Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

RV082 Access Rules

Good Day To All,

     We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...

First Question is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.

Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...

This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.

FORWARD:

PORT 25 to 192.168.0.221 is ENABLED

ACCESS RULES: (in this order)

ACTION: ALLOW

SERVICE: SMTP:25

SOURCE INTERFACE: WAN2

SOURCE: ANY

DESTINATION: 192.168.0.221

TIME: ALWAYS

ACTION: ALLOW

SERVICE: SMTP:25

SOURCE INTERFACE: LAN

SOURCE: 192.168.0.221

DESTINATION: ANY

TIME: ALWAYS

ACTION: DENY

SERVICE: SMTP:25

SOURCE INTERFACE: ANY

SOURCE: ANY

DESTINATION: ANY

TIME: ALWAYS

Now Second Question is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.

FORWARD:

NOTHING SET

ACTION: ALLOW

SERVICE: SSH:22

SOURCE INTERFACE: ANY

SOURCE: ANY

DESTINATION: 192.168.0.221

TIME: ALWAYS

Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...

CONFUSED!

HELP!

PLEASE!

The Screen shot was my last attempt at making SSH work...

Everyone's tags (5)
1 REPLY
New Member

Re: RV082 Access Rules

Esentially what I am trying to accomplish is to NOT have the port forward set. But in every case so far it seems as if the access rules DO NOT WORK at all.

Even if I set SSH:22 to port forward and set a firewall rule to DENY ANY ANY ANY to ANY I can still SSH to the box

1315
Views
0
Helpful
1
Replies
CreatePlease to create content