I managed finally to do it...
The thing is, i set up a rule to deny any from the guest pool ip to the mobility controlller as dest, but this rule wasn't the first one, i just moved it to the top and now works fine. i didn't know it should be the first otherwise don't work.
Original Message:
Sent: Jul 18, 2024 06:41 AM
From: ali.amokrane
Subject: Blocking port on virtual controller
i have an other question please :
i want to give guest ip from dhcp and block this range to access to the management port etc
how i can do that ?
Original Message:
Sent: Jul 18, 2024 06:22 AM
From: ali.amokrane
Subject: Blocking port on virtual controller
Hi, thank you for your reply
I done this but i still see the ports open with nmap !
Original Message:
Sent: Jul 18, 2024 04:51 AM
From: cordless
Subject: Blocking port on virtual controller
Hi,
have a look into the Hardening Guide - https://support.hpe.com/hpesc/public/docDisplay?docId=a00115011en_us
443/TCP HTTPS.
Used for captive portal authentication and WebUI administrative management. Always redirects to port 4343. This port is always open but may be blocked via inbound firewall feature if neither captive portal nor web UI access are needed.
80/TCP HTTP.
Accepts connections for both Captive Portal and for WebUI administrative management. Redirects to other ports using HTTPS. This port is always open but may be blocked via inbound firewall feature if neither captive portal nor web UI access are needed
So blocking this Ports via ACL in the role or SSID is the correct way to go.
Original Message:
Sent: Jul 17, 2024 12:45 PM
From: ali.amokrane
Subject: Blocking port on virtual controller
Hi,
I was looking to block some ports for the guest access, and i found how to do it from the virtual controller, (i done thise convigurations on the VC)
now, i done a test, as guest, i can not access to the internal network which is the thing im looking for but :
if i done an nmap 192.168.x.x (vc ip), i can see the tcp/80 port is open tcp /443 open
my question is : how to block ports like 80/tcp and 443/tcp for the guest even i done it already in the vc and i can't access to them but still see them as open
why i see them open ?
ps: i deny: ssh, http, https, telnet, icmp on the acl for this ssid already
Thank you