ER605 - no firewall? (latest firmware everywhere)
ER605 - no firewall? (latest firmware everywhere)
I'm confused here. I thought the ER605 was an edge-router. I just replace my Ubiquiti ER-X with this and it has <10% the capability. I got it adopted, reset my LAN to my preferred 10.50.1.1/24, coded all my fixed IPs, but "none" of the things I'd expect from a Router beyond DHCP seem to exist. Port-Forwarding (can't find it), Firewall (straight rejected). And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.
After many hours playing, I'm planning to return this if I can't get it to be a router today. ... but I don't want to.
EDIT:
1) Port-Forwarding: I got the routing to work via the NAT screen, but now I'm limited by the list of source IPs. I need to put ~30 but cap'd at ~5.
2) Closed-Ports: by limiting DHCP to 100-250, and setting up a DMZ to x.x.x.254 I was able to 'stealth' a lot of ports, but things like FTP / SSH / TELNET / UPnP are still there, all be it 'closed'. These are the exact ports I would want to be fully stealth and not reply at all.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi All,
MikeL_c8en3f3 wrote
And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.
The R&D team has made a Beta firmware to optimize the issue above.
Welcome to install the Beta firmware and comment with your feedback from the solution post below:
Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
Updated on Jan 30th 2023:
The official firmware has been released to fix the Full Stealth issue, check the above solution post for details.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
- Copy Link
- Report Inappropriate Content
I am running the ER605 and have no issues with ports being seen external to the network. Make sure you are setting the Packet Anomaly Defense, I just enabled all of them, settings under network security>attack defense. I also disabled ALGs under the Transmission>NAT>ALG settings. I left IPsec alg and PPTP alg enabled.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@ian_682 Are you saying that shields up returns stealth for all your ports? Mine is showing all visible even on the newest 1.1 firmware.
- Copy Link
- Report Inappropriate Content
With my ER-X, yes. full stealth. With my ER-605, nowhere near stealth. https://ibb.co/NywycqM
- Copy Link
- Report Inappropriate Content
Hi All,
MikeL_c8en3f3 wrote
And when I test my port security from GRC's Shields Up the vast majority of ports are listening and just rejecting (aka, "closed" instead of "stealth"). I know closed is still safe, but stealth is preferred. I have a few home servers and can't even figure out how to open a port to it when desired.
The R&D team has made a Beta firmware to optimize the issue above.
Welcome to install the Beta firmware and comment with your feedback from the solution post below:
Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
Updated on Jan 30th 2023:
The official firmware has been released to fix the Full Stealth issue, check the above solution post for details.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I am experiencing the exact same issue. Any plan for fixing it in the future?
- Copy Link
- Report Inappropriate Content
Dear @Buxtehude,
Buxtehude wrote
I am experiencing the exact same issue. Any plan for fixing it in the future?
Please follow the solution post below for the beta firmware for an urgent fix.
Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
- Copy Link
- Report Inappropriate Content
Hi Tp-link support team,
I just install ER605, for my surprise after adopting the device I receive a message from Omada informing me that this device doesn't have support to firewall.
Looking at the box it states "Advanced firewall policies protect your network and data".
Is the Firewall feature coming in the next firmware update? I only bot this device because of the firewall informed in the box.
- Copy Link
- Report Inappropriate Content
Dear @Marmao,
Marmao wrote
I just install ER605, for my surprise after adopting the device I receive a message from Omada informing me that this device doesn't have support to firewall.
Could you please upload a screenshot of the message for checking?
What's the current firmware version of your ER605? How about the version of the Omada Controller?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 10383
Replies: 12
Voters 0
No one has voted for it yet.