Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
2
Replies

RVS4000 HTTP Blocking

Go to solution
-R4mzyZA-
Level 1
Level 1

‎11-03-2010 02:24 AM - edited ‎03-11-2019 12:03 PM

Hi,

I'm having some trouble getting a Cisco RVS4000 router working like I'd want...

Basically, I want to configure it to block HTTP access. I've set the access control rules using the web interface and configured the web interface to use HTTPS. However, when I test it, HTTP traffic is still being allowed.

At the moment I'm just testing, but I need to implement this for a company so I'd really like to get it right.

My test setup is pretty much two PCs; both connected to the router's LAN ports. One machine is a web server, which I connect to from the other machine for testing. I could configure the web server to require HTTPS, but I specifically want to use the router to perform this filtering.

One thing I suspect is that because both PCs connect to the router via LAN, it's treating the connections like a switch would and therefore bypassing the router's firewall configuration. Also, when using the tracert command to trace the route from one machine to the other, the router doesn't show up as a hop which enforces my suspicion that the router config is being bypassed.

Can anyone say whether there is any truth to this?

I've also heard that UPnP could messing me around, but I've disabled it and there's been no change.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mirober2
Cisco Employee
Cisco Employee

‎11-08-2010 07:39 AM

Hi James,

As you suspected, since the 2 PCs are on the same LAN, the client will send the web request directly to the web server and the router will not firewall the traffic. The firewall policies you can specify are only for inbound (i.e. WAN -> LAN) connections or outbound (i.e. LAN -> WAN) connections.

If you move the web server to be outside of the router, do your policies work? This would be a more accurate test of your configuration.

Hope that helps.

-Mike

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mirober2
Cisco Employee
Cisco Employee

‎11-08-2010 07:39 AM

Hi James,

As you suspected, since the 2 PCs are on the same LAN, the client will send the web request directly to the web server and the router will not firewall the traffic. The firewall policies you can specify are only for inbound (i.e. WAN -> LAN) connections or outbound (i.e. LAN -> WAN) connections.

If you move the web server to be outside of the router, do your policies work? This would be a more accurate test of your configuration.

Hope that helps.

-Mike

0 Helpful

Go to solution
-R4mzyZA-
Level 1
Level 1
In response to mirober2

‎11-08-2010 08:29 PM

Hi Mike,

Thanks for the reply.

However, since posting, I contacted Cisco tech support and they helped me through all the settings

and I now have everything working as I need. I have now moved the web server outside of the router

and all the policies are working fine.

But it's nice to have confirmation that the traffic isn't being firewalled through the LAN .

Thanks again,

James

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card