Accepted ER7206 Gateway ACL LAN-LAN IPGroup
Accepted ER7206 Gateway ACL LAN-LAN IPGroup
Hello
Do you have any plans for releasing the option to configure ER7206 Gateway ACL LAN-LAN IPGroup?
This would allow for effective VLAN application and is a key factor for an integrated solution.
Note: using OC200 v1.0 running Firmware Version 1.24.0 Build 20230328 Rel.52384 and Controller Version 5.9.32
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Gogan
Thanks for posting in our business forum.
Gogan wrote
The direction of LAN > LAN, GW ACL, IP-Port group as the SRC and DST is scheduled to V5.16.X and adapted firmware.
Please note that this will involve an adapted firmware, not just a controller update. Firmware development is a complex process, and timelines may change. Therefore, we cannot provide a specific release date at this time. Please stay tuned to future firmware release notes for updates.
When introducing a feature like this, we typically apply it uniformly across all models to ensure consistency and a seamless user experience.
However, it's essential to acknowledge that hardware limitations may exist, which might prevent us from adding the feature to certain models. In such cases, we cannot provide individual notifications explaining the reason. Please note that we cannot guarantee the fulfillment of all requests, and we must set clear expectations upfront.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I would also like this (and IP-Group-Port) for the ER605.
The current limitation of only being able to block everything at the Gateway level means you can't selectively grant access to specific resources like you can at the Switch level, which is unfortunate as the Gateway is the only thing that can perform stateful ACL.
See this thread: Allowing VLAN access to shared resources
- Copy Link
- Report Inappropriate Content
Unfortnatly TP-Link seems to be ignoring this basic limitation in a "enterprise" device.
I'm just a "prosumer" managing my home network and find it annoying and restrictive, would not take it as a professional.
It's a shame because the hardware (Gateway, Switchs and APs) have been extremely reliable. Just got sophos and will give pfsense a try do replace the gateway
- Copy Link
- Report Inappropriate Content
@Gogan Yeah, it's certainly unfortunate, and I think I'll have to use multiple VLANs to emulate what I should be able to achieve via IP-Groups :(
FYI @Hank21 as this seems tangentially related to another issue you accepted: Multi-network, isolated VLAN support in Omada Controller with only ER7206 (since we need to rely on the Gateway ACLs).
- Copy Link
- Report Inappropriate Content
Hi All,
Thank you for your valuable feedback.
I've recorded this request and will report it to the developer team for evaluation.
- Copy Link
- Report Inappropriate Content
to be honest i thought it was a bug but i've realized it's not. I hope this will be added as soon as possible.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Any update on this issue?
Another beta is released (ER7206 V1_1.4.0_Build 20230828) and still no address to this.
- Copy Link
- Report Inappropriate Content
Hello @Gogan,
Thank you for your feedback and inquiry. I understand that you are eager to know more about the feature request of the Gateway ACL LAN-LAN IP Group mentioned in this thread. At this time, we do not have specific information on when the feature will be released or which router model will add the feature of Gateway ACL LAN-LAN IP Group finally.
But please rest assured that our development team is working diligently to provide the best possible updates for our customers. Every feature request is taken into consideration, and we appreciate your patience as we work to prioritize and implement them.
This post will be updated as soon as the feature becomes available. In the meantime, if you require to support the LAN-LAN IP Group for Gateway ACL feature urgently, we recommend exploring alternative solutions that may meet your needs.
Once again, we appreciate your support and feedback on our product, and we will continue to strive towards meeting our customers' expectations.
- Copy Link
- Report Inappropriate Content
I got same limitation on er605, and thinking it was a bug. I'm new in omada, how it is possibile such a base firewall option is not here in entrprise level hw?
Absurde even more is a lot of months passed and this not addressed! Would you really bring us to point to other firewall solution?
But also in standalone mode this is not possible?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 20
Views: 2232
Replies: 19