Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Update as of Jan 30th 2023
TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
As the official firmware has been released to fix the issue, this thread will be locked to stop updating.
Any further issues or concerns, please feel free to Start a New Thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
Updated on July 29, 2022:
Add the Beta firmware for ER605 V2.
ER605_v2_2.0.2_Build 20220727 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
This Article Applies to:
ER605(UN)_V1_1.1.1_Build 20210723 and earlier firmware
ER7206(UN)_V1_1.1.1_Build 20210723 and earlier firmware
Issue Description/Phenomenon:
From time to time, we received feedback that Omada Gateway cannot pass GRC Shields UP test, when using the ShieldsUp Website (grc dot com) to scan the ports, some ports are showing "Closed" instead of "Stealth" as expected.
Available Solutions:
The R&D team has made a Beta firmware to optimize the issue above. After upgrading to the Beta firmware, Omada Gateway will discard and not reply to inbound TCP SYN attempts to the WAN port, which should comply with Shield!up requirements.
Welcome to download the Beta firmware below, and verify it does resolve your concern effectively.
ER605(UN)_v1_1.1.1_Build 20220117 (Beta)
ER7206(UN)_v1_1.1.1_Build 20220117 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
Feedback:
If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valued feedback!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Fae - thanks. Before I do anything silly, I'd like to check something with you.
These are the two beta versions posted recently, from last Friday (2022-07-29) and today (2022-08-01):
Post date | Archive filename | Firmware filename |
2022-07-29 | ER605v2_un_2.0.2_20220727(beta).bin.zip | ER605v2_un_2.0.2_20220727-rel68295_up_2022-07-28_08.44.30.bin |
2022-08-01 | ER605(UN)_v2_2.0.2_20220727.zip | ER605v2_un_2.0.2_20220727-rel51535_up_2022-07-27_14.32.27.bin |
Today's one appears to have an earlier release number and an earlier date than the one posted on Friday.
Can I confirm that the one posted today is in fact the one that should address both the address reservation and the stealth ports issue? I don't want to accidentally install an earlier release and mess up my configuration!
- Copy Link
- Report Inappropriate Content
Dear @gruntfuttock,
Sorry for the confusion.
gruntfuttock wrote
Can I confirm that the one posted today is in fact the one that should address both the address reservation and the stealth ports issue?
Yes, it's confirmed that the beta link updated in the post today has addressed both the address reservation and the stealth ports issue.
If you still have the address reservation issue, please feel free to let me know.
- Copy Link
- Report Inappropriate Content
@Fae Hi, I purchase the tplink ER605 V2. How long will be the new release version of V2 firmware will be available???
- Copy Link
- Report Inappropriate Content
Because of this problem I wound up returning this router. The lack of full stealth on all ports should never be an issue, even out of the box. There is zero excuse. I'll stay with my ER-X and MicroTik routers thank you.
- Copy Link
- Report Inappropriate Content
mrusli wrote
@Fae Hi, I purchase the tplink ER605 V2. How long will be the new release version of V2 firmware will be available???
That would interest me too. When can we expect the final version?
dev_null wrote
The lack of full stealth on all ports should never be an issue, even out of the box. There is zero excuse.
I second that! It should at least be selectable and deny/drop should be the default.
IMHO, in the internal network rejecting is a viable option, but to the internet deny/drop is the preferable behaving.
- Copy Link
- Report Inappropriate Content
I returned the router and went back to my trusty ER-X and will soon replace it with a MicroTik router. Sorry, but, absolutely no router should, out of the box, ever not be full stealthed on all ports.
- Copy Link
- Report Inappropriate Content
@m.fessler It's been a while now and coming to the month of October. That there is no firmware updates being release yet. How long will it take to get it done? There have not anything up at Tp-link Firmware Update Support in Singapore yet?
- Copy Link
- Report Inappropriate Content
@dev_null ER-X is good. But i need the multiple WAN for it's ports and only Tp-link VPN Router ER605 has it. There are no options left. There are no products that are available in Singapore. Because it is very limited.
- Copy Link
- Report Inappropriate Content
@dev_null i downloaded the firmware and it is working. Did you try out.
- Copy Link
- Report Inappropriate Content
@Fae I do not know why you guys taking so long to release a fix on the firmware with version 2. I am so impatient already! The support that i get from buying this products is hopeless and regrettable.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 14286
Replies: 44