: While less of a security risk, broadly opened ports could potentially impact network performance and management due to increased overhead.
Given these risks, I am looking for advice or potential updates that might allow more granular control over port forwarding settings.
For instance:
Is there a way to more precisely control which ports are forwarded without needing to open a wide range?
Are there upcoming firmware updates that might address this issue and provide better configuration options?
I appreciate any feedback or guidance you can provide on securing our network while using the Deco X55 for complex home networking setups.
I've attached two screenshots one of the large range i've had to forward and one of me trying to add multiple ports to one client which displays "This IP address is already taken."
Thank you!
Hi,
the first NAT forwarding rule is from 3389-27016 which overrides port 8096 so Deco APP pops up an error message.
You might need to delete the first rule, then add a single port each time under one profile, such as:
How to set up Port Forwarding feature on the Deco
@David-TP no luck set there to just be one port 3389 then tried adding another port but still get the same message and I can't add the port.
Might be an issue with the Deco X55. What router are you using?
Hey @David-TP
I tried that but still not luck I just can't add more than one rule the only thing I can do is have a massive range of ports open 
Hi, I did go through different errors
.
The first one always went smoothly, then I set a different port for the same client, and it told me to reserve a fixed IP address. Actually when I go back to "Address Reservation", it has been reserved already. Then I repeated, and it said, "Something went wrong, please try again".
Then I removed the "Address Reservation" profile and went back to add the port forwarding rule for the third time. It worked.
I blame it for the poor APP interaction.
so @ThriftyKiwi , sorry for the inconvenience.
Would you mind trying it again? When the error pops out, try to remove the already reserved IP address profile once.
However if it fails again, could you please help me submit the Deco APP log here:
Thank you very much and wait for your reply.