Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1906
Views
0
Helpful
7
Replies

RVS4000 Default Firewall Rule

abudef000
Level 1
Level 1

‎09-16-2011 03:46 AM

Hi, RVS4000 has default firewall rule from ANY WAN -> to ANY LAN with status Allowed. Should that be denied by default, like in RV042 or RVL200?

Labels:
0 Helpful
7 Replies 7

abudef000
Level 1
Level 1

‎10-03-2011 02:49 PM

Could somebody from Cisco Support comment this issue? Is that just "typing error" in router GUI or security issue? Thanks.

0 Helpful

jasbryan
Level 6
Level 6
In response to abudef000

‎10-03-2011 03:33 PM

Yes by default it blocks everything from outside to inside interface, make sure you are running the latest firmware as this could be pervious coding issue.

Hope this helps,

Jasbryan

0 Helpful

abudef000
Level 1
Level 1
In response to jasbryan

‎10-03-2011 03:59 PM

Hi jasbryan,

this issue appears in all firmware versions including the latest one:

0 Helpful

grafiksol
Level 1
Level 1
In response to abudef000

‎03-02-2012 05:45 AM

I just installed and configured a new RVS4000, and I'm concerned that this issue is more than a "GUI" thing. Using only the two "default" rules, (LAN:ANY:ANY and WAN:ANY:ANY), all ports seem to be fully open to the WAN. In my testing, only if I add a DENY rule for a given port is that port actually blocked. Any chance someone from Cisco could comment on this issue, because it seems to be quite critical for users of the RVS4000? Firmware has been updated to the what I believe is the latest (V2.0.2.7).

0 Helpful

jasbryan
Level 6
Level 6
In response to grafiksol

‎03-02-2012 06:41 AM

Jeff,

Please give the Cisco Small Business Support Center a call with your concerns and we will take a look at your configuration and test results. US & Canada 1-866-606-1866

Support Numbers

Thanks,

   Jasbryan

0 Helpful

grafiksol
Level 1
Level 1
In response to jasbryan

‎03-02-2012 11:41 AM

Jasbryan,

Thank you for suggesting the call to business support.

The support staff member was able to fully clarify (and thus resolve) the issue. Further, she will initiate the steps necessary to get the GUI updated in a future firmware release, so that the default rule will properly reflect DENY for all WAN to LAN connections.

And so that others might be made aware (or learn, as did I) about the operation of the RV4000 firewall, here is a brief description of the resolution. Being used to One-To-One NAT devices, I believed that in addition to a Port Forwarding rule, I also needed to create a corresponding ACL firewall rule. However the support agent revealed that a Port Forwarding entry (automatically) opened the appropriate port(s) in the firewall, so that creation of an explicit rule was not necessary. My testing that revealed open ports without the presence of an ACL had only been done on ports associated with my Port Forwarding rules, so my testing was basically flawed. Now I know!

0 Helpful

jasbryan
Level 6
Level 6
In response to grafiksol

‎03-05-2012 08:01 AM

Fantastic!

*** Knowledge is power***

           Jasbryan

0 Helpful
Customers Also Viewed These Support Documents