Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Connecting a RAP to controller with public IP

This thread has been viewed 1 times

  • 1.  Connecting a RAP to controller with public IP

    Posted Feb 28, 2018 12:43 PM

    I'm connecting a RAP to a public IP on one of my 7240 controllers.  We are a university that doens't have a DMZ.  There is a firewall between the RAP and the controller.  UDP port 4500 is being allowed through the friewall to the controller public IP and any udp port out to the RAP.  The RAP comes up and is working.

    Our concern is the any udp being opened out to the RAP.  Is there a way to limit what udp ports are used out to the RAP from the controller?  That way we could add a firewall rule to only allow thoses ports out to the RAP.  We are seeing udp ports above 60000 back out to the RAP.



  • 2.  RE: Connecting a RAP to controller with public IP
    Best Answer

    EMPLOYEE
    Posted Feb 28, 2018 01:04 PM

    Honestly, that's the way it should work.  Every device on the high security side (inside of the firewall), should be able to initate or reply to any connection outbounds.  You are already restricting the inbounds traffic and that is what counts.

     

    EDIT: responses to an inbounds UDP 4500 connection could have a random source port, so you cannot really plan on what port would be used over 1024.  Allowing the controller to answer on any port is the right thing to do.



  • 3.  RE: Connecting a RAP to controller with public IP

    Posted Feb 28, 2018 02:16 PM

    Thanks for confirming that is way it should work Colin.  I just needed confirmation that the controller couldn't limit the outbound ports to the controller.