ER605 out of the box configuration and stateful packet inspection

ER605 out of the box configuration and stateful packet inspection

ER605 out of the box configuration and stateful packet inspection
ER605 out of the box configuration and stateful packet inspection
2024-06-27 21:17:48 - last edited 2024-07-01 02:48:41
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.2.5 20240522

I have spent several hours reading documentation and searching the internet and I cannot find the information I am looking for. So:

1) I have a new er605 and am wondering what sort of firewall configuration it has right out of the box. In the past I had one router that came with a reasonable set of rules and another that was wide open and needed rules added. So, Is the er605 safe to put on the wan, or does it need rules added?

 

2) What is needed to set up/enable stateful packet inspection? I note that in the firewall there is the normal page with options to set the allow and deny rules based on connection state, protocol, and source and destination. Do these need to be added, or is there some defaults that take care of that sort of thing.

 

3) Does the router have some sort of advanced protection running that that the firewall access control rules are not needed.

I am using stand alone mode right now, but will switch to a controller setup tomorrow when the rest of my devices get delivered. I am researching what I need to put in the configuration once I get the controller and switch.

 

Thanks for any help. I am glad to look at documentation if I am aware of it. I read the manual for the 605 and did not find what I was looking for.

  0      
  0      
#1
Options
2 Accepted Solutions
Re:ER605 out of the box configuration and stateful packet inspection-Solution
2024-06-28 13:42:21 - last edited 2024-07-01 02:48:41

  @Ponzi 

 

out of the box everything is blocked from wan to lan, from lan to wan everything is open. so yes it is protected out of the box

 

Recommended Solution
  1  
  1  
#5
Options
Re:ER605 out of the box configuration and stateful packet inspection-Solution
2024-07-01 02:48:31 - last edited 2024-07-01 02:48:44

Hi  @Ponzi 

Ponzi wrote

Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.

 

I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in. 

Okay. This can't be done yet. We don't support this feature to monitor TCP and UDP yet. The NAT and firewall works by default settings and can stop most common abnormal connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options
6 Reply
Re:ER605 out of the box configuration and stateful packet inspection
2024-06-27 22:18:50 - last edited 2024-06-27 22:26:18

This sort of gives the abcs of the tcp handshake, but is vague on what, if anything, is needed to ensure that SPI is protecting the land from the wan.

https://community.tp-link.com/en/business/forum/topic/618780

  0  
  0  
#2
Options
Re:ER605 out of the box configuration and stateful packet inspection
2024-06-28 01:19:31

Hi @Ponzi 

Thanks for posting in our business forum.

Ponzi wrote

This sort of gives the abcs of the tcp handshake, but is vague on what, if anything, is needed to ensure that SPI is protecting the land from the wan.

https://community.tp-link.com/en/business/forum/topic/618780

This has nothing to do with the DPI.

This one has.

How to Set Up Deep Packet Inspection(DPI) on Omada Router

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#3
Options
Re:ER605 out of the box configuration and stateful packet inspection
2024-06-28 13:10:14

Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.

 

I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in. 

  0  
  0  
#4
Options
Re:ER605 out of the box configuration and stateful packet inspection-Solution
2024-06-28 13:42:21 - last edited 2024-07-01 02:48:41

  @Ponzi 

 

out of the box everything is blocked from wan to lan, from lan to wan everything is open. so yes it is protected out of the box

 

Recommended Solution
  1  
  1  
#5
Options
Re:ER605 out of the box configuration and stateful packet inspection-Solution
2024-07-01 02:48:31 - last edited 2024-07-01 02:48:44

Hi  @Ponzi 

Ponzi wrote

Thanks for the information aobut Deep Packet Inspection. From what I can gather, its an application layer type of examination. What I am looking for information on is stateful packet inspection which looks at the tcp connecton layer and udp back and forth.

 

I am also asking whether the router is wan ready right out of the box, or whether it is wide open as far as connection tracking or comes with those protections built in. 

Okay. This can't be done yet. We don't support this feature to monitor TCP and UDP yet. The NAT and firewall works by default settings and can stop most common abnormal connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  1  
  1  
#6
Options
Re:ER605 out of the box configuration and stateful packet inspection
2024-07-01 13:06:26
Thank you for the information.
  0  
  0  
#7
Options