Firstly thank you for posting the new firmware and fixing some of the annoying bugs in the last version, the update to newer OpenSSL versions was particularly appreciated :-).
There's a few bugs and feature requests I still have that I'd like to share with you, from discussion with Cisco before it sounds like some of these were planned so perhaps these just didn't make it into the final release?
Recently Discovered :
Bugs:
1. Typos and software age : "Resource Management" under "SSL VPN" when you select "Add" under the "Application Icon" drop-down offers "Microsoft Interment Explorer" (sic). Also Microsoft FrontPage has been discontinued for 10 years and since superseded by 2 products (Microsoft Visual Studio is now the best replacement). The Cisco copyright is also (c) 2013 which all in all in 2015 makes the product feel quite old despite the firmware being released a few days ago.
2. The proposed Cisco "Easy VPN" on the VPN screens is actually End-of-Life (EoL) http://www.cisco.com/c/en/us/products/collateral/security/vpn-client/end_of_life_c51-680819.html so I'm not sure what the suggested option is on Windows 8.1
3. Client-To-Gateway settings IKE-with-Certificate expects the client to have a static IP or a DNS record... for a mobile device I'm not sure if it's possible to specify an IP range and the in-built help doesn't suggest anything.. this may however be a lack of VPN knowledge on my part. Group VPN while allowing you to specify other means of authentication also forces pre-shared key (so you cannot use certificates) and has an option referring to Microsoft XP/2000 clients which implies it won't work on newer versions of Windows. Windows XP and 2000 are both End of Life.
4. On the System Statistics page WAN2 is showing as Enabled, despite it being disabled and the system summary stating so. Also nothing is plugged into it and it reports on System Statistics that there have been 4 transmitted packets, 4 total packets and 424 transmitted packet bytes. The interface has been completely disabled from boot-up.
Feature Requests:
1. OpenVPN support.
2. A guide / assistance in the built-in help on how to make this VPN Router work with Android V4 and above clients using the default stock VPN options. The options on Android are "PPTP" (which nobody touches any more for new deployments, Microsoft themselves even recommend you avoid using this), "L2TP/IPSec" (Pre-Shared Key and RSA variants), IPSec Xauth (Pre-Shared Key and RSA variants) and one that allows a mix "IPSec Hybrid RSA".
Carried Over From "RV320 v1.1.1.06 Bugs + Feature Requests":
Bugs:
1. Mirror Port feature allows the device plugged into the port to still interact with the network and mirrored traffic (which is not the behaviour of your small business switches) allowing it to respond to and interact with received traffic. At a minimum the documentation does not warn of this difference in behaviour.
4. Still impossible to set a Daylight Saving rule for the UK. http://en.wikipedia.org/wiki/British_Summer_Time
5. DHCP Status table periodically loses all entries. Particularly after anything that causes the router to reboot. The documentation should explain this is since the router was started and this list is lost when the router is restarted.
8. Help for "System Statistics" and "Processes" is very limited (and not helpful).
9. Clicking "Enabled" or "Disabled" against USB1 or USB2 does not contain a hyperlink to the "USB Failover Settings" tab of the selected interface under Setup->Network where the operation mode can be set to "Disabled" which all the other options do have.
10. Processes like "webBoot" appearing and using port 22088 in the Processes table and "HTTP Server with SSL support" on ports like 5443 and the documentation lists nothing about them.
Feature Request:
1. Ability to choose which port is mirrored (LAN2, LAN3, LAN4, WAN1, WAN2, VLAN1.. etc) and potentially the destination (i.e if we are not using WAN2 why not make it an option to be a mirror port destination?).
2. Tables to be sortable ASCending/DESCending by clicking on the column.
3. "Enable Mirror Port (Port 1)" rename to "Mirror All Traffic (To Port 1)" and/or update documentation to explain a device on Port 1 with this enabled should NOT attempt to reply to the traffic.
4. Web API or Proprietary Telnet API (or even just experimental SSH access) option so we can programmatically add items to the firewall rules table (fail2ban etc) so we can write scripts in Python etc to ban IP addresses on the Firewall.
5. The option to choose what gets syslog'd and what gets written to the non-volatile memory log (worried about device longevity with all the logging turned on). The WAP371 now has this feature.
6. Bandwidth Management cannot set an IP to have a particular priority. The priority only lists services (with no IP address control) and the Rate Control only lists particular rates (but for specific IPs).. would like to say something like 192.168.1.5 has "High" priority.
7. Some of the columns to be sensibly sorted by default instead of the order they were entered.. for example IP & MAC Binding should be sorted by IP address.
8. A wider range of Dynamic DNS providers supported (1 for Europe/America and 1 for China is not really enough!). Perhaps an API/standard for this too so we can make our own.
9. Ability to route all web traffic via a HTTP proxy (like Squid). Sometimes called a transparent web proxy.
10. Ability to ban an IP after they fail to correctly login x number of times to either the VPN/Web Interface/SSL VPN etc.. to prevent bruteforce attacks succeeding.
11. DNS Local Database - Would be nice if there was an option (i.e. could be disabled) for the DNS server to append the domain name to any queries without a "." so Windows users could enter in "NAS" for example in the DNS Local Database and it behave as expected.
Also as an aside, I've noticed on this site when you type in too many tags into the add discussion page it errors and then trashes the form (including whatever you wrote in this box), which is quite frustrating.
Thank you again for fixing a lot of the bugs in the last release. I look forward to seeing the next one which should make the product even better. If there's a better way to be more involved in testing/reviewing Cisco products please let me know as I would love to help out.
Regards,
Matthew
