Disable WAN access on Omada controlled ER7206 Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Disable WAN access on Omada controlled ER7206 Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Disable WAN access on Omada controlled ER7206 Router
Disable WAN access on Omada controlled ER7206 Router
2022-07-31 15:53:28 - last edited 2023-07-19 20:40:52
Tags: #ER7206

Hi all,

 

I'm looking at how i can disable the WEB interface and SSH access to the ER7206 on the WAN port.

I don't want my router exposed to the WAN (that isn't exactly secure) and would like to disable this access. If i need to manage the router remotely, i have a VPN connection for that exact reason.

 

I can't find a way to disable the remote management settings for the router in the Omada controller interface.

 

I am currently running Omada version 5.3.1.

 

Thanks,

 

Aaron

 

Edit: I've since upgraded to version 5.4.6 after seeing the ability to add ACL's for WAN IN

10. Added WAN IN type for Gateway ACL.

However this has still not solved the issue as i cannot even create a rule that blocks all non RFC1918 address accessing the WAN interface - only explicit IPblocks to destination networks / port groups can be created

  0      
  0      
#1
Options
1 Accepted Solution
Re:Disable WAN access on Omada controlled ER7206 Router-Solution
2022-08-01 19:35:10 - last edited 2023-07-19 20:40:52

  @AaronN 

you cannot enable access to the router from the WAN, try and test from the WAN not from the LAN as you are doing now, if you try from the LAN with your WAN ip, you will get router login but not if you are on internet.

 

 

Recommended Solution
  0  
  0  
#4
Options
3 Reply
Re:Disable WAN access on Omada controlled ER7206 Router
2022-08-01 12:57:05

  @AaronN 

 

I just remember seeing this similar article and hope it can help you:

How to limit specific IP to access to internal server by TP-LINK SMB router?

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Disable WAN access on Omada controlled ER7206 Router
2022-08-01 18:09:23 - last edited 2022-08-01 18:09:55

  @Virgo 

Thanks for the link but unfortunately it does not solve the problem. I'm not trying to block access through the router. I'm trying to block access to the router itself. The WAN1 port exposes its management interfaces (gui and cli) through the IP assigned. I want to be able to turn off this access management so it's only available via the LAN side.

 

Its a rather large security hole that I think should be able to be closed by simply checking a Boolean field saying

'Allow remote management on wan interface' or 'Disable management access via WAN interface (LAN only)' etc.

 

Thanks

  1  
  1  
#3
Options
Re:Disable WAN access on Omada controlled ER7206 Router-Solution
2022-08-01 19:35:10 - last edited 2023-07-19 20:40:52

  @AaronN 

you cannot enable access to the router from the WAN, try and test from the WAN not from the LAN as you are doing now, if you try from the LAN with your WAN ip, you will get router login but not if you are on internet.

 

 

Recommended Solution
  0  
  0  
#4
Options