How do we prevent access to controller WebGUI while allowing access to VIA download page ?

Aruba Employee

In a typical scenario, end users will receive an email from their IT department with details to download VIA Client from a URL (controllers public IP address) , users will then download VIA from the URL provided and install it on their computers.

For example, they can download VIA set up files from https://<server-IP-address>/via after entering their corporate credentials.

 

rtaImage (1).png

 

 

But when the users mention the controllers public IP address without /via in the browser, it brings up the controller web interface,

 

rtaImage (2).png

 

 

Any user who is aware of the username and password of the controller, can login into the web interface, thereby gets access to change settings or bring down the network.

Therefore, it is highly recommended to block controller's web interface access from the users by adding an Access Control List to block access to controller WebGUI and allow access to the VIA download page .

 

Environment: This article applies to all Aruba Mobility Controllers running any ArubaOS versions.

 

 

The controller WebGUI is served on TCP port 4343 whereas the VIA download page is served on TCP port 443, Hence to limit public access to the controller web interface, you can configure rules on your firewall to only permit access from certain IPs on port 4343 and block from rest and allow access to port 443

Note:- First ensure you have appropriate rules in place allowing WebGUI access for administrators and  then disable for the rest .

Version history
Revision #:
1 of 1
Last update:
‎07-11-2014 03:20 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: