20
Votes

ER7206 Gateway ACL LAN-LAN IPGroup

 
20
Votes

ER7206 Gateway ACL LAN-LAN IPGroup

ER7206 Gateway ACL LAN-LAN IPGroup
ER7206 Gateway ACL LAN-LAN IPGroup
2023-04-24 13:08:50 - last edited 2024-08-27 01:09:44
Model: ER7206 (TL-ER7206)  
Hardware Version: V1
Firmware Version: 1.3.0

Hello

 

Do you have any plans for releasing the option to configure ER7206 Gateway ACL LAN-LAN IPGroup?

 

This would allow for effective VLAN application and is a key factor for an integrated solution.

 

Note: using OC200 v1.0 running Firmware Version 1.24.0 Build 20230328 Rel.52384 and Controller Version 5.9.32

#1
Options
1 Accepted Solution
RE:ER7206 Gateway ACL LAN-LAN IPGroup-Solution
2024-08-27 01:09:20 - last edited 2024-08-27 01:09:26

Hi @Gogan 

Thanks for posting in our business forum.

Gogan wrote

  @Clive_A 

 

So... Any update on this new feature?

The direction of LAN > LAN, GW ACL, IP-Port group as the SRC and DST is scheduled to V5.16.X and adapted firmware.

 

Please note that this will involve an adapted firmware, not just a controller update. Firmware development is a complex process, and timelines may change. Therefore, we cannot provide a specific release date at this time. Please stay tuned to future firmware release notes for updates.

When introducing a feature like this, we typically apply it uniformly across all models to ensure consistency and a seamless user experience.

However, it's essential to acknowledge that hardware limitations may exist, which might prevent us from adding the feature to certain models. In such cases, we cannot provide individual notifications explaining the reason. Please note that we cannot guarantee the fulfillment of all requests, and we must set clear expectations upfront.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
#21
Options
20 Reply
Re:ER7206 Gateway ACL LAN-LAN IPGroup
2023-05-23 23:08:30

  @Gogan 

 

No feedback?

#2
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-07-24 12:58:27 - last edited 2023-07-24 13:00:13

I would also like this (and IP-Group-Port) for the ER605.

 

The current limitation of only being able to block everything at the Gateway level means you can't selectively grant access to specific resources like you can at the Switch level, which is unfortunate as the Gateway is the only thing that can perform stateful ACL.

 

See this thread: Allowing VLAN access to shared resources

#3
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-07-24 13:48:18

  @TalkiToaster 

 

Unfortnatly TP-Link seems to be ignoring this basic limitation in a "enterprise" device.

 

I'm just a  "prosumer" managing my home network and find it annoying and restrictive, would not take it as a professional.

 

It's a shame because the hardware (Gateway, Switchs and APs) have been extremely reliable. Just got sophos and will give pfsense a try do replace the gateway

#4
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-07-24 16:15:43

@Gogan Yeah, it's certainly unfortunate, and I think I'll have to use multiple VLANs to emulate what I should be able to achieve via IP-Groups :(

 

FYI @Hank21 as this seems tangentially related to another issue you accepted: Multi-network, isolated VLAN support in Omada Controller with only ER7206 (since we need to rely on the Gateway ACLs).

#5
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-07-25 02:09:22 - last edited 2024-08-27 01:09:31

Hi All,

 

Thank you for your valuable feedback.

I've recorded this request and will report it to the developer team for evaluation.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
#6
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-07-25 07:34:05

  @Hank21 

 

to be honest i thought it was a bug but i've realized it's not. I hope this will be added as soon as possible.

 

#7
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-09-14 12:03:09
I really want this on ER7206
#8
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-10-17 23:38:46

  @Hank21 

 

Any update on this issue?

 

Another beta is released (ER7206 V1_1.4.0_Build 20230828) and still no address to this.

#9
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2023-10-18 01:44:46

Hello @Gogan,

 

Thank you for your feedback and inquiry. I understand that you are eager to know more about the feature request of the Gateway ACL LAN-LAN IP Group mentioned in this thread. At this time, we do not have specific information on when the feature will be released or which router model will add the feature of Gateway ACL LAN-LAN IP Group finally.

 

But please rest assured that our development team is working diligently to provide the best possible updates for our customers. Every feature request is taken into consideration, and we appreciate your patience as we work to prioritize and implement them.

 

This post will be updated as soon as the feature becomes available. In the meantime, if you require to support the LAN-LAN IP Group for Gateway ACL feature urgently, we recommend exploring alternative solutions that may meet your needs.


Once again, we appreciate your support and feedback on our product, and we will continue to strive towards meeting our customers' expectations.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
#10
Options
RE:ER7206 Gateway ACL LAN-LAN IPGroup
2024-02-09 03:45:52 - last edited 2024-02-09 03:48:59

  @Hank21 

 

I got same limitation on er605, and thinking it was a bug. I'm new in omada, how it is possibile such a base firewall option is not here in entrprise level hw? 

 

Absurde even more is a lot of months passed and this not addressed! Would you really bring us to point to other firewall solution?

 

But also in standalone mode this is not possible?

#11
Options