I just bought and setup a RV110W. I noticed while scanning it from the WAN side that it always has port 443 open, even when remote management and VPN access are disabled. Why is this port still open, and how do I close it? Or is this a bug in the firmware? I am using firmware version 22.214.171.124, which is the most up-to-date for this unit. Having open ports allowing unsolicited contact from the WAN side, especially inadvertant ones, is a major security hole.
I should be able to lock this down with no open ports on the WAN side. Any idea why this unit is doing this? Should I return this device, or is this fixable?
Port 443 is used for other connections besides Remote management and VPN. HTTPS (port 443) also provides encrypted communication for sensitive data transactions such checking your account balance with your bank or purchasing an item online. The router doesn't necessarily control if ports are opened or closed on the WAN side. Some routers however do have the ability to determine how ports are viewed when scanned (i.e. opened, closed, stealth). In a typical network setup you will have:
When scanning ports, in most cases, those utilities are looking at the WAN interface of the modem not the router if a port is being shown as opened or closed the issue usually resides with the ISP.
Short answer is you do not want 443 closed because this would cut off all HTTPS communication on that port from the internet.
I've upgraded to 126.96.36.199. The Cisco support site search top link that points to what it claims is the latest the firmware, displayed 188.8.131.52 as the most up-to-date. You have to notice the left hand column has a higher version number listed. See here.
Once I did that firmware upgrade, the 443 port appearing open on the WAN side for unsolicited connections went away. The tool I used for probing was just Shields Up!. It's a pretty basic port scanner that probes for acceptance of unsolicited connections from external IP address 184.108.40.206 over a range of ports, typically ports 0-1055.
I don't buy the "blame it on the modem" explanation, if for no other reason than in this router replacement, the modem wasn't changed and the previous router always showed no ports open for unsolicited connections in the port ranges I probed except when port forwarding was activated. I've not turned on any port forwarding (nor remote WAN-side admin access nor VPN access) on this RV110W for these tests.
Anyway, for whatever reason, the issue seems to have gone away with this firmware version.
BTW, the one complaint I have with the RV110W design (or any of its Cisco cousins) is the lack of SMA connectors for the antennas, so one is stuck using the antennas on the unit. My old router had vastly better coverage because I was able to replace it's antennas with external antennas which I could use to tailor the shape of the coverage area to the local. (e.g. D-Link ANT24-0700 omnidirectional antenna, Hawking HAI15SC corner antenna, etc) I hope I don't find I need to put this unit on eBay in a month and replace it with one with detachable antennas just to get adiquate coverage in the shape I need.
Sorry David, but that's not a state the RV110W firmware allows. Maybe it should if for no other reason than to lessen confusion, but it does not.
Under Firewall>Basic Settings>Web Access, if you try to have both the HTTP and the HTTPS "Web Access" boxes unchecked, then a red "You must select a web server." message is displayed right next to the Web Access boxes. This behavior is independent of whether the "Remote Management: Enabled" check box is checked. Furthermore, if you try to save the configuration in that state (neither "Web Access" box checked), it won't save the configuration. The firmware (220.127.116.11 and the two previous version this unit has had) REQUIRE that one or the other of the "Web Access" check boxes be checked at all times. And again, this is independent of the state of the "Remote Management: Enabled" check box.
As I said on March 31, 2021, all WAN port probe tests after the upgrade to 18.104.22.168 seem to always show no ports open to unsolicited connections in the range of 0-1055, as well as 8080, when I have the "Remote Management" disabled. So as near as I can tell, it's now behaving correctly. Why the tests were showing port 443 open with the earlier firmware is a mystery.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...