SPI Firewall Configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

SPI Firewall Configuration

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
SPI Firewall Configuration
SPI Firewall Configuration
2021-08-12 01:03:41 - last edited 2021-08-12 01:47:37
Model: ER605 (TL-R605)  
Hardware Version:
Firmware Version:

In the data sheet for the ER605 it says it is an SPI firewall. How do you configure this and turn it on in the Omada controller? Can it block all external connections inbound? It doesn't do that by default as I can ping my computers from an external source (via IPv6 PD) and I can connect with RDP, SSH, etc from the outside. Is there a way to block all that on ingress?

 

I did find a button to disable pings, but what about other connections?

  0      
  0      
#1
Options
4 Reply
Re:SPI Firewall Configuration
2021-08-13 01:45:55

@Jackace 

 

Hey,

 

Do the computers in your LAN network obtain IPv4 or IPv6 addresses? If they get IPv4 addresses, SPI firewall is enabled by default, no need to configure anything. But I guess you may use IPv6. If that is the case, they haven't developed firewall function yet based on IPv6 addresses.

  0  
  0  
#2
Options
Re:SPI Firewall Configuration
2021-08-13 05:16:13

@Somnus 

 

My lan  has both IPv4 and IPv6. IPv4 is unreachable from the Internet because it is behind NAT. IPv6 though my PCs have globally routable IPv6 addresses on them so they are reachable from anywhere on the Internet. I was hoping I could turn on the SPI firewall and block all incoming requests that are not initiated by something on the LAN making a request. Sounds like I'm going to need an actual firewall for this functionality.

  0  
  0  
#3
Options
Re:SPI Firewall Configuration
2021-08-13 08:31:18 - last edited 2021-08-13 08:36:30

@Jackace 

 

This router can't block WAN access to IPv6 address. You can try blocking ping from WAN, but it seems also base on IPv4 address. I never try to use it to block IPv6 access.

  0  
  0  
#4
Options
Re:SPI Firewall Configuration
2021-08-13 08:59:39

Yeah I figured the IPv6 firewall rules were pretty light or nonexistent. Wondering if those are coming on the r605 or if there are plans for a more full featured gateway router/firewall in the future?

  0  
  0  
#5
Options