IPv6 Firewall rules - TL-R605 v1 1.1.1
Starting to play around with IPv6 and it all works so fare very well... although I'm curious if I can find somewhere in the controller settings to adjust/manage firewall rules for IPv6.
Currently ports and services are exposed to the Internet via IPv6, of course I can do host based firewalls, but preferably do it on the router for the whole LAN.
To decrease the attack surface, I currently disabled IPv6 and enable it only when I play around with it.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @paderijk, @m.fessler, @SuperUserOne, @ldev, @sgo, @Probi,
Thanks for your continuous attention to this thread. Sorry that it seems the firmware for supporting IPv6 Firewall rule has been postponed, we haven't been informed when the new firmware that supports IPv6 Firewall rules will get ready to release yet.
According to the past release order, I would expect that the Omada Controller v5.9 would support IPv6 configuration first, and then the Omada Gateway would release the firmware to support IPv6 firewall rules in the year. As for whether the updated firmware would be for both v1 and v2 on the ER605, I will try and provide an update for you when we get a notice of the firmware release for the IPv6 firewall feature, or when we get our hands on the new firmware for trial.
*Please note that the information provided here is based on the current information we have, it's provided for informational purposes only, not a guarantee or a promise. Any plans are subject to change, the final firmware releases shall prevail.
- Copy Link
- Report Inappropriate Content
Hello @Gigawebs
Controller 5.9 has added the IPv6 ACL for Omada EAPs and Switches. I think the IPv6 ACL for Omada Routers like ER605 V2 might be added soon in the next Controller version. Sorry that I don't have further information right now, will try to provide an update when there is more came out.
*Please note that the information provided here is based on the current information we have, it's provided for informational purposes only, not a guarantee or a promise. Any plans are subject to change, the final firmware releases shall prevail.
- Copy Link
- Report Inappropriate Content
I asked a similar question a few weeks ago. No response yet. Hopefully they will have something soon or tell us it isn't coming and we can look at alternative gateway devices. Personally I really like the Omada system. Just need some higher end options for gateway devices. Devices with more VPN throughput, Wireguard support, IPv6 Support, and Stateful Firewall rules both WAN to LAN and LAN to LAN. Later they could even offer more options with IDS/IPS, DNS filtering, Web Content Filtering, etc.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Fae Thanks, there is definitely demand for this feature. I asked a similar question before that went unanswered, so it is good to know the request has at least been recorded.
Without this a transparent firewall is needed, or more likely a non-Omada router instead. It is a pretty basic feature that is very important. I, too, have simply disabled IPv6 for the time being. At a bare minimum there needs to be an ability with SLAAC to block all new incoming requests.
- Copy Link
- Report Inappropriate Content
@Fae - Any updates on this subject? My ISP is pushing more and more IPv6 (IPv4 is still available), but I really would like to make my network future ready.
- Copy Link
- Report Inappropriate Content
@Fae - Curious if there is any update or guidance? Thanks in advance!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@markab You're right. it is in no case recommended to use the router with IPv6, because you are more or less unprotected!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 29
Views: 20776
Replies: 84