I've set up a small Omada network for testing and I've seen something strange with the port forwarding.  If I forward all ports via the dmz function it works as expected and ALL ports that I've checked seem to forward correctly.  If instead, I only forward selected ports most seem to work correctly but a few (500 and 4500 discovered so far) do not.  I'm testing using nmap on a device directly connected on the WAN side and tcpdump on the target machine inside the network so this is NOT an ISP issue.  Since the ports that don't forward are for a L2TP vpn and the ER605 does have vpn server capability internally I suspect that it is silently refusing to set the forward rule but I don't know how to confirm that or what to do about it.  I do NOT have any vpn servers configured on the ER605 at this time but I did earlier so it's possible that some setting related to that is still stuck in there somewhere.  Next steps I'm thinking of are to reset the ER605 to factory defaults and re-adopt it or possibly configure it outside of the Omada platform and see if it behaves the same.

Any thoughts or suggestions?