https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128673#M395302 <HTML><HEAD></HEAD><BODY><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/7/7/114772-screen2.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/1/7/7/114771-screen1.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/7/7/114773-screen3.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/4/7/7/114774-screen4.PNG" class="jive-image" /></P><P>Here you go.</P><P>Thanks again!</P></BODY></HTML> Thu, 22 Nov 2012 15:33:48 GMT Anthony Wood 2012-11-22T15:33:48Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128669#M395298 <P>I have a RV042 in one office and we are moving to a VOIP telephone system.</P><P></P><P>They requested a bunch of ports open, and I wanted to make sure that only thier IP addresses get into the local net.</P><P></P><P>I setup port forwarding to forward ports internally to their phone server, and then I setup firewall access rules only allowing their IP addresses into that phone server.</P><P></P><P>Now it seems as if all of the ports I forwarded are wide open!</P><P></P><P>What did I do wrong?</P><P></P><P>Any help is greatly appreciated!</P><P></P><P>Ant</P> Tue, 12 Mar 2019 00:26:28 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128669#M395298 Anthony Wood 2019-03-12T00:26:28Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128670#M395299 <HTML><HEAD></HEAD><BODY><P>Now it seems as if all of the ports I forwarded are wide open! </P><P>What do you mean, do you mean anyone can access it??</P><P></P><P>Can you share the configuration you used on that router</P></BODY></HTML> Thu, 22 Nov 2012 00:53:47 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128670#M395299 Julio Carvajal 2012-11-22T00:53:47Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128671#M395300 <HTML><HEAD></HEAD><BODY><P>I am unsure as to how to do that?</P><P></P><P>Do I need to telnet/ssh into the router?</P><P></P><P>Thanks</P><P>Anthony</P></BODY></HTML> Thu, 22 Nov 2012 01:39:28 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128671#M395300 Anthony Wood 2012-11-22T01:39:28Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128672#M395301 <HTML><HEAD></HEAD><BODY><P>Hello Anthony, </P><P></P><P>You can do print/screen if you like ( easier,faster)</P><P></P><P>Regards</P></BODY></HTML> Thu, 22 Nov 2012 04:30:35 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128672#M395301 Julio Carvajal 2012-11-22T04:30:35Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128673#M395302 <HTML><HEAD></HEAD><BODY><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/2/7/7/114772-screen2.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/1/7/7/114771-screen1.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/3/7/7/114773-screen3.PNG" class="jive-image" /><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/4/7/7/114774-screen4.PNG" class="jive-image" /></P><P>Here you go.</P><P>Thanks again!</P></BODY></HTML> Thu, 22 Nov 2012 15:33:48 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128673#M395302 Anthony Wood 2012-11-22T15:33:48Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128674#M395303 <HTML><HEAD></HEAD><BODY><P>Hello Anthony Wood,</P><P></P><P>It is difficult to check the configuration with the screenshots but I will try to help you,</P><P></P><P>What you need to do with the ACL on the WAN interface is to allow traffic to the WAN interface ip address on the right ports ( SIP.HTTPS,FTP,etc) and then just configure a deny IP any any so you can allow the traffic required and then deny the rest of them,</P><P></P><P>Also how did you test the router is open to the outside world?</P></BODY></HTML> Thu, 22 Nov 2012 17:00:52 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128674#M395303 Julio Carvajal 2012-11-22T17:00:52Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128675#M395305 <HTML><HEAD></HEAD><BODY><P>I used a port scanner and it came back that ftp, telnet and http were open.</P><P></P><P>I am not sure what you mean by this.</P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"> "What you need to do with the ACL on the WAN interface is to allow&nbsp; traffic to the WAN interface ip address on the right ports (&nbsp; SIP.HTTPS,FTP,etc) "</PRE><P></P><P>Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?</P><P></P><P>Also if you need clarification on somehting let me know.</P><P></P><P>Thanks</P><P>Anthony</P></BODY></HTML> Fri, 23 Nov 2012 01:29:45 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128675#M395305 Anthony Wood 2012-11-23T01:29:45Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128676#M395306 <HTML><HEAD></HEAD><BODY><P style="background-color: #ffffff; border-collapse: collapse; font-size: 12px; list-style: none; font-family: Arial, verdana, sans-serif;">Are you saying to create a rule for every outside VOIP address to access WAN IP address, for every protocol needed?</P><P>&nbsp;&nbsp;&nbsp;&nbsp; Exactly. that would be the most secure desing, now it will be the less scalable and easy to configure. So as this is a voice desing and there are going to be random ip addresses connecting permit just the right ports on the outside from any to the right TCP/UDP ports and then just a deny IP any/any on that outside interface.</P><P></P><P>Regards.</P><P></P><P>Remember to rate all of the helpful posts</P><P></P><P>*** How to rate a post, mark the stars on the bottom of each reply, 5 being a thanks for the good answer 1 being a bad answer********</P></BODY></HTML> Fri, 23 Nov 2012 05:27:50 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128676#M395306 Julio Carvajal 2012-11-23T05:27:50Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128677#M395307 <HTML><HEAD></HEAD><BODY><P>What is "desing"?</P><P></P><P>Do the port forward rules apply to traffic before the firewall rules?</P><P></P><P>Thanks!</P></BODY></HTML> Fri, 23 Nov 2012 15:44:30 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128677#M395307 Anthony Wood 2012-11-23T15:44:30Z https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128678#M395308 <HTML><HEAD></HEAD><BODY><P>I mean design</P><P></P><P>No, NAT goes afterwards.</P></BODY></HTML> Fri, 23 Nov 2012 17:36:26 GMT https://community.cisco.com/t5/network-security/port-forwarding-and-firewall-rules/m-p/2128678#M395308 Julio Carvajal 2012-11-23T17:36:26Z