Looking for some assistance in locating documentation which describes how the outside interface of a Branch Controller connected to a VPN tunnel is secured. For instance a Cisco ASA firewall has the concept of a defined outside insterface that blocks all by default. Aruba has all ports as untrusted but in the case of the Branch controllers there is a DHCP port (last controller port) that allows some types of access for the Zero Touch Provisioning. Is there a guide that shows what ports are open on this interface? It must allow IPSec 50, 4500, DNS, DHCP etc... Is this like an ACL assigned to that port by default I can look at to see what access is allowed?