RV120w DMZ Firewall Rules

Similar Messages

• RV120W Firewall Rules

  Hi,
  I have several problems with RV120W Wireless-N VPN Firewall :
  1 - I can't delete firewall rules from web interface, when I try, a error "Selected firewall rule(s) deletion has failed" (cf attache file)
  2 - I want to be able to send ping (or others) to a wifi connected device from WAN, i have a rule to allow all traffic from wan to lan in any protocol. When i try to send ping lan interface, there is impossible.
  Thanks,
  Benoit MENARD

  Dale,
  what address are you using to access the internal company websites (IP address or domain name). More than likely, port forwarding rules need to be configured for port 80 to go to internal address of the web server.In order to configure rules for services not available in the list, you wll need to create a custom service. After the service is created it will appear at the bottom of the services list. If you need further assistance you may have to call 1.866.606.1866 and open a support ticket.
  Blake Wright
  Cisco SBSC Network Engineer

• Home Hub 5 firewall rules and TP Link routers

  I am not yet a BT customer but am looking to sign up for Infinity and I understand I will get a Home Hub 5 unit ... however I would prefer to use my TP-Link AC1750 which has proven to be excellent with it's WIFI signal. My TP-Link is a cable version, not the ADSL version.
  I understand the HomeHub 5 now contains the VDSL modem built in (rather than separate) so I suspect I'll need to hang my TP-Link off one of the HomeHub 5 Gbe ports and disable Wireless on the Home Hub. Has anyone tried this? Do you know if the firewall rules can be set to put my TP Link in a "DMZ" , i.e. no firewall protection, because I'd prefer to do that as my TP Link is a router/firewall combined and it will make it easier for getting my VPN ports working etc.
  Alternatively do you know if the cable you would normally plug into the HomeHub5 "Broadband WAN" plug is just straightforward Gbe, i.e so I can put it straight into my TP Link and not use the HomeHub 5 at all?
  Thanks
  Solved!
  Go to Solution.

  Keith,
  Thanks very much for your reply. So I can't use the HomeHub 5 as a cable modem, but do you know what kind of broadband/WAN connection BT OpenReach provide that goes into the HomeHub? Is that straight-forward Gbe that I could probably plug into my TP Link, as it's designed to take a Gbe connection? (Currently it is connected into one of the LAN ports of my ADSL router/modem/firewall device as I'm still on ADSL but was planning my upgrade to Infinity)
  Alternatively, I could connect my TP Link into one of the Home Hub 5 LAN ports, so long as I can designate that port as a DMZ port (i.e. no firewall protection) so that my TP Link will be the only one controlling the firewall rules. Is it possible to make one port, or one device a DMZ device on the Home Hub 5?
  Thanks

• How to reload firewall rules from command line on firewall ?

  Hi all,
  I am trying to create script that controls firewall on server. OS version is OS X Server 10.5.6.
  Part of firewall rules is created using firewall admin tools, part of Server Admin Tools. My first question is where are those rules stored permanently ? As far as I understood it should be set of ipfw rules but they are not stored in /etc/ipfilter/ipfw.conf.
  Idea of script is this:
  I have set of rules that should be controlled by Server Admin Tools.
  Also, I have some dynamic rules.
  Whenever some change occurs, I created script that does following:
  /sbin/ipfw -f flush - to flush all existing rules
  /sbin/serveradmin stop ipfilter - to stop existing firewall
  /sbin/serveradmin start ipfilter - to restart firewall and reload permanent rules
  Add my set of rules...
  After flushing all rules and issuing stop and start ipfilter none of rules set through Server Admin Tools are not reloaded. So how should I reload them ? How to save them permanently in the first place ?
  Please note that I do not have access to server (for security reasons). I am developing script on my Mac, sending to client and he tests it. So I cannot do a lot of testing.
  Thank you in advance.
  Best regards,
  Dusan

  Unix and Terminal queries are best posted to the Unix forum under OS X Technologies where those mavens frolic.

• 0x8007000e (E_OUTOFMEMORY) while adding a firewall rule using the windows firewall COM API

  Hello,
  Configuration: Windows Embedded 8 64-bit.
  I'm using the Windows Firewall with Advanced Security COM API. The program uses the INetFwRules interface. Basically, I'm using the following code (Form the code sample available here : http://msdn.microsoft.com/en-us/library/windows/desktop/dd339604%28v=vs.85%29.aspx.)
   I get the error when performing "hr = pFwRules->Add(pFwRule);".
  We can also encounter the problem when removing a rule (using pFwRules->Remove(ruleName);)
  HRESULT hrComInit = S_OK;
  HRESULT hr = S_OK;
  INetFwPolicy2 *pNetFwPolicy2 = NULL;
  INetFwRules *pFwRules = NULL;
  INetFwRule *pFwRule = NULL;
  long CurrentProfilesBitMask = 0;
  BSTR bstrRuleName = SysAllocString(L"SERVICE_RULE");
  BSTR bstrRuleDescription = SysAllocString(L"Allow incoming network traffic to myservice");
  BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group");
  BSTR bstrRuleApplication = SysAllocString(L"%systemroot%\\system32\\myservice.exe");
  BSTR bstrRuleService = SysAllocString(L"myservicename");
  BSTR bstrRuleLPorts = SysAllocString(L"135");
  // Initialize COM.
  hrComInit = CoInitializeEx(
  0,
  COINIT_APARTMENTTHREADED
  // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
  // initialized with a different mode. Since we don't care what the mode is,
  // we'll just use the existing mode.
  if (hrComInit != RPC_E_CHANGED_MODE)
  if (FAILED(hrComInit))
  printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
  goto Cleanup;
  // Retrieve INetFwPolicy2
  hr = WFCOMInitialize(&pNetFwPolicy2);
  if (FAILED(hr))
  goto Cleanup;
  // Retrieve INetFwRules
  hr = pNetFwPolicy2->get_Rules(&pFwRules);
  if (FAILED(hr))
  printf("get_Rules failed: 0x%08lx\n", hr);
  goto Cleanup;
  // Create a new Firewall Rule object.
  hr = CoCreateInstance(
  __uuidof(NetFwRule),
  NULL,
  CLSCTX_INPROC_SERVER,
  __uuidof(INetFwRule),
  (void**)&pFwRule);
  if (FAILED(hr))
  printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
  goto Cleanup;
  // Populate the Firewall Rule object
  pFwRule->put_Name(bstrRuleName);
  pFwRule->put_Description(bstrRuleDescription);
  pFwRule->put_ApplicationName(bstrRuleApplication);
  pFwRule->put_ServiceName(bstrRuleService);
  pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
  pFwRule->put_LocalPorts(bstrRuleLPorts);
  pFwRule->put_Grouping(bstrRuleGroup);
  pFwRule->put_Profiles(CurrentProfilesBitMask);
  pFwRule->put_Action(NET_FW_ACTION_ALLOW);
  pFwRule->put_Enabled(VARIANT_TRUE);
  // Add the Firewall Rule
  hr = pFwRules->Add(pFwRule);
  if (FAILED(hr))
  printf("Firewall Rule Add failed: 0x%08lx\n", hr);
  goto Cleanup;
  This works pretty well but, sometimes, at system startup, adding a rule ends up with the error 0x8007000e (E_OUTOFMEMORY) ! At startup, the system is always loaded cause several applications starts at the same time. But nothing abnormal. This is quite a random
  issue.
  According MSDN documentation, this error indicates that the system "failed to allocate the necessary memory".
  I'm not convinced that we ran out of memory.
  Has someone experienced such an issue? How to avoid this?
  Thank you in advance.
  Regards, -Ruben-

  Does Windows 8 desktop have the same issue? Are you building a custom WE8S image, or are you using a full WE8S image? The reason I ask is to make sure you have the modules in the image to support the operation.
  Is Windows Embedded 8.1 industry an option?
  www.annabooks.com / www.seanliming.com / Book Author - Pro Guide to WE8S, Pro Guide to WES 7, Pro Guide to POS for .NET

• Can't add a new Firewall Rule

  I have a very curious issue: I cannot add any new firewall rules at all! Clicking on the New Button does nothing and on the console I get
  System Preferences[487] * -[NSCFString objectForKey:]: selector not recognized [self = 0x3f11b0]
  I have flushed the firewall with ipfw, deleted the plist file, repaired permissions but the problem ist still there. Any suggestions? (apart from reinstallation)
  Adding Firewall Rules through ipfw works...

  Whenever I use ipfw I lose the ability to use System Preferences. At first I thought that it compared kernel memory with the plist file and if it found a difference, assumed another firewall was running and disabled itself. But I also deleted the plist file (assuming it would build one from kmem) but that didn't work. Right now I assume there's another file somewhere. It wouldn't make any sense to keep another table in kmem. The weird part is that rules can be the same, but different sequence numbers will cause this problem. There weren't sequence numbers in the plist file, so there's probably another file somewhere.
  I think your error is from the missing plist file. A reboot should clear it up.

• Appending Firewall Rules to vShield Edge with PowerCLI Script

  Hi,
  I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.
  Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?
  Update:
  So obviously the following line seems to create a new instance of the firewall:
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  Because the next 3 lines after are setting the main firewall parameters again - something you wouldn't need to do if we were just adding new rules to the existing firewall.
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  Is there a way to use a PowerShell command such as add-member rather than new-object?
  param (
  [parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,
  [parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,
  [parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,
  [parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile
  # Add in the VI Toolkit
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Core
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Cloud
  try {
  Connect-CIServer -Server $CIServer 2>&1 | out-null
  } catch {
  Exit
  #Search EdgeGW
  try {
    $myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet
    $edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href
    $edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}
  } catch {
  [System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)
    Exit
  #Item to Configure Services
  $edgeView.Configuration.EdgeGatewayServiceConfiguration
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  $fwService.FirewallRule = @()
  Ipcsv -path $csvFile |
  foreach-object
  $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
  $rowNum = $_.Num -as [int]
  $fwService.FirewallRule[$rowNum].description = $_.Descr
  $fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
  switch ($_.Proto)
  "tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
  "udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
  "any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  $fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
  if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }
  $fwService.FirewallRule[$rowNum].sourceport = $srcPort
  $fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
  $fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
  $fwService.FirewallRule[$rowNum].policy = $_.Policy
  #$fwService.FirewallRule[$rowNum].direction = $_.Direction
  #$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
  $fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
  $fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
  #configure Edge
  $edgeView.ConfigureServices($fwService)
  Thanks,
  Scott.

  Hi,
  Agree with Ed, you can publish CAS array VIP to internet, and use it to configure Federated Delegation.
  Thanks.
  Niko Cheng
  TechNet Community Support

• SA 540 INBOUND FIREWALL RULES NOT WORKING

  Hi all,
  I am having trouble configuring the firewall for the SA 540.
  client 1 (160.222.46.154) ----- switch ------ sa 540 ------ cisco 887 W ------ client 2 (50.0.0.10).
  client 1 can ping client 2, however client 2 cannot ping client 1. The default outbound policy (allow all) is set on the sa 540, and I have tried configuring a blanket ipv4 rule on the sa 540 to allow 'all' to 'any' (for all services) related to traffic from the WAN to LAN, and visa versa. The output from the logs are as follows:
  Fri Jan 7 13:43:04 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
  Component: KERNEL
  Fri Jan 7 13:43:09 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
  Component: KERNEL
  Fri Jan 7 13:43:14 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=UDP SPT=60737 DPT=53
  Component: KERNEL
  Basically any connection identified as coming in from the WAN (i.e. IN=WAN) is dropped. I set up a new vlan on the cisco 887 W, in the 160.222.46.x address space, and connected a spare port directly to the sa 540 and had no problem testing connectivity to any device via ping. Obviously the zone communication is LAN to LAN and firewall treats the traffice differently.
  I assumed that creating an all encompassing rule to allow all trafiic, for all services, between the LAN and WAN (in both directions) would be equivalent to placing the appliance in PASS THROUGH mode? There is no securtiy set on the 887 W or the switch.
  Also is anybody could explain what 'SELF' means in the conttext IN=SELF or OUT=SELF it would be much appreciated. Firmware is latest.
  Thank you.
  Regards
  Marc

  On closer analysis and with some help from Experts Exchange it did seem non sensical to have both the IN and OUT as the WAN interface, but I had literally exhausted every avenue possible bar 1- changing the routing mode to CLASSIC and configuring a static route (which was at a higher administrative level than my RIP advertised routes) and took preferece when forwarding the packets.
  Now the SA540 firewall rules work as I would expect and I can route between all zones. To summise it appears as if the Double NAT from the router (887W) and then the SA540 was the issue, and the innability to configure any workaround in the interface of the SA54O firewall rules.
  It really makes you appreciate the power of the command line and the full scope of CIsco's command line options. Does anybody know if (and how) it would be possible to configure Double NAT on the SA540?
  Regards
  Marc

• ISE 1.1.1 firewall rules distributed deployment

  My question is in reference to the following link:
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_app_e-ports.html
  Basically I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
  My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
  I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.

  Try this for size.
  In answer to the specific CoA question, I see no need for the WLC to send CoA to PSN, so just PSN to WLC as far as I can see.
  You might be able to cut this list down, and you might have to add to it for any specific requirements.
  From PSN to AD (potentially all AD nodes):
  TCP 389, 3268, 445, 88, 464
  UDP 389, 3268
  From PSN to Monitoring nodes:
  TCP 443
  UDP 20514
  PSN to Admin Nodes (2Way):
  TCP 443, 1521
  ICMP echo and reply (heartbeat)
  WLC to PSN:
  TCP 443, 8443, 80, 8080
  UDP 1645, 1646, 1812, 1813, 1700, 3799, 161, 162, 9993, 67
  PSN to other PSN’s (2 way)
  UDP 30514, 45588, 45990
  Endpoint (Laptop) to PSN (Guest laptops just need to get to external PSN’s, internal users just to internal PSN’s)
  TCP 8443, 8905
  UDP 8905
  Admin/Sponsor to all ISE nodes:
  TCP 22, 80, 443, 8080, 8443
  UDP 161
  PSN access to DNS servers:
  TCP/UDP 53
  PSN access to NTP servers:
  UDP 123

• [Solved] Windows Firewall rule that allows Windows Update

  Can anyone kindly give me a Windows Firewall rule that allows Windows Update? Assume I'm running MMC's "Windows Firewall with Advanced Security" snap-in as Administrator. Note that a "solution" that takes down the outbound firewall is
  not acceptable.
  Thank You.
  ===== Solution =====
  Suppose that, as the default, you've set the outbound firewall to block (see
  To close the outbound firewall, below). In order for Windows Update to check whether an update is available and then to download the update files, you first need an outbound firewall
  allow-rule that allows the Windows Update service to pass through the outbound firewall.
  Prerequisite: Knowledge of the Microsoft Management Console (MMC) and its "Windows Firewall with Advanced Security" plug-in.
  What you will do: You will use the "Windows Firewall with Advanced Security" MMC plug-in to create an outbound firewall rule that
  allows '%SystemRoot%\System32\svchost.exe' (the generic service driver) to pass through the outbound firewall on behalf of 'wuauserv' (the name of the specific service that performs the update).
  Warning: If you don't know what I'm writing about, get help.
  Name: Allow Windows Update (...or any name you prefer - it doesn't matter)
  Group:
  Profile: Public
  Enabled: Yes
  Action: Allow
  Program: %SystemRoot%\System32\svchost.exe
  Local Address: Any
  Remote Address: Any
  Protocol: Any
  Local Port: Any
  Remote Port: Any
  Allowed Computers: Any
  Status: OK
  Service: wuauserv
  Rule Source: Local Setting
  Interface Type: All interface types
  Excepted Computers: None
  Description:
  To open the outbound firewall:
  More accurate wording would be
  Outbound connections are allowed unless explicitly blocked by a rule.
  If you look at the standard rules you will find no block-rules. That means that nothing is blocked, everything is allowed, and the outbound firewall is wide open.
  To close the outbound firewall:
  More accurate wording would be
  Outbound connections are blocked unless explicitly allowed by a rule.
  If you look at the standard rules you will find only allow-rules that have been crafted to allow the vital Windows connections to pass through the outbound firewall. To an informed observer it's obvious that the firewall engineers crafted these
  allow-rules so that users who closed the outbound firewall wouldn't have to write them. But the firewall engineers left out Windows Update.

  Hi mark,
  Thanks for sharing, it will help other users who have similar issue.
  Regards

• Where is the firewall rules file??

  I had to tweak a bunch of firewall rules following this latest Apple security update (it broke my mail services). In the log (G5 Xserve running 10.4.11), it now says
  "mail servermgrd_ipfilter:ipfw config:Error:Failure code returned by ipfw command: 64, message: Line 22: recv,xmit via require interface name or address"
  but I only have 19 rules in my "Active rules". Where would this bad "line 22" be located?
  Mike

  I'm not sure about 1.5, but normally there isn't one. The defaults are just used unless there is one.
  Look here
  http://java.sun.com/j2se/1.5.0/docs/api/javax/swing/UIManager.html

• DLINK 2750B - Entering Custom Firewall Rules

  I am having difficulty entering these rules below. I seem to be able to add the "allow" but dont see how to add the blocking. How does one block a a port to an IP or IP range? ALLOW TCP/UDP IN/OUT to 208.67.222.222 or 208.67.220.220 on Port 53 and below it BLOCK TCP/UDP IN/OUT all IP addresses on Port 53 Forcing DNS so it can not be circumvented to OpenDNS parent filter, I dont care if its not supported, I just need to know if it can be done. Any ASSISTANCE, specifically with this firewall setting on this device, in performing this task with this modem is greatly appreciated, color commentary is not. Thank you very much!

  In this case, you will want to make sure the DNS Rule for allowing the DNS traffic is allowed with priority over the deny policy. Make your allow policy by specifying TCP and UDP as allowed, Port 53, to both of OpenDNS's servers. Two identical rules, less the IPs will need to be created in many cases.
  In most cases, you can usually set an "All IPs" range by leaving the IP address set to 0.0.0.0 with Port 53 and TCP/UDP set. Note that because DNS can work over either TCP or UDP depending on the server, you must filter both protocols. It is best to use "REJECT" in order to kill off DNS requests, as "DROP" will cause latency.
  I do not know how the D-Link will treat creating rules in this fashion, let us know what your results are. If your question involves where the Deny/Reject/Drop options are for the firewall rules, then please provide a screenshot of what you see to help us out.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Mac Mini, iTunes 7.4.2, Mac OS X 10.4.10 -- firewall rules are broken

  Last night I updated from 7.4.1 to 7.4.2. Nothing else changed on my Mac Mini (Intel Core 2 DUO) running Mac OS X 10.4.10.
  I immediately found that none of my other computers nor my Apple TV could reach my shared music library, which is hosted by the Mac Mini.
  I normally run with the firewall enabled and in fact the box is checked to allow iTunes music sharing. HOWEVER, since upgrading to iTunes 7.4.2, the firewall rule is somehow no longer sufficient.
  I had to turn off the firewall in order for my other computers and the Apple TV to be able to reach my shared library on my Mac Mini.
  Effectively, something has changed w.r.t. sharing in iTunes 7.4.2, such that the default firewall rules in Mac OS X 10.4.2 are no longer allowing clients to connect to the iTunes shared libraries.

  The 1G iPod should still work OS X 10.4.11 (Tiger).  Since the Mac still sees the iPod as an externally mounted drive, we'll take that as a good sign.
  Have you seen this article yet?
  iPod does not appear in iTunes or iPod updater in Mac OS X
  And perhaps work through all the suggestion here as well?
  iPod not recognized in iTunes and Mac desktop
  B-rock

• RV320 Firewall rules, VLAN, and IP Aliasing

  I have purchased and RV320 to replace our SA520W Router.  I have 2 SBS servers that are on seperate VLANS.
  The RV 320 is set with WAN 1 IP of XX.XX.XX.43
  SBS1 has internal IP of XX.XX.16.2 on VLAN 1 port 1 on router
  SBS2 has internal IP of XX.XX.2.2 on VLAN 5 port 2 on router
  On the older SA520W I was able to setup an IP alias of XX.XX.XX.47 and XX.XX.XX.46 with firewall rules so 47 pointed to SBS1 and 46 pointed to SBS2 for their respective ports.
  How do I do that on the RV320 so I can have 2 IPs server from the isp than go through WAN1 to their respective VLANs?

  SBaalman1,
  The feature you are looking for is called One-to-One NAT on most of the Cisco SMB routers. You can find it under Setup.
  - Marty

• SA540 Firewall Rules Fail when Optional Port Configured to Failover

  Today, I configured a client's SA540 for failover.  The primary WAN port is FIOS with a static IP address.  The optional port is Road Runner cable with a static IP address.  The failover tested successfully.  However, now the SA540 cannot be accessed on its internal IP address (https://192.168.1.1) and none of the firewall rules work any longer.  There are several rules but to name two; remote desktop port forwarding to an internal server, and HTTPS to another internal server.  Both rules use IP addresses different than the SA540's WAN IP address.  Additional external IP addresses were configured previously and assigned and they worked up to the point were the failover was configured.
  Now here is the strange part.  If the optional port cable is removed from the port, everything returns to normal, but plug it back in and problems.  I even tried disabling failover in the SA540's configuration and it made no difference unless the cable was unplugged.
  As you might imagine the client is upset about this.  Anyone have any ideas? 
  The firmware is 2.1.18.
  Tony
  PS.  About an hour after I posted this, I tried moving the remote desktop external connection from one of the additional IP addresses configured in the SA540 to the dedicated WAN address and remote desktop sessions were then forwarded into the correct server.  Apparently, the additional IP addresses are not working with the two ISP failover configured, or at least it doesn't work in my configuration.  Any help on this would be much appreciated.  The additional IP addresses are configured in the same subnet as the dedicated (primary) WAN port.   Again, this worked until failover with another ISP was configured.

  This issue has been resolved. After much testing and discussions with the great guys at Cisco TAC, we determined that Verizon FIOS is doing something on their routers to defeat use of IP aliasing. If you have FIOS and you must have more than one IP address and expect to create an IP alias to direct traffic in a 1 to 1 NAT to a node on your network, FIOS doesn’t work. Contact with Verizon technical support is no help. They are oblivious to the problem and don’t want to be bothered.
  Tony Lombardi