Security

 View Only
last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Blocking port on virtual controller

This thread has been viewed 23 times
  • 1.  Blocking port on virtual controller

    Posted Jul 17, 2024 12:45 PM

    Hi, 

    I was looking to block some ports for the guest access, and i found how to do it from the virtual controller,  (i done thise convigurations on the VC)

    now, i done a test, as guest, i can not access to the internal network which is the thing im looking for but :

    if i done an nmap 192.168.x.x (vc ip), i can see the tcp/80 port is open tcp /443 open 

     my question is : how to block ports like 80/tcp and 443/tcp for the guest even i done it already in the vc and i can't access to them but still see them as open  

    why i see them open ? 

    ps: i deny: ssh, http, https, telnet, icmp on the acl for this ssid already

    Thank you



  • 2.  RE: Blocking port on virtual controller

    EMPLOYEE
    Posted Jul 18, 2024 04:51 AM

    Hi,

    have a look into the Hardening Guide - https://support.hpe.com/hpesc/public/docDisplay?docId=a00115011en_us

    443/TCP HTTPS.

    Used for captive portal authentication and WebUI administrative management. Always redirects to port 4343. This port is always open but may be blocked via inbound firewall feature if neither captive portal nor web UI access are needed.

    80/TCP HTTP.

    Accepts connections for both Captive Portal and for WebUI administrative management. Redirects to other ports using HTTPS. This port is always open but may be blocked  via inbound firewall feature if neither captive portal nor web UI access are needed 

    So blocking this Ports via ACL in the role or SSID  is the correct way to go.




  • 3.  RE: Blocking port on virtual controller

    Posted Jul 18, 2024 06:22 AM

    Hi, thank you for your reply

    I done this but i still see the ports open with nmap ! 




  • 4.  RE: Blocking port on virtual controller

    Posted Jul 18, 2024 06:41 AM

    i have an other question please :
    i want to give guest ip from dhcp and block this range to access to the management port etc 
    how i can do that ? 




  • 5.  RE: Blocking port on virtual controller

    Posted Jul 19, 2024 12:20 PM

    I managed finally to do it...

    The thing is, i set up a rule to deny any from the guest pool ip to the mobility controlller as dest, but this rule wasn't the first one, i just moved it to the top and now works fine. i didn't know it should be the first otherwise don't work.

    Thanks