Solved

RV042 firewall page settings for management access

Posted on 2013-02-06
16
1,387 Views
Last Modified: 2016-11-02
I have an RV042 which is being used as an interface to an ISP.

The WAN address (public) is obtained via PPPoE.

The LAN address (also public) is entered manually from an assigned block of public addresses.  This is the internet gateway for other publicly-addresses devices like firewalls, VPN devices, etc.

 
I have an RV042 to play with as will as one in production that I can access.

 
Because the accesses are both through public addresses, I want to use https to access the device.  I've generated a number of questions as I'm not sure the behavior is understandable to me and maybe the behavior isn't even  consistent.

 
- If the firewall is Disabled, the https setting is still available.  So, presumably https will work with the firewall enabled or disabled?  Is that right?

 
- I take it that the Remote Management setting and port number are associated with the WAN port.  For example, can one set Remote Management ON with port 443 and still access via the LAN on port 80?  on port 443?

 
- If Remote Mangement is OFF then I presume that one cannot access the device through the WAN.  Yet, that seems to not be the case.  I wonder if the public addresses on this device affect this?

 
Well, I guess we might forget about the Port number and just ponder the following - if anybody knows for sure:  Sort of a truth table:

 
 
Remote OFF

    http...........WAN access: NO              LAN access:  YES

    https..........WAN access: NO             LAN access:  YES

Remote ON

    http...........WAN access: YES           LAN access:  YES

    https..........WAN access: YES          LAN access:  YES

 
This is what it would seem to me to be but it doesn't seem to work that way.

Or, maybe I'm just missing something important here?
0
Comment
Question by:Fred Marshall
  • 8
  • 7
16 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
ID: 38862216
I have never tried with the Firewall set to OFF as that defeats the basic purpose. But I have Remote Managment turned OFF and I can access the internet just fine. You cannot log into my router from outside as Remote Management is OFF.  See below:

RV042G-Fiirewall-Setup
... Thinkpads_User
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38862219
I recall with my old RV042 (and some client RV082 machines) that if I wanted to change the settings below Firewall, I had to turn the Firewall OFF, make the changes, save the changes and then re-enable the Firewall.

Make sure you are not getting caught in that trap. .... Thinkpads_User
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 38862302
thinkpads_user:  
Thanks.
It's the opposite in some cases because SPI, DoS and Block WAN Req are are grayed out with the firewall disabled.
But, Remote Management and HTTPS are not.  So I wonder if those were the ones that worked the way you describe?  I'll try it.....
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 38862327
I did read that Remote Management *only* works if the firewall is enabled.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38863487
I may have it backwards above about the firewall. If the settings can be altered when ON then that is the way to do it. I recall changing the Firewall setting several years agao to change the other settings.

In any event, I keep the Firewall ON as shown and Remote Management OFF as shown and everything works.

.... Thinkpads_User
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 38864863
I'm a little leery of it (the firewall function in the RV042) as I've had Router mode situations where it stopped things from working (e.g. as an MPLS interface between our sites).  At least I think that's where it happens.  But in a gateway mode application I suppose it would be a good idea.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38865199
I reviewed some old notes. If the traffic is technical data between two sites connected via VPN, then the Firewall can be disabled. That is where we learned the Firewall had to be enabled to make the other changes. So you should be able to enable the Firewall, make your changes, save your changes (necessary step), and then turn off the firewall if not needed. Remote Management should work.

I have used the RV042/G with DSL and Cable but not MPLS. I have used Remote Management any number of times.

.... Thinkpads_User
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 38865818
What "other changes" were necessary that would "stick" once you turned off the Firewall function?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 90

Expert Comment

by:John Hurst
ID: 38865914
You need the firewall ON to make all the changes on that sceen (at least on the non-G model) and then save the changes and exit. Then go back in and turn OFF the firewall and all changes made prior and saved stick. That is the way it should work.

If no, see if there is a firmware upgrade and also consider doing a hard reset (this will lose settings, so document them).

... Thinkpads_User
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 38866359
The firmware is fully up-to-date.

It may be that this has become a moot point with this particular device application.  I turned on the firewall (with the settings below turned off) and it still broke a critical application.  While I would have said there are no "server" applications that have to be reached from the outside; but there *are* 3rd party VPN boxes that have to be reached from the outside.

The only reason for protection here is to keep people out of the controls of this one box.  Otherwise it's only an interface and other firewalls take care of what it feeds.

I'd like to understand the RV042 better but it has enough strangenesses that I'm not sure this isn't turning out to be one of them.  For example:
- in a chain of RV042's (e.g. for MPLS) the WAN ends have to point to the eventual internet gateway .. this is Router Mode.  This means that the "nearest" one has to have its WAN port pointing into the "main site" LAN.

I guess this raises the question:
What does the RV042 firewall function do .. all by itself?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38866394
I have a number of these at clients and I have had two of my own. I have not had any firewall issues.

What does the firewall do? The same as any firewall - it blocks unallowed traffic. Most firewalls allow in answers to requests sent out, but may block sites you have blocked. My own RV042G firewall is default and is not blocking much. I have Symantec Endpoint Protection on both my computers so I have not spent much time there.

Under Firewall, you should see both Access Rules and Content Filter. Mine are both default and the enable flag on the rules is greyed out so I cannot change it. I have not experimented because nothing is breaking, or being block that I don't want, and I am not seeing any successfull attacks.

... Thinkpads_User
0
 
LVL 25

Author Closing Comment

by:Fred Marshall
ID: 38866462
thanks thinkpads_user!
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 38866478
You are most welcome and I was very happy to help you. ... Thinkpads_User
0
 

Expert Comment

by:Ravi rathore
ID: 41869619
Hi John how are you ? i want to know that is their any configuration to me made in RV042 router i cant access my router from outside i am trying to access it through ip address of router but getting a error site cant be reached please describe the processes to access the router from out side network
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41869934
In the RV042 screenshot above, enable remote management and give the router a strong password.
0
 
LVL 25

Author Comment

by:Fred Marshall
ID: 41870454
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now