cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
163
Views
0
Helpful
3
Replies

Potential dual WAN issue

Brian Bergin
Level 4
Level 4

Accessing https://www.onplusbeta.com/ from behind a router like an RV082 that is set to load balance, unless I bind the IP for the site to a single WAN port, when I click to move around it often kicks me back out to the login page. Once I bind the IP it works great, but there are going to be times when I'm at locations, say public wi-fi or hotel or airport etc..., where I wouldn't be able to bind IPs to a specific port.  Has anyone else seen this?

3 Replies 3

Michael Holloway
Cisco Employee
Cisco Employee

Hi Brian,

This issue is caused by the portal locking the session to the source address of the browser as you log in. This is both a security measure to prevent sessions from being hijacked by remote systems, as well as a requirement for some of the technology that enables the realtime updates in the customer dashboard, and for tunnel connections.

We're aware of this problem faced when accessing the portal via round-robin load-balancing WAN pipes with different WAN IP addresses. We've discussed the possiblities of removing or making optional this restriction, but we haven't yet been able to address all of the security implications that this could cause for the application.

-mike

I’m honestly surprised I didn’t see this earlier as we have RV082 v2 & v3s, RV042 v2 and v3’s, an SA520, and 520W that have all been in use at one point or another from the first days of Thunderbolt and we have multiple ISPs, though when using the SA we use it in failover because round robin is horrible when you have 30Mb/sec cable and 3Mb/sec DSL.

Anyway, when the RV082's came out we started deploying them probably out of the first production runs (we have hundreds of them out there) banks, online trading companies, and even check out systems had a horrible time with them, but I’ve not seen problems with online banking or any other HTTPS sites in many years which tells me they obviously addressed the issues on their end. If banks can handle the RV082, OnPlus most certainly must. What would other HTTPS sites be doing that secures their sessions that would make OnPlus less secure if you were to implement their methods?

Since Cisco has at least 6 production dual WAN routers and 3 additional older ones supported by OnPlus (RV0xx v2’s), not to mention any coming down the pipe, I can see customers wondering why OnPlus doesn’t properly handle technologies clearly consider important by Cisco for small businesses. IMHO, this should be front burner on the list of things to fix.

Hi Brian, we will bring this scenario up with the team look at how we handle Dual WAN scenarios and what might need to be modified. We might come back with some suggestions to reivew.

-Marc

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: