Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11152
Views
0
Helpful
19
Replies

Port forwarding on RV320 bypasses firewall rules!

Rasmus Rask
Level 1
Level 1

‎12-06-2014 06:11 AM

After forwarding a port to an internal box and setting up a firewall rule, to only allow connections from a specific IP, I was shocked to see hundreds of login attempts from various unauthorized IP addresses.

It seems as soon as your forward a port, it completely bypasses the firewall rules! So it seems you cannot apply any restrictions for port forwarding what so ever.

Please tell me I'm wrong, as this would make the router absolutely unsuitable for, well... anything!

8 people had this problem
Labels:
0 Helpful
19 Replies 19

Matthew Konkol
Level 1
Level 1

‎07-14-2015 01:21 PM

I'm sure you have found your answer already (I hope) but to anyone else finding this thread;

The default rules at the bottom for the explicit deny on WAN1 WAN2 USB1 and USB2 do not seem to be working correctly. I believe they were working in earlier versions of the firmware. You will need to create a new rule to DENY all on whichever interface you are connected with.

NOTE: all new rules go to the top of the list so you you may want to create a dummy rule, say block SSH on USB2, then move it to the last spot in your list before creating the final rule. Since rules are applied immediately, if you are connected remotely to that network you may lock yourself out.

0 Helpful

qube00001
Level 1
Level 1

‎09-16-2016 05:59 AM

Hello

I also noticed some strange behavior on the firewall of the RV320

first (as reported earlier) for some reason, you have to create a specific deny rule for each&every ports you forward on NAT, default "deny all" (factory set) bottom rule have no effect, weird, but true.

upgrade firmware and you get more bugs, the more recent, the more bugs, currently running a fresh Release 1.3.1.12 

second issue, if you created a nat rule with non-symmetric ports forward (say 8082 to 8080) the firewall rule will not work, but will work OK if you forward symmetric 8080:8080

third issue VPN get random freezes, need to reboot on 3 branches locations every week or so

bottom line : this was a neat device on paper, we bought 8 of them, but bugs will make me stay away from those units, I have far less troubles with drayteks

0 Helpful

jonrodr2
Level 1
Level 1
In response to qube00001

‎09-21-2016 12:13 PM

Hello My name is Jonathan, and I am one of the Engineers here at Cisco SBSC.

I apologize for the inconvenience, i would like t o know some details, can you let me know if the router might have some access rules on top of the default rules that may be causing the issue with this. 

Now regarding the port forwarding, as you stated the port forwarding issue with the non-symmetric ports, let me know if that happens on all of the units or is just isolated to this one

I would like to know if any of the related issues here, were present on the previews firmware version, as you mentioned we may be facing a bug for the latest version so i would advised to contact us, in order to open a case and help you in a better way. thanks

https://supportforums.cisco.com/community/4626/small-business-service-and-support-country 

Regards.

0 Helpful

verhageyp
Level 1
Level 1
In response to jonrodr2

‎09-27-2016 02:42 PM

Hi Jonathan,

I have recently bought (a few days ago) many RV130's for diffrent locations and i can tell that there are serious problems with the latest 2 firmware versions for the RV130's

1.0.2.7: i have single port mappings and access rules enabled, when i click on re-order and want to move access rule 45 to place 34 and i click save then the rv130's webserver crashes a reconnect fom the webbrowser rdoes not work anymore. a reboot of the device is then required.

1.0.3.16: while the single port mappings are opening the firewall for every one from outside, this is not the case i want and to allow a single ip i have to specify first an allow access rule for a single ip address and then a block rule for the rest of the world. however this does not work and the traffic is blocking everyone even if there is a access allow rule above

request 1)
please fix the issues above, can you pass this reply to the firmware engineering department?

request 2)
in all firmware versions with the inside WAN/LAN allow access rule, i can specify only a single ip and not a range of ip adresses. it would be very handy to allow this function.
without this i have to make many single rules, one for every ip.

request 3)
a single port mapping does now allow by default a port to be open for every one.
better is to seperate those so that for every single port mapping an access rule is required and it's not opened by default to the world.


Gr, Sander.

0 Helpful

alex
Level 1
Level 1

‎10-19-2016 03:54 AM

This is a problem with the RV110W too.

I ran away from Vigor screaming as they had this problem, and a flakey GUI - now I find that it's just the same with Cisco!

I guess that the engineers were fed up with people not buying their expensive routers, so thought they'd do a cheap and useless one just to compete.

If there's an old version of the firmware that did a better job (before management told the engineers it wasn't rubbish enough!) then please post here with the version.

0 Helpful
Customers Also Viewed These Support Documents