Solved

LAN to WAN network traffic being blocked

Posted on 2013-10-25
7
602 Views
Last Modified: 2013-11-10
I have a small business network with about 50 internal devices during the working day, IPhones, Androids, computers, servers, etc.  Since the middle of last year I started getting a message from my gateway router that the CPU was over 90% with nothing else significant in the logs.  So two days ago I decide to change the gateway appliance to a CISCO model RV016 a pretty simple device that should easily handle the traffic I have. Users noticed that IPhones email refresh was taking longer than before, so I put the router in a higher state of logging all errors and sending me an email when it gets to 50 items. Some recent logs are attached, most of the inside originating ip's are from phones and droids but some are from my own computer (192.168.0.29). Can anyone tell me what kind of traffic this is and what I might be able to do to stop these errors. Note the firewall is enabled but according to Cisco there is no LAN to WAN filter enabled???
Help, Thanks, Vincent
GateWayAS-Security-Notification1.txt
GateWayAS-Security-Notification2.txt
GateWayAS-Security-Notification3.txt
GateWayAS-Security-Notification4.txt
0
Comment
Question by:Vincent Costanza
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Assisted Solution

by:ITEdge
ITEdge earned 50 total points
ID: 39601952
It is almost exclusively HTTP and HTTPS traffic.  Since you're specifically referencing mail, are the devices trying to contact and Exchange server?

Is there any sort of content filter or stateful packet inspection going on?
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39601984
The logs shows connection to the usual sites, such as Yahoo, Amazon, Facebook etc. and some cloud based hosts like akamai. There's definitely some filtering going on, as the log files states it's a Policy violation.
0
 

Author Comment

by:Vincent Costanza
ID: 39602046
ITEdge,
NO exchange server on site, all company email is google business, personal devices are allowed to use WiFi and not sure what most of them are doing. I am not even sure if this is slowing down the appliance.
the device firmware has a Stateful Packet Inspection switch and it is in the disabled position.
Kimputer,
I agree, how is it that there is no outgoing filtering if the logs is showing policy violation for outgoing packets.

All, I have attached a manual for the gateway and have noticed the protection link that is a third party dynamic content filtering but this is also disabled on the device and has been discontinued by Cisco, Yet even the latest firmware has the option to enable this function.

 Thanks for your continued help on this,
Vincent
rv0xx-AG-78-19576.pdf
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 36

Accepted Solution

by:
Kimputer earned 400 total points
ID: 39602057
Seems other people have disabled the firewall to remove these Policy Violations.

Step1:
http://www.linksysinfo.org/index.php?resources/enabling-telnetd-on-the-rv042-rv082-and-rv016.5/

Step 2:
follow guide
http://wildcat.espix.org/doc/bbox2/various/openrg_configuration_guide.pdf

You will find two firewall settings areas via telnet: /nk/fw and /fw.

Set the /fw/enabled option to 0 (disabled).

Leave the /nk/fw section activated but remove the default firewall rules (the ones which are greyed out in the webinterface; use the command  rg_conf_del nk/fw/rule/[0,1,2,3,....] for the respective rule
0
 

Author Comment

by:Vincent Costanza
ID: 39602103
Cisco must have changed the telnet password in my version of the firmware.. 4.2.2.2...
Still trying
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 50 total points
ID: 39602202
Use the authentication data from the web login.
I.e. the password when you login via telnet will be the same as when you login via the web interface (default admin admin, but you probably changed it to admin somethingelse).

HTH,
Dan
0
 

Author Comment

by:Vincent Costanza
ID: 39602213
yes I changed it but the web password does not work, I did see on the Cisco forum that some routers its different especially the ones that used to be Linksys models
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question