Update devices in remote site

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Update devices in remote site

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Update devices in remote site
Update devices in remote site
2023-02-07 15:25:28 - last edited 2023-02-08 08:12:59
Model: OC200  
Hardware Version: V1
Firmware Version: 5.7.6

Hi there,

Apologies for my English, non mother tongue here :)

 

I've a OC200 that manage devices across two different sites (Site A and Site B) connected to each other with the Internet

 

Each site has pretty much the same setup: ISP modem/gateway --> TP-Link gateway (behind ISP nat) --> TP-Link Switch --> APs and servers.

 

 

OC200 is located in Site A where I opened port 29810-29814 in both the ISP modem/gateway and the TP-Link gateway in order to adopt the devices in Site B via Controller Inform URL (as shown here https://www.tp-link.com/no/support/faq/3087/).

 

Devices in Site B were adopted with no problem but every time I try to update them I get the same error:

 

Failed to upgrade Router to firmware version 2.0.0 Build 20220106 Rel.56391 online. Please check your network configuration and make sure the device can access the Controller's HTTPS management port.

 

It seems I'm missing some port forwarding, maybe port 443 (as shown in https://community.tp-link.com/en/business/kb/detail/362?page=2)?

Unfortunately port 443 it's already been use by one of my web server. If this is the issue, can I change that specific port in the Controller and use another one? How?

 

Many thanks in advance!

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Update devices in remote site-Solution
2023-02-07 16:51:54 - last edited 2023-02-08 08:12:59

  @usefulnoise 

 

insanely enough, tp-link has decided that the omada sdn management port on controller must be exposed to the internet, which means that you must port forward the management port of the OC200, which is deafult 443 on OC200, in order to upgrade remote site devices.

 

if 443 is alredy in use you have to change management port in OC200. you find this in controller settings tab.

 

if you have fixed ip in remote site you can allow only this ip, if you have dynamic ip you have to expose the controller for the world :-)

 

Recommended Solution
  2  
  2  
#2
Options
3 Reply
Re:Update devices in remote site-Solution
2023-02-07 16:51:54 - last edited 2023-02-08 08:12:59

  @usefulnoise 

 

insanely enough, tp-link has decided that the omada sdn management port on controller must be exposed to the internet, which means that you must port forward the management port of the OC200, which is deafult 443 on OC200, in order to upgrade remote site devices.

 

if 443 is alredy in use you have to change management port in OC200. you find this in controller settings tab.

 

if you have fixed ip in remote site you can allow only this ip, if you have dynamic ip you have to expose the controller for the world :-)

 

Recommended Solution
  2  
  2  
#2
Options
Re:Update devices in remote site
2023-02-08 08:18:19

Hi @shberge,

thanks for you reply!

 

I agree with you, having to expose the Omada SDN management port doesn't seems to be the wisest and safest things and it kinda defeat all the Omada hybrid cloud approach.

 

I would really appreciated a comment from a TP-Link representative on this, just to understand what's the logic under this choice in order to evaluate if the Omada path is a viable and safe solution for a multi site configuration or if it's better if I move to another brand.

 

Unfortunately Site B doesn't have a fix IP. If I could use an FQDN for the forwarding rule, I would have resolved all my security concern updating a reserved domine name whit the Site B IP every X minutes.

Plan B is to open and close manually the port forward on HTTPS management port just when devices in Site B needs to be updated but it's not by far the smartest thing to do.

 

Looking forward to have a comment from a TP-Link representative.

 

Have a nice day!

  0  
  0  
#3
Options
Re:Update devices in remote site
2023-02-18 19:04:12

  @usefulnoise 

yes this is really crazy from TP-Link, I wonder what they are thinking when they do that. It doesn't seem like they think much about security.
i do like you, switch off and on as needed, so Plan-B is a good plan.smiley

 

 

  1  
  1  
#4
Options