Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
2022-01-19 08:50:15 - last edited 2023-08-04 07:00:59

Update as of Jan 30th 2023

 

TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.

 

For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.

For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.

 

Attention

Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.

 

As the official firmware has been released to fix the issue, this thread will be locked to stop updating.

Any further issues or concerns, please feel free to Start a New Thread from HERE.

To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.

 

 Updated on July 29, 2022:  

 

Add the Beta firmware for ER605 V2.

 

ER605_v2_2.0.2_Build 20220727 (Beta)

Note: Please be sure you have read the Beta Test Agreement before proceeding!

 

 

This Article Applies to:

 

ER605(UN)_V1_1.1.1_Build 20210723 and earlier firmware

ER7206(UN)_V1_1.1.1_Build 20210723 and earlier firmware

 

Issue Description/Phenomenon:

 

From time to time, we received feedback that Omada Gateway cannot pass GRC Shields UP test, when using the ShieldsUp Website (grc dot com) to scan the ports, some ports are showing "Closed" instead of "Stealth" as expected.

 

Available Solutions:

 

The R&D team has made a Beta firmware to optimize the issue above. After upgrading to the Beta firmware, Omada Gateway will discard and not reply to inbound TCP SYN attempts to the WAN port, which should comply with Shield!up requirements.

 

Welcome to download the Beta firmware below, and verify it does resolve your concern effectively.

 

ER605(UN)_v1_1.1.1_Build 20220117 (Beta)

ER7206(UN)_v1_1.1.1_Build 20220117 (Beta)

Note: Please be sure you have read the Beta Test Agreement before proceeding!

 

For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.

For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.

 

Attention

Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.

 

 

Feedback:
 

If this was helpful, welcome to give us Kudos by clicking the upward triangle below.

If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valued feedback!

 

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  4      
  4      
#1
Options
1 Accepted Solution
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]-Solution
2023-01-30 10:57:53 - last edited 2023-08-04 07:00:53

Update as of Jan 30th 2023

 

TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.

 

For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.

For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.

 

Attention

Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.

 

 

As the official firmware has been released to fix the issue, this thread will be locked to stop updating.

Any further issues or concerns, please feel free to Start a New Thread from HERE.

To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#46
Options
43 Reply
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-01-19 13:09:35 - last edited 2022-01-19 13:10:32

@Fae 

 

Works perfectly on R605:

 

Before Beta firmware:

 

 

After:

 

  0  
  0  
#2
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-01-19 13:21:53

@Fae Works perfect on an ER7206 too!

  0  
  0  
#3
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-01-20 00:26:47 - last edited 2022-01-20 00:36:33

Works great.

 

For anyone flashing if it doesnt seem to work, go to firewall > attack defense and make sure "Block TCP Scan (Stealth FIN/Xmas/Null)" is enabled and "Block TCP Scan with RST" is disabled to achieve the desired results

 

EDIT:  The slow web interface bug (standalone mode) is back compared to the last couple of beta's  sad

  0  
  0  
#4
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-01-22 15:15:33

@Fae Appears to work as designed...!

 

Thank You!

  0  
  0  
#5
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-01-27 11:23:09 - last edited 2022-01-27 11:23:56

@GRL 

 

Yeah...I had to revert back to 1.1.1 Build 20211012 Rel.53432.

I can't deal with that sluggish web interface that often won't load.

  0  
  0  
#6
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-02-08 12:37:42

@Fae 

 

Does this work if using Omada Controller?

  0  
  0  
#7
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-02-08 12:52:11 - last edited 2022-02-08 12:52:42

@Dr3am3r 

 

Hi, yes, I have a setup with OC200 controller, and this works.

  3  
  3  
#8
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-02-08 15:24:23

@Tha_host 

 

Thanks for your reply. I installed the firmware and all ports show stealth now.

  2  
  2  
#9
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-02-11 16:28:14

@Fae Is this change included in the version 1.2 that was posted?

  0  
  0  
#10
Options
Re:Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test.
2022-02-14 00:45:32

Dear @mackworth,

 

mackworth wrote

@Fae Is this change included in the version 1.2 that was posted?

 

I'm afraid not. But it will be included in the next firmware update.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#11
Options