Next Steps from Cisco RV340

degrub

Part of the Furniture
OK so interesting discussion. A couple of follow-on questions:
  • @Tech9 – when you say EOL does not mean secure enough – how long will that last? Hypothetical I realize but you are correct, as of 28 Oct I had confidence in my network, do I have reason to be worried now? If not when?
  • @degrub – I assume being behind an ISP router does not apply if the ISP router is bridged? TO be clear the flow is ISP Modem (XB8) bridged -> RV340 -> SG350X-24 -> rest of network including WAP cluster and another switch. If I reset the ISP modem will this cause any issues?
  • Assuming I am paranoid and have more money than common sense, If I were to add a hardware firewall, I am assuming it would be placed between the ISP modem and the RV340? Any issues to be aware of?
  • Looking at Firewalla Gold Plus, but also considering Fortigate-60F. Thoughts and other recommendations?
not bridged in my case, double nat. i don't have the sustained bandwidth needs nor am i exposing services. If you bridge, then your wan port is fully exposed.
The main issue with firewalls is the amount of time you may have/want to dedicate to maintaining them plus the initial time investment getting it correct..
 

jasonreg

Regular Contributor
The main issue with firewalls is the amount of time you may have/want to dedicate to maintaining them plus the initial time investment getting it correct..
Yes, this I think is my main concern. Not the set up per se but the amount of my time once in place I would need to dedicate to the maintenance .......More thought required.
 

train_wreck

New Around Here
I'll go ahead and chime in that I have an RV340 that I feel comfortable still using. The only available service running on the router itself is the IPSec VPN, and it is using IKEv2 with certificate auth. There have been some publicized exploits to this router, involving the SSL VPN and the web interface you use to manage the router. I'm not using SSL VPN so that doesn't affect me. This device fortunately lets you disable the web interface (actually all management capabilities, including the weird RESTCONF stuff). The thing is, you can only disable it on VLAN interfaces. So while it took some doing, I eventually created a separate VLAN, moved my main network over to that VLAN, then disabled management on said VLAN. I still have the default ("VLAN 1") enabled so that I can connect in and manage it if I need. This required having a PC that can enable VLAN interfaces on the NIC. Many of them these days can, even the cheap Realteks. Hope this helps. I am still looking for a replacement router that can do ~600-700mbps of IPsec like the 340 can, and short of an X86-based device I'm not aware of something equivalent.
 

coxhaus

Part of the Furniture
I am still going to run my Cisco RV340 for a while. My daughter did not buy her new house as the interest rates went too high, so she is staying in her old house. She has AT&T internet. She has a AT&T router with an AT&T wireless extender at the back of her house that covers the back and back yard. It works well enough that I can wait to upgrade her.

I am still watching and hoping for another Cisco solution.
 

coxhaus

Part of the Furniture
So, I am going to call Cisco next week and talk about what hoops I have to jump through to license a Firepower 1010 Firewall. I am not a business but a home without a domain. I think in the past Cisco wanted you to have a work domain. Provantage has them for $513. I also want TAC support so I can get updates.

At least I can start coming up with a plan if I want to go this route. It will be all command line programing. Much harder than a RV340 router. I am not positive I want to work this hard, but I can do it.
 
Last edited:

coxhaus

Part of the Furniture
I don't remember. I looked it up a while back. It must be on another thread somewhere. I will find out. You can run this firewall 2 ways with 2 different sets of code. So, the prices are different depending on which code set you run.

Using this Cisco firewall will be world class security. I probably do not need this at my house but if Cisco makes it easy, I may do it.

It will be a hassle with games and ports as it is pretty manual. When you start all outbound and inbound ports are blocked. At least when I worked on the old Cisco PIX back in its day.
 
Last edited:

sfx2000

Part of the Furniture
So, I am going to call Cisco next week and talk about what hoops I have to jump through to license a Firepower 1010 Firewall. I am not a business but a home without a domain. I think in the past Cisco wanted you to have a work domain. Provantage has them for $513. I also want TAC support so I can get updates.

Take a look at the Cisco Meraki MX line - better licensing, and the HW costs are pretty reasonable...

The FP1010 will do the job, but most small biz and homelabs, it's overkill...
 

coxhaus

Part of the Furniture
Does Cisco Meraki MX line have a long life until it reaches EOL and stops being updated?
No. My understanding is you buy a useable license for a year or years and then it quits working when your license expires.

The main cost is the license. The benefit is you don't really need to know much about firewalls as it is taken care of from a central site. They patch and fix issues as they come up.

The other really nice thing is if you have multiple sites, you can link them together without much knowledge of firewalls. This is probably the biggest benefit of Meraki. You will get a nice GUI of all your sites, and you can manage them remotely. I would think it would be great for retail stores linking them together with a small IT staff.

This is just what I have read a while back as I have never run any Meraki routers. I am not so sure it will be a good home solution. I think the Firepower is a better one location solution and it will be faster than the Meraki.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top