Blocking access to Remote Management on Deco units via Firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Blocking access to Remote Management on Deco units via Firewall

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Blocking access to Remote Management on Deco units via Firewall
Blocking access to Remote Management on Deco units via Firewall
2024-03-14 16:36:57

I recently purchased the Deco AXE5300 WIFI 6e Mesh 3 pack.

 

As has been mentioned in other threads on this forum, by default setup and managing the units is done via a IOS or Android app from the TP-Link cloud.  Unfortunetly access to your local LAN Deco units cannot easily be disabled from the Internet via this app which is protected only by a simple login/password combination.

 

I am using the AXE5300 units in the AP Access Point mode.  I have a pfsense router that I use to provide firewall protection of my network.  In the pfsense router I set static mappings for the DHCP address assignment for the three AXE5300 MAC addresses of the units so that I know exactly what IP addresses they will be assigned on power up.  I used the IOS Deco app to setup the AXE5300 units initially.  But now I have setup filters in my firewall to drop ALL traffic from the AXE5300 IP addresses that tries to leave my local LAN.  Keep in mind this is just IP traffic originating from the AXE5300 units themselves.  Traffic from  device IP addresses on the WIFI network serviced by the AXE5300 units is allowed to pass.

 

This seems to be working fine.  The Deco management app on my phone is now unable to connect to the Deco units both locally and when connected to an outside network on the Internet.  (which is what I want).

 

My question is will the Deco AXE5300 units operating in AP mode eventially stop functioning or forget their configuration settings if they can no longer communicate with the TP Link cloud or remote management servers after the initial configuration has been completed?  I don't care about using the Deco units in router mode.

 

I recognize that my ability to manage the AXE5300 units is minimal on the local URL web address of the UI and non existant from the Deco IOS app when it cannot reach the units.  I just want them to keep working as is with out the remote management access enabled.

  0      
  0      
#1
Options
2 Reply
Re:Blocking access to Remote Management on Deco units via Firewall
2024-03-15 06:48:25 - last edited 2024-03-15 06:50:44

  @dumping 

Hi, welcome to the community.

I noticed you just purchased Deco XE75. Have you ever considered replacing it with the Archer EasyMesh system if you don't want remote management access via the Deco APP.

https://www.tp-link.com/en/easymesh/

Or Since Deco XE75 is in AP mode, the EAP Mesh system would be a better choice:

Frequently Asked Questions about EAP Mesh Network

 

Deco is designed for easy control and remote management. The impact of long-time management without establishing communication with the TP-Link cloud has not been tested and lacks supporting data. The basic settings, like WiFi, are also saved in hardware and they would still work without communicating with the TP-Link cloud.

Here is a list of the features that are still available in AP mode:

What’s the difference between Access Point mode and Router mode on the Deco?

Features

AP mode supported

need internet to maintain performance

Test Internet Speed

Yes

Yes(but Deco XE75 doesn't support this feature)

Network Optimization

Yes

no

Block List

Yes

no

Update Deco

Yes

Yes(But users could manually upload the firmware via web UI without internet.)

WPS

Yes

no

Monthly Report

No

/

Managers

Yes

no

Fast Roaming

Yes

no

Beamforming

Yes

no

LED Control

Yes

no

Operation Mode

Yes

no

Connection Alerts

No

/

Smart Actions

Yes

Yes

ECO mode

Yes

No

Antivirus

No

/

Parental Control

No

/

QoS

No

/

HomeShield

No

/

IPv4/IPv6/LAN IP/DHCP server/MAC Clone

No

/

IPTV/VLAN

No

/

Address Reservation

No

/

Port Forwarding

No

/

DDNS

No

/

SIP ALG

No

/

UPnP

No

/

VPN Server/Client

No

/

Static Routing

No

/

Device Isolation

No

/

IoT Network

Yes

no

Reboot Schedule

Yes

It depends.

Deco needs the internet to sync the correct time settings.

Notifications

Support Update Firmware, Monthly Report, Device Alerts, and Promotional Messages notification

Yes

 

Thank you very much and best regards,

 

  0  
  0  
#2
Options
Re:Blocking access to Remote Management on Deco units via Firewall
2024-03-19 16:48:57

  @dumping 

 

I decided I just could not live with the idea of a remote managment capability open to the internet that was not easy to disable.  I have returned the units and gotten a mesh system from a different vendor.

  3  
  3  
#3
Options