Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba Instant 'guest' network blocking e-mail

This thread has been viewed 0 times

  • 1.  Aruba Instant 'guest' network blocking e-mail

    Posted Apr 21, 2015 10:50 AM

    Hi

     

    We have setup a 'guest' wireless network for a customer using Instant 'guest' setup.  We are using the default VLAN (3333?) and using the internal DHCP / NATing, etc.

     

    Internet connectivity works fine but users can not access e-mail on thier devices.

     

    We have the following on the Aruba firewall

     

    DNS Allow

    DHCP Allow

    HTTP Allow

    HTTPS Allow

    POP3 Allow

    SMTP Allow

    PP2P Allow

    Allow Application Category Mail Protocols

    Allow Application Category Webmail Protocols

    Deny Everything Else

     

    Any ideas?

     

    Thanks

    David



  • 2.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 21, 2015 12:11 PM

    What role are the users in?

     

    Can you post the output of the following command?

     

    show rights <role>

     

    Where <role> is the role that the guest users have.

     

    Thanks

    James



  • 3.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 21, 2015 12:41 PM
    In additon to James question , what version of InstantOS are you running ?


  • 4.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 22, 2015 06:04 AM

    Hi Victor

     

    Currently running 6.4.2.3 on Instant 135.

     

    Regards

     

    David



  • 5.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 22, 2015 06:07 AM

    Hi James

     

    Sorry I maybe missing something but when I try running CLI and entering

     

    show rights guest

     

    It reports back a parse error. Show rights does not show when running

     

    Show ?

     

    Regards

     

    David



  • 6.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 22, 2015 06:19 AM

    Apologies I gave you a controller command... 

     

    Run the "show clients" command and post the output of the user who is having this issue.

     

    Try: "show access-rule guest"


    ...assuming the user is in the guest role and post back the result.

     

    Cheers

    James

     

     



  • 7.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 22, 2015 06:58 AM

    Hi James

     

    No problem.  Please see below:

     

    login as: admin
    admin@192.168.6.102's password:

    24:de:c6:c6:bc:00# show clients

    Client List
    -----------
    Name           IP Address     MAC Address        OS  Network  Access Point                             Channel  Type  Role   Signal    Speed (mbps)
    ----           ----------     -----------        --  -------  ------------                             -------  ----  ----   ------    ------------
    Davids-iPhone  172.31.99.224  a4:5e:60:72:95:d1      guest    24:de:c6:c6:bc:00                        124+     AN    guest  42(good)  135(good)
    Number of Clients   :1
    Info timestamp      :72248
    24:de:c6:c6:bc:00# show access-rule guest

    Access Rules
    ------------
    Dest IP  Dest Mask  Dest Match  Protocol (id:sport:eport)  Application                 Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
    -------  ---------  ----------  -------------------------  -----------                 ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
    any      any        match       dhcp                                                   permit         
    any      any        match       dns                                                    permit         
    any      any        match       https                                                  permit         
    any      any        match       http                                                   permit         
    any      any        match       smtp                                                   permit         
    any      any        match       pop3                                                   permit         
    any      any        match                                  appcategory webmail         permit         
    any      any        match                                  appcategory mail-protocols  permit         
    any      any        match       pptp                                                   permit         
    any      any        match       any                                                    deny           
    Vlan Id           :0
    ACL Captive Portal:disable
    ACL ECP Profile   :default
    CALEA             :disable
    Bandwidth Limit   :upstream disable
    24:de:c6:c6:bc:00#



  • 8.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Apr 22, 2015 09:22 AM

    Hi James

     

    We have added the follwoing ports onto the allow list and it is working

     

    IMAPIncoming143
    POPIncoming110
    SMTPOutgoing25, 80, 3535

    With SSLProtocol Type Port

    IMAPIncoming993
    POPIncoming995
    SMTPOutgoing465

    Thanks for looking it this

     

    Regards

     

    David



  • 9.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Mar 02, 2017 06:36 PM

    Hi James,

     

    Where can I input these ports for IMAP, POP3 and SMTP on Aruba Instant version 6.5.0.0-4.3.0.0_56428?



  • 10.  RE: Aruba Instant 'guest' network blocking e-mail

    EMPLOYEE
    Posted Mar 02, 2017 09:42 PM

    If you edit the SSID, in the last tab, there are security rules that determine if you have any rules, and what they are.



  • 11.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Mar 03, 2017 11:31 AM

    Hi Colin,

    Here is the configuration I set allowed to the IMAP, POP3 and SMTP to all destination but I still can get the emails.  Any assistance will be greatly appreciated.

     

    rule any any match tcp 110 110 permit
    rule any any match tcp 25 25 permit
    rule any any match app imap permit
    rule any any match app pop3 permit
    rule any any match app pop3s permit
    rule any any match app smtp permit
    rule any any match app smtps permit
    rule any any match appcategory webmail permit
    rule any any match any any any permit



  • 12.  RE: Aruba Instant 'guest' network blocking e-mail

    EMPLOYEE
    Posted Mar 03, 2017 12:08 PM

    There are other ports involved, especially for secure email:  https://www.lifewire.com/what-are-the-gmail-smtp-settings-1170854

     

     

     



  • 13.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Mar 03, 2017 12:38 PM

    Hi Colin,

    I inputted this settings on my iPhone and still not working.  On this version of Aruba Instant i don't see where to input the port# for the email server settings.



  • 14.  RE: Aruba Instant 'guest' network blocking e-mail

    Posted Jul 30, 2019 02:08 AM

    Try Less secure apps

     

    Log in to your Gmail account through a web browser and enable access through less secure apps . Less secure apps can make your account more vulnerable, Google will automatically turn this setting off if it's not being used. However, bypass this security setting with a configuration tweak within your Google Email Account .

     

    How "more secure apps" help to protect your account?

     

    Which level of access you're giving the client before you connect your Account.
    Client access only a relevant part of your Account, like your email or calendar.
    Connect your Google Account to the client without exposing your password.
    Disconnect your Google Account from the client at any time.