2
Votes

Omada router Nat disable needed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
2
Votes

Omada router Nat disable needed

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada router Nat disable needed
Omada router Nat disable needed
2022-07-17 01:43:46 - last edited 2022-07-18 05:45:25
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: V2.6

I just bough a whole stack of Omada enabled network equipment with the idea of testing and then rolling out to customers.

 

Everything went fine except the fact that many of these customers have Security gateways on the edge of their networks and the ER605 does not seem to allow disabling of nat so we can see source IP addresses on the network so we can apply rules and options. The Omada platform and devices are good but this one part is an extremely important option that is needed.

 

Some of my customers have Roqos SD-Wan Gateways, Sophos XG Firewalls, PF Sense Firewalls just to name a few. No one will remove their UTMs to expose their network. A solution needs to be found for this. I am 100% sure if this can be done, many users will adopt this platform. These UTMs definitely needs to see the source IPs and with nat, the UTM only sees the ER605, nothing else.

 

This function is a game changer in terms of someone purchasing Omada or as someone mentioned before Ubiquiti USG.

 

Please, Please address this urgently. This is a critical function especially for business users

 

I would like to role out Omada to my customers but I cannot until this issue is resolve.

#1
Options
3 Reply
Re:Omada router Nat disable needed
2022-07-17 13:51:16 - last edited 2022-07-18 05:45:25

I take it the customers are on the other side of the internet? If so could you create a vpn connection between devices?? If they are in the same network you could you possible create a static route?? One more idea what are they trying to access behind the ER605 could you just open a port to allow network access from the outside?

 

My setup is cable modem>>IPFIRE firewall (---.---.10.2)>>static route to ER605 (---.---.10.1)>>internal network (NAT from 10.1 to 192.168.0.1> 255)...I have a vpn connection to my Firewall then I have ports opened on my ER605 to access my NAS inside my network.  Hope this helps. 

#2
Options
Re:Omada router Nat disable needed
2022-07-18 05:46:36

Hi  @Coopertool 

 

To gather feedback from others, I have transferred this thread to the block of "Requests & Suggestions" so that it could be seen by more people.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
#3
Options
Re:Omada router Nat disable needed
2022-07-19 01:52:10 - last edited 2022-07-19 01:52:36

  @KLX 

 

Example here is ISP Modem>>>Sophos XG Firewall>>>R605>>>Vlans created in R605

With nat functioning on the ER605, the XG only sees the R605 wan address.

The only way the XG can do the job it was intended to do is if we can see all the individual source addresses from the R605. Currently, the nat on there will block it. I am sre TP-Link understands this as some of their routers have the ability to disable nat. However, the function not available in any of the Omada routers.

See this thread as well. Request for the same thing. https://community.tp-link.com/en/business/forum/topic/257626

#4
Options