Solution Omada Gateway Cannot Get Full Stealth On The GRC ShieldsUp Test. [Case Closed]
Update as of Jan 30th 2023
TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
As the official firmware has been released to fix the issue, this thread will be locked to stop updating.
Any further issues or concerns, please feel free to Start a New Thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
Updated on July 29, 2022:
Add the Beta firmware for ER605 V2.
ER605_v2_2.0.2_Build 20220727 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
This Article Applies to:
ER605(UN)_V1_1.1.1_Build 20210723 and earlier firmware
ER7206(UN)_V1_1.1.1_Build 20210723 and earlier firmware
Issue Description/Phenomenon:
From time to time, we received feedback that Omada Gateway cannot pass GRC Shields UP test, when using the ShieldsUp Website (grc dot com) to scan the ports, some ports are showing "Closed" instead of "Stealth" as expected.
Available Solutions:
The R&D team has made a Beta firmware to optimize the issue above. After upgrading to the Beta firmware, Omada Gateway will discard and not reply to inbound TCP SYN attempts to the WAN port, which should comply with Shield!up requirements.
Welcome to download the Beta firmware below, and verify it does resolve your concern effectively.
ER605(UN)_v1_1.1.1_Build 20220117 (Beta)
ER7206(UN)_v1_1.1.1_Build 20220117 (Beta)
Note: Please be sure you have read the Beta Test Agreement before proceeding!
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
Feedback:
If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valued feedback!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Why is everyone not doing external port scanning? The easiest solution for this is to use GRC Shields Up. For those a little more enterprising use some external network and usually the easiest for most is a WiFi hotspot on your phone connected to a laptop and then run a simple nmap.
It is very sad that such a great product is still struggling with such a simple concept that for a router should not once ever have been an issue. Thanks but I'll stick with my UniFi, Ubiquiti and Microtik solutions.
- Copy Link
- Report Inappropriate Content
Update as of Jan 30th 2023
TP-Link has released official firmware to fix the Full Stealth issue mentioned in this thread.
For ER605 v1/v1.6, ER7206 v1/v1.6, please upgrade to official firmware 1.2.1 or above.
For ER605 v2/v2.6, please upgrade to official firmware 2.1.1 or above.
Attention
Please make sure the "Block TCP Scan with RST" is disabled (you can find it at Firewall > Attack Defense) to get full stealth results.
As the official firmware has been released to fix the issue, this thread will be locked to stop updating.
Any further issues or concerns, please feel free to Start a New Thread from HERE.
To get better assistance, you may check Tips For Efficiently Reporting an Issue In The Community.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 14491
Replies: 44