08-23-2021 12:12 PM
On a Cisco RV345, under Status and Statistics -> TCP/IP Services -> Established Connections Status there is communication on all of our RV345 routers on the foreign port 443 with either 50.116.60.16 or 50.116.18.64. Apparently this is a cloud hosting company (Linode). Does anyone know what this is for?
I can only assume this is for Cisco updates. Doesn't seem to be a NTP or a DNS Server. Two routers seem to have a persistent connection.
Just curious,
AJ
Solved! Go to Solution.
08-24-2021 06:38 PM
In case you are not using PnP service on your RV34X routers, try with disabling the PnP service (under System-Mgmnt page i guess). Maybe this may solve your issue. Also subsequently, just once, do apply/permanent-save-to-startup and reboot (especially after disabling pnp), and check again..and observe for a few days. Dont reboot again.
If the "foreign port" is 443, that means that some service on the RV345 is the https client and is connected to the remote https-server 50.116...16..
Generally the only services that this router itself would connect as a client to a remote-service is for PnP, Automatic-Software-Updates, and/or connecting to Cisco-Smart-Licensing server, or the Antivirus-signature-update, web-filtering-database update...ONLY. I maybe missing some other service that iam not aware of at this time...
08-24-2021 12:25 AM
- Can you examine the full logs for this network traffic on the RV , what is the source-address ?
M.
08-24-2021 06:38 PM
In case you are not using PnP service on your RV34X routers, try with disabling the PnP service (under System-Mgmnt page i guess). Maybe this may solve your issue. Also subsequently, just once, do apply/permanent-save-to-startup and reboot (especially after disabling pnp), and check again..and observe for a few days. Dont reboot again.
If the "foreign port" is 443, that means that some service on the RV345 is the https client and is connected to the remote https-server 50.116...16..
Generally the only services that this router itself would connect as a client to a remote-service is for PnP, Automatic-Software-Updates, and/or connecting to Cisco-Smart-Licensing server, or the Antivirus-signature-update, web-filtering-database update...ONLY. I maybe missing some other service that iam not aware of at this time...
08-24-2021 11:32 PM
Thank you marce1000 and nagrajik1969 for your response.
I already have PnP disabled for all the routers. I pulled the full report (down to the level of debugging) from three of the routers and I couldn't find any communication to the previous public IPs. However, the reports are limited to a couple of hours before they rewrite. I tried triggering an update check to see if those IPs would appear (they didn't). The source IP is our public IP address, not an internal IP.
I believe you are correct that the routers are sometimes connecting to a Cisco service, such as the Cisco-Smart-Licensing server or Cisco Umbrella. Just curious if someone knew...
Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide