The RV320's firewall has three options. First, you can enable/disable standard firewall protections such as SPI (stateful packet inspection), DoS (denial of service), WAN ping, remote access and so on. Second, you can create access rules to allow or deny traffic using a specific protocol/port, interface and IP address or range of addresses. Third, you can implement content filtering by creating lists of trusted/forbidden domains and keywords. Access rules and content filtering can be applied 24x7 or based on customizable schedules.
RV320 firewall rules can be created to filter traffic based on TCP/UDP protocol, source and destination interface, source and destination IP address or range and be applied based on hourly and daily schedules. Below I've created a simple firewall rule to block iperf traffic from passing through the RV320.
Content filtering on the RV320 is basic. You can block or allow websites based on manually entered domain names, as well as block websites based on keywords. If a user browses a web page from either the blocked domain or keyword list, they are presented a message stating "This URLs or Page has been blocked".
Another element to the RV320 firewall is DMZ interface support. WAN2 can be configured as a DMZ interface. Separate firewall rules can be created in the RV320's firewall to allow or deny traffic to/from the DMZ interface. In addition, a single host on the LAN can be defined as a DMZ host. Typically, a firewall will pass unsolicited inbound traffic from the WAN interface to the DMZ host.
Routing performance for the RV320 with firmware v.1.1.1.06 and using our standard test method is summarized in Table 4. I added the Cisco RV180 to the table as a comparison, which I'll comment on shortly.
The maximum simultaneous connections result for the RV320 is 32,249, which is the test limit. That's good.
|WAN - LAN||887.0||798.3|
|LAN - WAN||746.3||811.2|
|Maximum Simultaneous Connections||32,249
Table 4: Routing throughput summary
Our throughput tests for download and upload speeds on the RV320 are shown in the IxChariot plot. The download speed was consistently above 900 Mbps, but a few downward spikes dropped the average to 887 Mbps. Upload speed averaged 746 Mbps, with a few spikes peaking over 900 Mbps.
Simultaneous up/downlink measured 832 Mbps.
Overall, these numbers are pretty good. The WAN-LAN throughput number puts the RV320 in the top 10 of our Router performance charts. The LAN-WAN throughput number puts the RV320 in the top 25. Total Simultaneous throughput puts the RV320 in the top 22. Interestingly, we measured the RV180 to be a bit faster than the RV320 in LAN-WAN and Total Simultaneous throughput.
I should note that getting best throughput performance required changing some router settings from their defaults, which is not our normal practice. But initial runs produced suspiciously slow throughput that caused us to check with Cisco to see if we were getting expected performance.
We had to disable Enable Network Service Detection (System Management > Dual WAN > Edit WAN) on both WAN ports and make the Bandwidth Management settings shown below to get simultaneous tests to complete.
Bandwidth Rules for Maximum Connections Test
Normally, our maximum simultaneous test tool doesn't require messing with router default settings. But, according to Cisco, hardware NAT acceleration is enabled when QoS rate control isn't engaged. Entering the rules above shut off the acceleration and allowed the test to hit our limit. Of course, disabling hardware NAT would also reduce routing throughput.
I've summarized key performance numbers and price for the RV320 and several other multi-WAN VPN routers I've tested in Table 5. The RV180 is not a multi-WAN router, but I included it in the table because I have referenced it previously in this review.
|ZyXEL ZyWALL 110||662||420||185||$354.75|
|Cisco RV042 v3||89||91||47.5||$164.59|
Table 5: Competitive comparison
At the beginning of this review, I listed prices for the RVxxx series routers. Among dual-WAN Cisco RVxxx routers, the RV320 costs just $6 to $18 more than the older and slower RV042G and RV042v3, so the price is pretty reasonable. The RV320 comes with a limited lifetime warranty, as do all Cisco RV series routers. And the RV320 has no monthly licensing fees, which is good.
As discussed, I ran into multiple minor bugs while testing the RV320, such as the Time menu lacking complete daylight savings adjustablility, mislabeled QoS menus, problems using the USB port to load firmware and the SSL VPN driver compatibility. None of these (except maybe the SSL incompatibilities) were show-stoppers and the router itself proved to be stable and never hung or needed to be rebooted. But I hope firmware updates can iron out these items, because they really shouldn't be there.
I must admit, Cisco's performance specs and a dual-core CPU gave me the expectation that the RV320 would be significantly faster than the rest of the RVxxx series routers. While the RV320's VPN performance is faster than the other RVxxx routers I've tested and its router performance is faster than most of the other RVxxx routers, I still wanted to see more throughput. (Who doesn't?)
Nevertheless, the Cisco RV320's dual WAN, support for 3G/4G modems and flexible VPN capability is a pretty reasonable deal for less than $200.