ER707-M2 - IPsec ports open to internet, firewall not restricting

ER707-M2 - IPsec ports open to internet, firewall not restricting

ER707-M2 - IPsec ports open to internet, firewall not restricting
ER707-M2 - IPsec ports open to internet, firewall not restricting
3 weeks ago - last edited 2 weeks ago
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.2.3

Hi All,

 

I've recently switched to an Omada router after previously using Opnsense. I've noticed that the behavior for IPsec VPNs is different from what I've experienced with other firewall vendors.

 

Typically, other firewall vendors restrict the source IP for IPsec firewall rules to the destination IP specified in the configuration. However, Omada doesn’t seem to enforce this restriction, leaving IPsec ports (500 and 4500) exposed to the entire internet.

 

I'm wondering if there’s a way to limit this exposure, possibly using Gateway ACLs, or if there might be plans for a firmware update to address this.

 

Thanks!

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER707-M2 - IPsec ports open to internet, firewall not restricting-Solution
3 weeks ago - last edited 2 weeks ago

Hi @rquigley 

Thanks for posting in our business forum.

Using the ACL to limit that.

Exposing that port to the Internet does not hurt a thing since they don't have the keys to make a proper connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options
1 Reply
Re:ER707-M2 - IPsec ports open to internet, firewall not restricting-Solution
3 weeks ago - last edited 2 weeks ago

Hi @rquigley 

Thanks for posting in our business forum.

Using the ACL to limit that.

Exposing that port to the Internet does not hurt a thing since they don't have the keys to make a proper connection.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  2  
  2  
#2
Options