The overall problem is that we're having lots of problems with web access in or out of the office. There was a problem with sporadic packet loss with the ISP which has now been corrected, but still the web problem persists.
In investigating, I am seeing lots of messages like this in my system logs:
However, I am using the default firewall rules with only additions to let SSH, HTTP, and HTTPS into a few machines on the LAN. The above source address is not one of these machines. The hosts affected on the LAN side do not seem consistent. The destination addresses that experience this do seem to be consistent based on a relatively small sample of log file, but being a small sample, this may be spurious info.
This doesn't seem right - the rules should allow any outbound connections.
Admittedly, most of the traffic in/out is HTTP or HTTPS, but I haven't seen this affect any other service than these.
I have made sure that the content filtering is disabled, I've played with turning SPI on/off with no change.
The above is about the only visible anomaly I've seen, and I'm running out of ideas...
No DSL, am using a Ubee cable modem to Time Warner Business Class service. This setup has worked for over a decade, but my PIX died and now this is happening on replacement with RV320.
Changed the MTU to no effect, and yes I am using IPv6 with tunnelbroker,net. I have tried disabling IPv6 but put it back when it did not solve the problem.
I opened up my Google search and found that this is a problem also found on the RV042, but I can't find a resolution. Cisco has said on the RV042 that it's a broken TCP/IP implementation, but since I get this across Windows 7, Linux, FreeBSD and Android devices and only on HTTP/HTTPS connections (at least so far and we do a lot of FTP, and SSH) and it is a crippling problem, it seems like they may have to address this.
There is a known issue with false positives on some inbound connections on the RV320, however your issue is outbound. I would suggest giving us a call at 1.866.606.1866 and open a support case and we can see if we can get this resolved.
Senior Network Support Engineer - Cisco Small Business Support Center
I just noticed my RV320 is doing the same thing. Only because I happened to turn on the log to look for something else. It's been in place for months, and no one has had any issues using the Internet.
One thing I did notice is that it's only TCP packets tagged ACK FIN or ACK RST. These might be seen as a kind of a probe (fingerprinting the system based on its response to an unsolicited such packet), and, of course, since it's just my workstations acknowledging the end of a session, it doesn't affect the user experience at all if these are blocked.
But, it is pretty lame that we don't have the capability to adjust this aggressive filtering on outbound packets by this device, or more information (such as which policy) in the log.
Configure DHCP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who offer...
Configure Static IP WAN Settings on the RV34x Router
A Wide Area Network (WAN) is a network that covers a broad area. A user or network of users can connect to the Internet through an Internet Service Provider (ISP) who ...