09-16-2011 03:46 AM
Hi, RVS4000 has default firewall rule from ANY WAN -> to ANY LAN with status Allowed. Should that be denied by default, like in RV042 or RVL200?
10-03-2011 02:49 PM
Could somebody from Cisco Support comment this issue? Is that just "typing error" in router GUI or security issue? Thanks.
10-03-2011 03:33 PM
Yes by default it blocks everything from outside to inside interface, make sure you are running the latest firmware as this could be pervious coding issue.
Hope this helps,
Jasbryan
10-03-2011 03:59 PM
Hi jasbryan,
this issue appears in all firmware versions including the latest one:
03-02-2012 05:45 AM
I just installed and configured a new RVS4000, and I'm concerned that this issue is more than a "GUI" thing. Using only the two "default" rules, (LAN:ANY:ANY and WAN:ANY:ANY), all ports seem to be fully open to the WAN. In my testing, only if I add a DENY rule for a given port is that port actually blocked. Any chance someone from Cisco could comment on this issue, because it seems to be quite critical for users of the RVS4000? Firmware has been updated to the what I believe is the latest (V2.0.2.7).
03-02-2012 06:41 AM
Jeff,
Please give the Cisco Small Business Support Center a call with your concerns and we will take a look at your configuration and test results. US & Canada 1-866-606-1866
Thanks,
Jasbryan
03-02-2012 11:41 AM
Jasbryan,
Thank you for suggesting the call to business support.
The support staff member was able to fully clarify (and thus resolve) the issue. Further, she will initiate the steps necessary to get the GUI updated in a future firmware release, so that the default rule will properly reflect DENY for all WAN to LAN connections.
And so that others might be made aware (or learn, as did I) about the operation of the RV4000 firewall, here is a brief description of the resolution. Being used to One-To-One NAT devices, I believed that in addition to a Port Forwarding rule, I also needed to create a corresponding ACL firewall rule. However the support agent revealed that a Port Forwarding entry (automatically) opened the appropriate port(s) in the firewall, so that creation of an explicit rule was not necessary. My testing that revealed open ports without the presence of an ACL had only been done on ports associated with my Port Forwarding rules, so my testing was basically flawed. Now I know!
03-05-2012 08:01 AM
Fantastic!
*** Knowledge is power***
Jasbryan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide