How to block incoming internet address or range

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to block incoming internet address or range

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to block incoming internet address or range
How to block incoming internet address or range
2021-11-26 23:43:39 - last edited 2021-11-26 23:44:44
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: latest

Hi, I need some help with the following.

 

In the Omada log (OC200) I find 2 IP4 addresses trying to access the VPN connection.

 

The log says:
'SafeStream Router: Account xx.xx.xx.xx failed to log in because the username or password is wrong'
It happens about 10 times a day.

Is there a way to block these addresses or block a range (xx.xx.xx.0/24)?

I hope there is a way to stop these strange hackers.

 

Best regards,

Alex

 

OMADA equipment: TL-R605 v1 | OC200 v1 | TL-SG2428P v1 | 3x EAP245(EU) v3 Other: MC220L | TL-SG105E V3
  1      
  1      
#1
Options
3 Reply
Re:How to block incoming internet address or range
2021-11-29 06:17:57

@Intrax 

1. Assume that you are using the static IP for WAN. Changing IP will resolve this issue.

2. ACL can block external access. Yet, this record will still show up in the system log. The log still records this since it is the log. ACL will stop the connection if the anonymous even the person gets the correct password. 

Refer to the UG, key word ACL. Omada Controlelr UG

  0  
  0  
#2
Options
Re:How to block incoming internet address or range
2021-11-29 15:03:17

@John1234 

Hi John, thank you for reply :)

 

Indeed I have a static IP address so I can't change that.

As for ACL, I've looked into the manual but it seems it's only for LAN to WAN traffic, not the other way.

 

The user manual says:

Gateway ACL.

After Gateway ACLs are configured on the controller, they can be applied to the gateway to control

traffic which is sourced from LAN ports and forwarded to the WAN ports.

 

it seems that there are no possibilities to manage the traffic from WAN to LAN.

 

For now, I disabled the PPTP VPN account and the attacks are gone. The log is as clear as it has to be.

 

Hope the developers will create an ACL option for managing WAN to LAN traffic security.

 

Best regards,

Alex

OMADA equipment: TL-R605 v1 | OC200 v1 | TL-SG2428P v1 | 3x EAP245(EU) v3 Other: MC220L | TL-SG105E V3
  0  
  0  
#3
Options
Re:How to block incoming internet address or range
2021-11-30 06:07:36

@Intrax 

Why I brought up the ACL applies to the WAN 'cause I came across this FAQ on their site: https://www.tp-link.com/us/support/faq/2026/

Assume this applies to the Omada, too. 

You can test this out by creating an ACL rule and blocking one of your devices from accessing the VPN? You can delete it after the test. 

  0  
  0  
#4
Options