Next Steps from Cisco RV340

jasonreg

Regular Contributor
Well, after waiting (semi) patiently for about 15 months, I find myself with an RV340 which is about to lose Cisco support. My security license also expires this week and I now need to make a few decisions. To get me going, I would like to solicit some advice from the crowd. My current set-up has my ISP Router (Gigabit service with reliable 940+ Mbps access at my main PC) bridged to my RV-340. RV340 connected to Layer 3 switch which does all routing (multiple VLANs) + POE duty, then onward to wired connections (about 75 in total) and my access points (about another 50+ connections). I am really only considering what needs to be done at the RV-340 at this stage ideally.
  1. How quickly should I be concerned about losing the benefits of the security license (runs Router Anti-Virus and Intrusion Detection). My current view is: "this an issue I need to fix but less urgently" - most do not run this level of protection on their routers.
  2. How quickly should I be concerned with the end of software vulnerability and software maintenance support. My current view is "very". New threats show up all the time - I am less concerned with the fixing any current flaws - my system runs very well - I am quite concerned with the security aspects.
  3. Any recommendations for a replacement wired router? Why?
  4. Should I also replace Layer 3 switch for ease of configuration with new router?
Many thanks in advance,
 

Tech9

Part of the Furniture
I have replaced 3x RV345P units recently with Netgate 6100 appliances. My networks are different though, all new hardware. I don't need L3 switches, but using 2.5GbE connections instead and everything is done on the firewall. Your RV340 never did any packet inspection, especially on Gigabit. It has no hardware to do it. I would keep the L3 switch and everything attached to it as is and replace the router/firewall with something you are comfortable with and compatible with the rest of your setup. RV34x is entry-level router and moving to pfSense will have some learning involved.
 

Christos

Regular Contributor
I believe that in the case of a big and exploited security vulnerability, Cisco will provide a fix to this router.
At this moment it is hard to find a netgate appliance anyway, so you can wait for 6-9 months and make a resercah then.
pfSense is not hard, considering your experience with Vlans etc.
 

sfx2000

Part of the Furniture
I believe that in the case of a big and exploited security vulnerability, Cisco will provide a fix to this router.

No - EOS is rapidly approaching - Cisco is pushing folks towards Meraki solutions...

 

coxhaus

Part of the Furniture
No - EOS is rapidly approaching - Cisco is pushing folks towards Meraki solutions...

It seems to be the case. I don't think it is a direction I will go. Still waiting. Maybe they will change their mind but probably not soon enough.
 

sfx2000

Part of the Furniture
It seems to be the case. I don't think it is a direction I will go. Still waiting. Maybe they will change their mind but probably not soon enough.

Yeah, it's an old code base, and it's only going to be more difficult to maintain it.

The Meraki small/medium enterprise gear is pretty good, and while it's a bit spendy, it's reliable and secure.
 

jasonreg

Regular Contributor
I do not think I will go the Meraki route. From what I can tell, they get pretty pricey with decent throughput. The base models seem to have relatively modest throughput.
 

Miner

Regular Contributor
Well, after waiting (semi) patiently for about 15 months, I find myself with an RV340 which is about to lose Cisco support. My security license also expires this week and I now need to make a few decisions. To get me going, I would like to solicit some advice from the crowd. My current set-up has my ISP Router (Gigabit service with reliable 940+ Mbps access at my main PC) bridged to my RV-340. RV340 connected to Layer 3 switch which does all routing (multiple VLANs) + POE duty, then onward to wired connections (about 75 in total) and my access points (about another 50+ connections). I am really only considering what needs to be done at the RV-340 at this stage ideally.
  1. How quickly should I be concerned about losing the benefits of the security license (runs Router Anti-Virus and Intrusion Detection). My current view is: "this an issue I need to fix but less urgently" - most do not run this level of protection on their routers.
  2. How quickly should I be concerned with the end of software vulnerability and software maintenance support. My current view is "very". New threats show up all the time - I am less concerned with the fixing any current flaws - my system runs very well - I am quite concerned with the security aspects.
  3. Any recommendations for a replacement wired router? Why?
  4. Should I also replace Layer 3 switch for ease of configuration with new router?
Many thanks in advance,

For your Q #1 here's a thread from 2021 where the pros and cons of the security licenses are discussed:


I started that thread and decided not to renew the licenses past the initial one-year "trial."
 

jasonreg

Regular Contributor
I can start a new thread if this is too far a stretch but:

Thoughts on Unifi from the group? Considering replacing the RX340 with a Dream Machine Special Edition. I am generally considering keeping my current Layer 3 Switch (SG350X) and WAPs (3 x WAP 571 in a cluster) but open to changing them also if need be. I am assuming set-up might be easier in a single environment (or maybe I am over thinking it?)
 

Tech9

Part of the Furniture
Just continue using your RV340. EoL doesn't mean it's not secure enough. You have nice all Cisco setup.
 

degrub

Part of the Furniture
i'm still using my RV325s, no services exposed, patched, You can put them behind the ISP router for good measure.
 

Tech9

Part of the Furniture
I also have one RV320 still in service. It is behind 2x ISP modem/routers doing dual WAN load balancing + fail over. Works perfectly.
 

Miner

Regular Contributor
Agree with above, I'll keep using an RV-34x router for now. Will eventually change out but it's not a defcon-1/code red urgent emergency at this point in time.
 

Tech9

Part of the Furniture
I have replaced RVs not because of expected system crash the day after EoL, but because it was a planned migration to different hardware covering specific requirements on both my end and my business partners end. The nature of the business doesn't allow use of EoL equipment. RV320 still in service is a home network.
 

Christos

Regular Contributor
Avoid opening ports and use vpn instead to access your lan. This will also protect your internal devices that may not been patched yet.
 

jasonreg

Regular Contributor
OK so interesting discussion. A couple of follow-on questions:
  • @Tech9 – when you say EOL does not mean secure enough – how long will that last? Hypothetical I realize but you are correct, as of 28 Oct I had confidence in my network, do I have reason to be worried now? If not when?
  • @degrub – I assume being behind an ISP router does not apply if the ISP router is bridged? TO be clear the flow is ISP Modem (XB8) bridged -> RV340 -> SG350X-24 -> rest of network including WAP cluster and another switch. If I reset the ISP modem will this cause any issues?
  • Assuming I am paranoid and have more money than common sense, If I were to add a hardware firewall, I am assuming it would be placed between the ISP modem and the RV340? Any issues to be aware of?
  • Looking at Firewalla Gold Plus, but also considering Fortigate-60F. Thoughts and other recommendations?
 

Tech9

Part of the Furniture
when you say EOL does not mean secure enough – how long will that last?

I have said EoL equipment is not allowed in my business. I need specific security clearance certificates and I also process personal data and online payments. One of my places has biometrics scanner and a metal detector at entry/exit point. Part of updates/upgrades are mandatory, other part I have made mandatory so the IT support knows and takes appropriate actions on time. EoL is not a problem in less secure networks like home environment. This is where I still use one RV320 with no issues whatsoever. It's in a house where elderly people mostly read news and watch movies on Internet.

do I have reason to be worried now?

It depends. If you are running a professional law, accounting or doctors office - yes. Home network - don't worry about it too much.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top