Which router/firewall to chose
I'm looking for a router/firewall that has the following features:
1. Omada integration
2. WireGaurd
3. Stateful ACLs
4. VLANs
I asked the chat help and they responded that this doesn't exist.
But I thought I saw things on the forum that said the ER605 V2 and the ER7206 support these features.
I'm struggling to figure out what is/isn't supported by the TP-Link products.
thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Maybe ER7212PC, actually that is the only router have Omada controller integration.
But I don't know if it supports WireGaurd. My ER605 does not support it yet
- Copy Link
- Report Inappropriate Content
1. Omada integration —— ER7212PC
2. WireGaurd —— ER605v2, newest firmware
3. Stateful ACLs —— ER605v2, newest firmware
4. VLANs —— Almost each
- Copy Link
- Report Inappropriate Content
I would remove Wireguard from your requirement list. Having just upgraded my ER605v2 to the new firmware with Wireguard support, I can tell you the implementation of it sucks. I didn't even bother testing performance due to the headaches involved with configuring and managing it.
I've been using Wireguard on a Pi via PiVPN as well as on a Synology using wg-easy....both of which perform to the limits of my bandwidth and most importantly, are infinitely more user friendly to setup. With both, you define clients within the system then either capture the configs for each client with via QR code or exporting the config file then import on the clients.
With TP-Link's implentation, you have to manual build both sides of the config (client and router) including having to manually generate your own keys, copy/paste between client and router, etc.
- Copy Link
- Report Inappropriate Content
That is disappoing to hear about wireGuard. Their open VPN setup is quite nice and supports QR codes as well.
for ER605v2, does it support statefull ACLs via Omada or just stand alone?
thanks
- Copy Link
- Report Inappropriate Content
Yes, I'm a bit disappointed by the Wireguard implentation as well. From the FAQ they linked to from the firmware update, it appears the experience is slightly different in stand-alone mode but only very slightly. The screen shot shows an export option but the context of that export option makes no sense. It only seems to show up on the actually router VPN interface side which isn't terribly helpful. On Pi and Synology, when I export a config, it's the full config file for each client...doesn't get much easier. I'd rather have my router handling VPN duties but it's just not worth the trouble and drawbacks.
Full tunnel mode does work now on OpenVPN but I'm only using that as a fallback at this point because the performance is so limited, even compared to OpenVPN on my Synology which is faster. Still, Wireguard on both Pi and Synology is WAAAAY faster than OpenVPN.
Regarding statefull ACLs, as far as I can tell, it's supported in the latest controller just based on what I see in the "Gateway ACL" setup page:
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 846
Replies: 5
Voters 0
No one has voted for it yet.