Solved

LAN to WAN network traffic being blocked

Posted on 2013-10-25
7
594 Views
Last Modified: 2013-11-10
I have a small business network with about 50 internal devices during the working day, IPhones, Androids, computers, servers, etc.  Since the middle of last year I started getting a message from my gateway router that the CPU was over 90% with nothing else significant in the logs.  So two days ago I decide to change the gateway appliance to a CISCO model RV016 a pretty simple device that should easily handle the traffic I have. Users noticed that IPhones email refresh was taking longer than before, so I put the router in a higher state of logging all errors and sending me an email when it gets to 50 items. Some recent logs are attached, most of the inside originating ip's are from phones and droids but some are from my own computer (192.168.0.29). Can anyone tell me what kind of traffic this is and what I might be able to do to stop these errors. Note the firewall is enabled but according to Cisco there is no LAN to WAN filter enabled???
Help, Thanks, Vincent
GateWayAS-Security-Notification1.txt
GateWayAS-Security-Notification2.txt
GateWayAS-Security-Notification3.txt
GateWayAS-Security-Notification4.txt
0
Comment
Question by:vpciii
7 Comments
 
LVL 3

Assisted Solution

by:ITEdge
ITEdge earned 50 total points
ID: 39601952
It is almost exclusively HTTP and HTTPS traffic.  Since you're specifically referencing mail, are the devices trying to contact and Exchange server?

Is there any sort of content filter or stateful packet inspection going on?
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 39601984
The logs shows connection to the usual sites, such as Yahoo, Amazon, Facebook etc. and some cloud based hosts like akamai. There's definitely some filtering going on, as the log files states it's a Policy violation.
0
 

Author Comment

by:vpciii
ID: 39602046
ITEdge,
NO exchange server on site, all company email is google business, personal devices are allowed to use WiFi and not sure what most of them are doing. I am not even sure if this is slowing down the appliance.
the device firmware has a Stateful Packet Inspection switch and it is in the disabled position.
Kimputer,
I agree, how is it that there is no outgoing filtering if the logs is showing policy violation for outgoing packets.

All, I have attached a manual for the gateway and have noticed the protection link that is a third party dynamic content filtering but this is also disabled on the device and has been discontinued by Cisco, Yet even the latest firmware has the option to enable this function.

 Thanks for your continued help on this,
Vincent
rv0xx-AG-78-19576.pdf
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 35

Accepted Solution

by:
Kimputer earned 400 total points
ID: 39602057
Seems other people have disabled the firewall to remove these Policy Violations.

Step1:
http://www.linksysinfo.org/index.php?resources/enabling-telnetd-on-the-rv042-rv082-and-rv016.5/

Step 2:
follow guide
http://wildcat.espix.org/doc/bbox2/various/openrg_configuration_guide.pdf

You will find two firewall settings areas via telnet: /nk/fw and /fw.

Set the /fw/enabled option to 0 (disabled).

Leave the /nk/fw section activated but remove the default firewall rules (the ones which are greyed out in the webinterface; use the command  rg_conf_del nk/fw/rule/[0,1,2,3,....] for the respective rule
0
 

Author Comment

by:vpciii
ID: 39602103
Cisco must have changed the telnet password in my version of the firmware.. 4.2.2.2...
Still trying
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 50 total points
ID: 39602202
Use the authentication data from the web login.
I.e. the password when you login via telnet will be the same as when you login via the web interface (default admin admin, but you probably changed it to admin somethingelse).

HTH,
Dan
0
 

Author Comment

by:vpciii
ID: 39602213
yes I changed it but the web password does not work, I did see on the Cisco forum that some routers its different especially the ones that used to be Linksys models
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now