ER605 - no firewall? (latest firmware everywhere)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER605 - no firewall? (latest firmware everywhere)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 - no firewall? (latest firmware everywhere)
ER605 - no firewall? (latest firmware everywhere)
2021-05-11 16:16:28 - last edited 2023-06-05 01:24:36
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.0.1

I'm confused here. I thought the ER605 was an edge-router. I just replace my Ubiquiti ER-X with this and it has <10% the capability. I got it adopted, reset my LAN to my preferred 10.50.1.1/24, coded all my fixed IPs, but "none" of the things I'd expect from a Router beyond DHCP seem to exist. Port-Forwarding (can't find it), Firewall (straight rejected). And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.

 

After many hours playing, I'm planning to return this if I can't get it to be a router today. ... but I don't want to.

 

EDIT:

1) Port-Forwarding: I got the routing to work via the NAT screen, but now I'm limited by the list of source IPs. I need to put ~30 but cap'd at ~5.

2) Closed-Ports: by limiting DHCP to 100-250, and setting up a DMZ to x.x.x.254 I was able to 'stealth' a lot of ports, but things like FTP / SSH / TELNET / UPnP are still there, all be it 'closed'. These are the exact ports I would want to be fully stealth and not reply at all.

 

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 - no firewall? (latest firmware everywhere)-Solution
2022-01-19 10:58:28 - last edited 2023-06-05 01:24:27

Hi All,

 

MikeL_c8en3f3 wrote

And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.

 

The R&D team has made a Beta firmware to optimize the issue above. 

 

Welcome to install the Beta firmware and comment with your feedback from the solution post below:

 

 Solution  Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.

Updated on Jan 30th 2023: 

The official firmware has been released to fix the Full Stealth issue, check the above solution post for details.

 

For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.

For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#6
Options
12 Reply
Re:ER605 - no firewall? (latest firmware everywhere)
2021-05-12 03:17:31

@MikeL_c8en3f3 

 

I am running the ER605 and have no issues with ports being seen external to the network. Make sure you are setting the Packet Anomaly Defense, I just enabled all of them, settings under network security>attack defense. I also disabled ALGs under the Transmission>NAT>ALG settings. I left IPsec alg and PPTP alg enabled.

 

 

  2  
  2  
#2
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2021-05-12 04:00:25
Thanks ian_682 ... I ended up reverting already to my ER-X as the ER605 was just not cutting it for me. Maybe in standalone mode, but it was flaky and Omada even kept reporting it as down. Every 2-3 hours on average. I reset it to standalone/stock and it didn't work at all, mainly because my Omada was all set to 10.50.1.1/24 and the ER605 would only come up in 192.168.0.1/24 and because a real nuisance. I factory reset the ER-X, set it to my desired 10.50.1.1/24, setup a couple other things (ex: static IPs), then swapped out the ER605 and like magic everything works again. And I'm "true stealth" every where except my 443 port again (once I open it). Too bad. It "seemed" like a solid device. But it just didn't work to expectation as part of the Omada SDN. Which was the whole point of getting it. I also felt that once integrated with Omada I lost what looked like 75% of the features of when it was standalone.
  1  
  1  
#3
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2021-05-28 23:43:36

@ian_682 Are you saying that shields up returns stealth for all your ports?  Mine is showing all visible even on the newest 1.1 firmware.

  0  
  0  
#4
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2021-05-29 02:04:39 - last edited 2021-05-29 02:05:37

With my ER-X, yes. full stealth. With my ER-605, nowhere near stealth. https://ibb.co/NywycqM

 

  0  
  0  
#5
Options
Re:ER605 - no firewall? (latest firmware everywhere)-Solution
2022-01-19 10:58:28 - last edited 2023-06-05 01:24:27

Hi All,

 

MikeL_c8en3f3 wrote

And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.

 

The R&D team has made a Beta firmware to optimize the issue above. 

 

Welcome to install the Beta firmware and comment with your feedback from the solution post below:

 

 Solution  Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.

Updated on Jan 30th 2023: 

The official firmware has been released to fix the Full Stealth issue, check the above solution post for details.

 

For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.

For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#6
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2022-01-19 15:47:08
I appreciate that you've continued to view this as an issue. So many people seem happy with the ER605 I figured I would be too. But it was just far too many things that just didn't work well that I did return the item the next day. ... maybe another Omada router is in my future but for now the ER-X is still working as a router should.
  2  
  2  
#7
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2022-01-31 17:40:06

I am experiencing the exact same issue. Any plan for fixing it in the future? 

  0  
  0  
#8
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2022-02-08 07:06:41

Dear @Buxtehude,

 

Buxtehude wrote

I am experiencing the exact same issue. Any plan for fixing it in the future? 

 

Please follow the solution post below for the beta firmware for an urgent fix.

 

 Solution  Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#9
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2022-03-14 02:41:40

  @MikeL_c8en3f3 

Hi Tp-link support team,

I just install ER605, for my surprise after adopting the device I receive a message from Omada informing me that this device doesn't have support to firewall.

Looking at the box it states "Advanced firewall policies protect your network and data".

Is the Firewall feature coming in the next firmware update? I only bot this device because of the firewall informed in the box.

  0  
  0  
#10
Options
Re:ER605 - no firewall? (latest firmware everywhere)
2022-03-14 02:54:51

Dear @Marmao,

 

Marmao wrote

I just install ER605, for my surprise after adopting the device I receive a message from Omada informing me that this device doesn't have support to firewall.

 

Could you please upload a screenshot of the message for checking?

What's the current firmware version of your ER605? How about the version of the Omada Controller?

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#11
Options