Orbi WiFi 7 RBE973
Reply

SRX5308 , Maximum Entries Inbound Services

cpatterson
Aspirant

SRX5308 , Maximum Entries Inbound Services

I am running a SRX5308 for one of our clients, managing access to multiple servers from outside their main facility. The simplest method for providing this access to this point has been port forwarding for RDP access. We also have several users who remotely connect to their business desktops via RDP, and we've forwarded their ports appropriately.

 

Due to the nature of Internet Trolls, we've had to perform several IP range blocks because of hack attempts to the systems. This morning, I ran into a snag where my remote session wouldn't reconnect after adding a couple more IPs to the "Naughty" list. Fortunately, the central location is less than 5 minutes away, so I was able to zoom over and guess at my issue, which seems to have been the sin of using more than 64 Inbound Service rules, whereupon the router just ignored all of them. 

 

Is this an accurate assumption? If so, is there a workaround? If not, can someone point me to a brand that allows more than 64 Inbound services? Thanks!

 

Message 1 of 11

Accepted Solutions
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

By the way, if anyone ever comes back to this problem in the future, I got with someone who actually knows what they're doing in Netgear (props to Alex), and this is a shortcoming of this (and likely other netgear) routers: they can't manage over 64 individual rules. 

View solution in original post

Message 10 of 11

All Replies
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

Hello? Anybody home? @DaneA, any ideas?

Message 2 of 11
DaneA
NETGEAR Employee Retired

Re: SRX5308 , Maximum Entries Inbound Services

Hi cpatterson,

 

Kindly answer the questions below:

 

a. Have you double-checked the order of precedence of the Inbound rules that are currently configured on the SRX5308?

b. Have you tried to reboot the SRX5308 then check if all Inbound rules work? 

c. Are there any changes made recently within the network setup where the SRX5308 is deployed?

d. What is the current firmware version of the SRX5308? 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 3 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

Hi DaneA, thanks for your response.

 

a: the Order of the inbound services is exactly what I need it to be. I am blocking various addresses (the undesirables) before I do any of the port forwarding (required). We found that if you do the port forwarding first, the undesirable addresses get their junk forwarded before they can be blocked, which is, I assume, the point of having a precedence. 

 

b: I have rebooted the SRX5308, but not when I was having the issue. I cannot verify the "blocked" addresses are still blocked (since they source from different countries), but Wireshark doesn't show any additional traffic from my "blocked" locations, and the forwarding works properly. However, once I crossed that "65 services" line, port forwarding stopped working, and I was required to physically visit the location. Once I removed the earliest two "blocked" addresses, the port forwarding started working again. None of this process required a reboot to change state. 

 

c:  No other changes are made within the network. I can replicate the issue (It happened once by accident, and once by intention to verify) simply by adding aditional services in the SRX5308 past the "65".

 

d:  The current version of firmware on the device is 4.3.4-1.  Is there some patch that addresses this limit? The last time I updated the firmware to a netgear device, it blew out all my added services and I had to scramble to re-add them. I had not done an update, since nothing in the patch notes I read indicated a change to this issue.

Message 4 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

So, @DaneA, any further input? thanks

 

Message 5 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

Still having this issue, I'd like to see a resolution, or at least acknowledgement that this router can't handle the load. @DaneA, anyone else?

Message 6 of 11
DaneA
NETGEAR Employee Retired

Re: SRX5308 , Maximum Entries Inbound Services

@cpatterson,

 

As far as we've checked, there is no issue on the SRX5308 as per you have described here on this forum thread.  Let me check further on this and I will provide feedback as soon as I got an update. 

 

 

Regards,


DaneA

NETGEAR Community Team

Message 7 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

So, @DaneA you've setup an SRX5308, and added over 65 entries or so, and found that every entry is still working?

Message 8 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

@DaneA

Any information about your testing? how did the router do with over 65 entries?

Message 9 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

By the way, if anyone ever comes back to this problem in the future, I got with someone who actually knows what they're doing in Netgear (props to Alex), and this is a shortcoming of this (and likely other netgear) routers: they can't manage over 64 individual rules. 

Message 10 of 11
cpatterson
Aspirant

Re: SRX5308 , Maximum Entries Inbound Services

"@cpatterson,

 

As far as we've checked, there is no issue on the SRX5308 as per you have described here on this forum thread.  Let me check further on this and I will provide feedback as soon as I got an update. 

  

Regards,


DaneA

NETGEAR Community Team"

 

 

This is a completely inaccurate response, btw.... Not sure who you "checked" with....

Message 11 of 11
Discussion stats
  • 10 replies
  • 5438 views
  • 0 kudos
  • 2 in conversation
Announcements