Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Branch Controller Security

This thread has been viewed 0 times

  • 1.  Branch Controller Security

    Posted Apr 08, 2016 11:46 AM

    Looking for some assistance in locating documentation which describes how the outside interface of a Branch Controller connected to a VPN tunnel is secured.  For instance a Cisco ASA firewall has the concept of a defined outside insterface that blocks all by default.  Aruba has all ports as untrusted but in the case of the Branch controllers there is a DHCP port (last controller port) that allows some types of access for the Zero Touch Provisioning.  Is there a guide that shows what ports are open on this interface?  It must allow IPSec 50, 4500, DNS, DHCP etc...  Is this like an ACL assigned to that port by default I can look at to see what access is allowed?

     

     



  • 2.  RE: Branch Controller Security

    EMPLOYEE
    Posted Apr 08, 2016 11:49 AM
    You can add a session ACL to the interface if it's Internet facing.

    Sent from Nine<>


  • 3.  RE: Branch Controller Security

    Posted Apr 08, 2016 11:57 AM

    Thanks Tim.  I am going to look at one later I do not have any in branch mode but I have to assume there is a default ACL already applied OR the port allows all.

     

     



  • 4.  RE: Branch Controller Security

    EMPLOYEE
    Posted Apr 08, 2016 12:01 PM
    Unless you've configured otherwise, the port should be trusted.

    Sent from Nine<>