Wireless Access

Reply
MVP
Posts: 432
Registered: ‎07-26-2011

Inbound NAT to GPP but deny access to managment UI

Hey all,

 

Due to the customers circumstances we have enabled access to the outside world via an inbound NAT on the firewall. This is working okay without issues and they can access the GPP however it also appears that I can login using the management credentials as well. At the moment I don't believe I can restrict the source of the inbound NAT so need a way of denying access to the management UI via the same inbound NAT.

 

Any suggestions? Thanks in advance....

 

ACMA, ACMP
If my post addresses your query, give kudos:)
Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Re: Inbound NAT to GPP but deny access to managment UI

If you deny traffic to port tcp 4343, a user should not be able to get to the portal.  Does this help?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 432
Registered: ‎07-26-2011

Re: Inbound NAT to GPP but deny access to managment UI

I'm afraid it doesn't, I've tried this but there is a re-direct from 4343 to 80 for the GPP :(

ACMA, ACMP
If my post addresses your query, give kudos:)
Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Re: Inbound NAT to GPP but deny access to managment UI

Where are you doing inbound NAT and why?  A session can be redirected to port 4343, but if you are not allowing it....the connection cannot be made.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 432
Registered: ‎07-26-2011

Re: Inbound NAT to GPP but deny access to managment UI

I'm doing an inbound NAT on the upstream firewall. Since the deployment is used only for guest access there is no corporate access to the GPP. So in order to provision an account the corporate users browse to an external NAT on the firewall which translates to GPP on the Aruba. I could look at restricting the firewall policy however I was just wondering if there was another method on the Aruba.

 

My main concern is that we have no IP restrictions on the outside world to the management UI on the Aruba

 

:)

 

 

ACMA, ACMP
If my post addresses your query, give kudos:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: