Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

LAN to WAN network traffic being blocked

Posted on 2013-10-25
7
Medium Priority
?
605 Views
Last Modified: 2013-11-10
I have a small business network with about 50 internal devices during the working day, IPhones, Androids, computers, servers, etc.  Since the middle of last year I started getting a message from my gateway router that the CPU was over 90% with nothing else significant in the logs.  So two days ago I decide to change the gateway appliance to a CISCO model RV016 a pretty simple device that should easily handle the traffic I have. Users noticed that IPhones email refresh was taking longer than before, so I put the router in a higher state of logging all errors and sending me an email when it gets to 50 items. Some recent logs are attached, most of the inside originating ip's are from phones and droids but some are from my own computer (192.168.0.29). Can anyone tell me what kind of traffic this is and what I might be able to do to stop these errors. Note the firewall is enabled but according to Cisco there is no LAN to WAN filter enabled???
Help, Thanks, Vincent
GateWayAS-Security-Notification1.txt
GateWayAS-Security-Notification2.txt
GateWayAS-Security-Notification3.txt
GateWayAS-Security-Notification4.txt
0
Comment
Question by:Vincent Costanza
7 Comments
 
LVL 3

Assisted Solution

by:ITEdge
ITEdge earned 100 total points
ID: 39601952
It is almost exclusively HTTP and HTTPS traffic.  Since you're specifically referencing mail, are the devices trying to contact and Exchange server?

Is there any sort of content filter or stateful packet inspection going on?
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39601984
The logs shows connection to the usual sites, such as Yahoo, Amazon, Facebook etc. and some cloud based hosts like akamai. There's definitely some filtering going on, as the log files states it's a Policy violation.
0
 

Author Comment

by:Vincent Costanza
ID: 39602046
ITEdge,
NO exchange server on site, all company email is google business, personal devices are allowed to use WiFi and not sure what most of them are doing. I am not even sure if this is slowing down the appliance.
the device firmware has a Stateful Packet Inspection switch and it is in the disabled position.
Kimputer,
I agree, how is it that there is no outgoing filtering if the logs is showing policy violation for outgoing packets.

All, I have attached a manual for the gateway and have noticed the protection link that is a third party dynamic content filtering but this is also disabled on the device and has been discontinued by Cisco, Yet even the latest firmware has the option to enable this function.

 Thanks for your continued help on this,
Vincent
rv0xx-AG-78-19576.pdf
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 36

Accepted Solution

by:
Kimputer earned 800 total points
ID: 39602057
Seems other people have disabled the firewall to remove these Policy Violations.

Step1:
http://www.linksysinfo.org/index.php?resources/enabling-telnetd-on-the-rv042-rv082-and-rv016.5/

Step 2:
follow guide
http://wildcat.espix.org/doc/bbox2/various/openrg_configuration_guide.pdf

You will find two firewall settings areas via telnet: /nk/fw and /fw.

Set the /fw/enabled option to 0 (disabled).

Leave the /nk/fw section activated but remove the default firewall rules (the ones which are greyed out in the webinterface; use the command  rg_conf_del nk/fw/rule/[0,1,2,3,....] for the respective rule
0
 

Author Comment

by:Vincent Costanza
ID: 39602103
Cisco must have changed the telnet password in my version of the firmware.. 4.2.2.2...
Still trying
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 100 total points
ID: 39602202
Use the authentication data from the web login.
I.e. the password when you login via telnet will be the same as when you login via the web interface (default admin admin, but you probably changed it to admin somethingelse).

HTH,
Dan
0
 

Author Comment

by:Vincent Costanza
ID: 39602213
yes I changed it but the web password does not work, I did see on the Cisco forum that some routers its different especially the ones that used to be Linksys models
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question