Hi All,

I've recently switched to an Omada router after previously using Opnsense. I've noticed that the behavior for IPsec VPNs is different from what I've experienced with other firewall vendors.

Typically, other firewall vendors restrict the source IP for IPsec firewall rules to the destination IP specified in the configuration. However, Omada doesn’t seem to enforce this restriction, leaving IPsec ports (500 and 4500) exposed to the entire internet.

I'm wondering if there’s a way to limit this exposure, possibly using Gateway ACLs, or if there might be plans for a firmware update to address this.

Thanks!