davicarr wrote:
Mr. Putnam,
Sorry your having issues with the gui of the rvs4000.  To answer your questions, when the firewall is enabled it has a default rule to block all traffic originating from the Wan to the Lan and allow all traffic from the Lan going out the Wan.
[...] snipped more helpful info

Thank you for responding...  Oh, and the link for the singature stuff is really a god send.  I had no luck finding that... and I see many other people have had similar trouble.  One thing I found at that site is the RVS4000 is past its end of life and was well before I even bought it.  Too bad 3rd party sales still sell it with no mention of that nice fact. (I bought it at newegg).

Also I noticed the updated signature file is released Oct 5, 2009... About 1 1/2 yr old.  I guess there is no chance, especially since the darned thing is past end of life, for that signature database to be updated eh?

About the firewall rules:

That default setup sounds quite sensible.  So you are saying when a local machine connects to an internet address, then that address is allowed to repond back but otherwise not...

I hoped it was something like that, but was not at all clear from reading the help for that module.

I guess I'd like to know next then, how I might get to see what is being rejected.  The logging system seems not to reflect any of that kind of information.

And even does not contain any of the information from IPS module... which appears to have no logging function of its own, other than allowing manual view of its logs.  Viewing those I see some nasty stuff is reported there

I'm sorry to inundate you with more questions but I'm very eager to learn to use this thing, at least as well I did my previous router.

Maybe this one just lacks some of that functionality but I'm more inclined to think its more likely that I'm just not able to understand how to do it.

The kind of thing I mean would be making the router keep track of failed connections and allow some means of having that information sent by email.

Then some kind of filtering mechanism to cut the masses of info down to that witch you want to see.

Can those FW rules be made to do that... and can you point me to some examples of rules and what they do?

My setup is only a lonesome  homeboy operation with a local lan of 7-8 machines, but I'm very interested in studying the kind of stuff coming at my outward facing address (dhcp serverd from comcast (cable) servers).

I'm thinking the rules that user can setup him/her self, may be the way to get more detailed logs.

Can you coach me a bit on that or at least clear up how one might do that, or if it just not possible with this router.

Maybe the only way is the DMZ setup where a lan machine gets pulled into the fray and I'd then have full control over what I logged on it.  Assuming somekind of linux/solaris DMZ machine that could be made to sort thru all the guff.

One final thing here: Given what I've described as wanting to do with this router, can you advise me of a newer, not yet end-of-life router for people in my situation, something with current database info on internet threats, and more flexible or understandable rules interface?

And maybe some advice on how a shopper would be able to quickly get some idea of when a given piece of equipment was first released?

Is that information commonly available some where, or in the specs somewhere?

Ok, before I've totally worn out any good will you may have had, I'll quit.

Thanks again.

Mr Putnam,

Try this, go to the Cisco.com website, and in the search box in the top right type rvs4000.

Then on the next screen you will receive about 225 results for the rvs4000.  Scroll down on the left hand side to the filters and click download software.

This will bring you to 25 results for download.  Scroll down to the 4th option it is the 1.42 signature update for the rvs4000.

As far as the logs go, the logs on this device is pretty simplistic and not very detailed.  You might have to get a third party software of some sort to capture all the traffic that is not being allowed into the wan.  I know the logs does show some information but not very detailed.

A device that you would probably like would be any of our sa500 series routers.  These devices are very robust security appliances and offer vlans, gig speeds on the lan, and the firewall rules are much like that of an enterprise router.

Sorry about you purchasing a device that is end of life and end of sale.

However cisco does have a Cisco Rebate Program and the following link will show you how to get money for your rvs4000 and trade up to another unit.

http://www.ciscorebateprogram.com/

davicarr wrote:
Mr Putnam,

Try this, go to the Cisco.com website, and in the search box in the top right type rvs4000.

[...]

Sorry about you purchasing a device that is end of life and end of sale. 

However cisco does have a Cisco Rebate Program and the following link will show you how to get money for your rvs4000 and trade up to another unit.
http://www.ciscorebateprogram.com/

I'm so sorry to have replied so unclearly.   When I said "Oh, and the link for the singature stuff is really a god send.  I had no luck finding that..."

I meant "no luck finding that BEFORE you posted the link.  So I was saying your link was a god send because I had previously had no luck finding it.

I see from your response that you spent time to find the exact directions.. so sorry I made you waste your time, but thanks for the details anyway.

About the end-of-life thing... yeah that's a bit of a kick in the pants.

Many thanks for the link to the trade-in page.  But I see that even if they refunded 100 percent of my purchase, the sa500 is a bit too pricey for me.

I asked about the signatures files being updated anytime in the future.... Do you know if there is any likelyhood of that, or is the product offically dead in that regard too?

Not sure of if they will maintain the signature updates.  Thats up to the design team