Business Community > Controllers > Firewall rules
< Controllers

Firewall rules

Firewall rules

Firewall rules
Firewall rules
2025-07-14 18:08:57 - last edited 2025-07-17 01:42:21
Model: Omada Software Controller (Linux)  
Hardware Version:
Firmware Version:

I'm on OSC and versoin is 5.15.24.18
Setup is with:
ER605 v2.2 with formware 2.3.0
SG2210MP v5.0 with firmare 5.0.8
EAP653(EU)v1.0 with firmware 1.1.3

 

I have so far "Default" network, and I have network and some servers on static IP (using ER605 DHCP)

Trying to make some firewall rules this way:
Setting->Network Security->Firewall

But there isn't any options to make any rules. I only have "State Timeouts" & "Firewall Options"

Where do one make firwall rules in this thing?

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Firewall rules-Solution
2025-07-16 21:37:49 - last edited 2025-07-17 01:42:21

  @wow1968 

 

ACLs are the only configurable aspect of inbound, outbound and inter-vlan firewall rules you can make on omada (and are pretty much interchangeable with "firewall rules" on omada and other platforms)

 

You can create ACLs to have all the effects you have specified, not that they are particularly necessary as everything is blocked originating from the WAN anyway, but you can reinforce that with ACLs

 

For example, to block the bogon network spoofing

 

Create IP group with the entries you want, eg 192.168.0.0/16, 10.0.0.0/8 and 172.20.0.0/12, then the gateway ACL  BLOCK > WAN IN > IP_Group_You_Made > IP_Any

 

eg, some of mine

 

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
Recommended Solution
  2  
  2  
#8
Options
8 Reply
Re:Firewall rules
2025-07-15 07:21:34

Hi  @wow1968 

 

What exactly do you want to configure?

 

You may have a look on the following post to see if any meets your requirement:

CL Guide Compilation

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:Firewall rules
2025-07-15 08:20:13

  @Vincent-TP 

I used to pfSense but have removed it and got a more professional setup.

Normal WAN rules is the first thing that come in mind.
Block WAN->LAN
Block Bogon networks

I have set that all information from Omada should be sent as webhooks and I have a Webhook receiver. Got 2 Firewall warnings in Gotify, but no place in Omada Controller to see the issue. (This is of course a different case, but it's all about the "Advanced Firewall" ER605 is supposed to have)

  0  
  0  
#3
Options
Re:Firewall rules
2025-07-16 01:27:39

Hi  @wow1968 

 

Block WAN -> LAN

>>This is blocked by default. You can verify by ping the router's LAN IP address from WAN side, and it won't reply.


Block Bogon networks

>>>What do you mean by Bogon networks? Do you mean virtual networks?

 

Got 2 Firewall warnings in Gotify,

>>>What is the specific content of the warning message?

 

You may check the Firewall settings page and enable the options you need:

 

 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#4
Options
Re:Firewall rules
2025-07-16 07:34:58

  @wow1968 

 

I believe you are looking for ACLs

 

Settings > ACL (under network security heading)

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  0  
  0  
#5
Options
Re:Firewall rules
2025-07-16 20:08:42 - last edited 2025-07-16 20:09:23

  @Vincent-TP 

 

Block Bogon networks

>>>What do you mean by Bogon networks? Do you mean virtual networks?

From Netgear / pfSense - Community

Block private networks: blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 subnets.
Block bogon networks: blocks any unallocated IP subnets (pfSense pulls a fresh list Monthly).
These options are designed to prevent someone from using private or bogon IP addresses on the WAN side.

I have dropped Gotify, it was just another "site" to check for warning etc. I can do it from the controller.

  0  
  0  
#6
Options
Re:Firewall rules
2025-07-16 20:27:49

  @GRL 

No, ACL's and Firewall rules are two different things.
In TP-Link's advertisong of the ER605 they say it has a "Advanced Firewall"

I would like to access these features, (quote from TP-Link/Omada info regarding ER605):
Abundant Security Features: Advanced firewall policies, DoS defense,IP/MAC/URL filtering, and more security functions protect your network and data.

Here is a AI answer regarding difference of ACL and Firewall rules:

An Access Control List (ACL) is a set of rules that controls access to network resources, primarily filtering traffic based on IP addresses and protocols, while a firewall is a more comprehensive security system that monitors and controls all incoming and outgoing network traffic based on a broader set of security rules. Firewalls can provide additional features like intrusion detection and prevention, making them more advanced than ACLs.

 

Overview of ACLs and Firewalls

Access Control Lists (ACLs) and firewalls are both essential tools for network security, but they serve different purposes and operate at different levels.

Key Differences

Functionality

Feature Access Control List (ACL) Firewall
Purpose Controls access to network resources Monitors and controls network traffic
Level of Operation Operates at Layer 3 (Network Layer) Operates at Layer 3 and Layer 7 (Application Layer)
Traffic Filtering Filters based on IP addresses and protocols Filters based on a broader range of criteria, including applications
Configuration Simple rules for allowing or denying traffic More complex rules with stateful inspection

Use Cases

Use Case Access Control List (ACL) Firewall
Network Segmentation Used to restrict access between network segments Protects entire network from external threats
Basic Traffic Control Blocks or allows traffic from specific IPs Provides advanced security features like intrusion detection

Summary

ACLs are primarily used for basic traffic filtering based on IP addresses, while firewalls provide comprehensive security by monitoring and controlling all types of network traffic. Firewalls are generally more advanced and capable of handling complex security requirements.

  0  
  0  
#7
Options
Re:Firewall rules-Solution
2025-07-16 21:37:49 - last edited 2025-07-17 01:42:21

  @wow1968 

 

ACLs are the only configurable aspect of inbound, outbound and inter-vlan firewall rules you can make on omada (and are pretty much interchangeable with "firewall rules" on omada and other platforms)

 

You can create ACLs to have all the effects you have specified, not that they are particularly necessary as everything is blocked originating from the WAN anyway, but you can reinforce that with ACLs

 

For example, to block the bogon network spoofing

 

Create IP group with the entries you want, eg 192.168.0.0/16, 10.0.0.0/8 and 172.20.0.0/12, then the gateway ACL  BLOCK > WAN IN > IP_Group_You_Made > IP_Any

 

eg, some of mine

 

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
Recommended Solution
  2  
  2  
#8
Options
Re:Firewall rules
2025-07-17 07:57:12

  @GRL 

 

OK, and many thanks.

I don't like that there are rules inside the firewall, that I don't see or cn do somthing with.
But I have to accept that this is the Omada way. (Have to get used to it.)

Many thanks for your kind help and soultion.

  0  
  0  
#9
Options

Information

Helpful: 0

Views: 358

Replies: 8

About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.