You responded to very old post.
Please follow the Hardening Guide (new link to the Support Portal). If you can't make this work, consult your Aruba partner or Aruba support.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 18, 2024 12:38 PM
From: ali.amokrane
Subject: Guest Network - nmap show open ports to controller
Could you please tell me how did you manage to do that ? That's what i need exactly
I posted an other message, but i didn't have the response i want.
what i mean which policy did you use, and how ?
thank you
Original Message:
Sent: Dec 02, 2020 01:55 PM
From: JOB CACKA
Subject: Guest Network - nmap show open ports to controller
After reviewing the above document I added a security rule to the User Role associated with the guest network. It simply denies any traffic to the controller IP address on that Guest SSID/subnet.
Clients are still able to go to the Web but are unable to detect open ports on the controller using nmap.
------------------------------
Thanks,
Job Cacka
Original Message:
Sent: Dec 02, 2020 11:00 AM
From: Job Cacka
Subject: Guest Network - nmap show open ports to controller
Thanks for the link Herman. That has the information I was looking for.
------------------------------
Job Cacka
Original Message:
Sent: Dec 02, 2020 04:13 AM
From: Herman Robers
Subject: Guest Network - nmap show open ports to controller
Please refer to the ArubaOS Hardening Guide. Chapter 5 (Typical Vulnerability Scan Results) has the list of open ports that you report and what to do with it.
In general, you should block any port that you don't need to minimize the attack surface, and you can do that with user-roles for your guest users.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
Original Message:
Sent: Dec 01, 2020 02:34 PM
From: Job Cacka
Subject: Guest Network - nmap show open ports to controller
We are in the process of setting up a guest network and I am running nmap scans across it to ensure we are blocking traffic to other networks and certain known ports that are highly susceptible to vulnerabilities (SMB, RDP, etc...).
In doing so I can see there are several open ports to the IP address assigned to the controller on that subnet.
Here are the open ports:
17/tcp
21/tcp
22/tcp
80/tcp
443/tcp
1723/tcp
4343/tcp
8080/tcp
8081/tcp
8082/tcp
8088/tcp
Should I deny all access to the controller on the Guest network?
Should I selectively block some ports/services and not others?
Should some of the services listed above be turned off in the controller's configuration? What commands do it?
------------------------------
Thanks,
Job
------------------------------