Wireless Access

Reply
Occasional Contributor II

Connecting a RAP to controller with public IP

I'm connecting a RAP to a public IP on one of my 7240 controllers.  We are a university that doens't have a DMZ.  There is a firewall between the RAP and the controller.  UDP port 4500 is being allowed through the friewall to the controller public IP and any udp port out to the RAP.  The RAP comes up and is working.

Our concern is the any udp being opened out to the RAP.  Is there a way to limit what udp ports are used out to the RAP from the controller?  That way we could add a firewall rule to only allow thoses ports out to the RAP.  We are seeing udp ports above 60000 back out to the RAP.

William Cummings
NC State University
Guru Elite

Re: Connecting a RAP to controller with public IP

Honestly, that's the way it should work.  Every device on the high security side (inside of the firewall), should be able to initate or reply to any connection outbounds.  You are already restricting the inbounds traffic and that is what counts.

 

EDIT: responses to an inbounds UDP 4500 connection could have a random source port, so you cannot really plan on what port would be used over 1024.  Allowing the controller to answer on any port is the right thing to do.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Connecting a RAP to controller with public IP

Thanks for confirming that is way it should work Colin.  I just needed confirmation that the controller couldn't limit the outbound ports to the controller.

William Cummings
NC State University
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: