Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

qotd filter for 7005 controllers with vMM?

This thread has been viewed 14 times
  • 1.  qotd filter for 7005 controllers with vMM?

    Posted 14 days ago
    Hi,

    I have a number of 7005 controllers on a vMM using 8.6. My vulnerability scanner says it's vulnerable to QOTD scans. I wrote a policy rule at the top of the vMM tree to block TCP port 17. That should do it.

    But it doesn't seem to ... the vulnerability remains. I use "localIP" destinations, that are supposed to mean "all IPs on this controller". I added a new one that uses a destination of the network range for the controllers (a /16).

    What should a good rule look like to filter the QOTD (TCP & UDP port 17)? Is it OK to put at my first node (folder)? Does it need to be at the "Managed Network" level?

    Thanks,

    Ambi

    ------------------------------
    Ambidexter
    ------------------------------


  • 2.  RE: qotd filter for 7005 controllers with vMM?

    EMPLOYEE
    Posted 14 days ago
    Please download the hardening guide here:  https://support.hpe.com/hpesc/public/docDisplay?docId=a00107216en_us and search for "17/TCP"

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: qotd filter for 7005 controllers with vMM?

    Posted 10 days ago
    Hi,

    If I get on my vMM, and go to a site's controller, and do Configuration--> Services --> Firewall --> ACL Whitelist --> add an entry -->

    ipv4 any proto 6 17 17 deny no contract

    I get the following error message:

            "Error: Max CP firewall filter limit (97) reached"

    If I delete the current allow for tcp 17 and create a new one for the deny, will that clear the issue? And what is the issue? I have AP, PEF, and RF Protect on this vMM with proper license counts to cover this change.

    Thanks,

    A


    ------------------------------
    Ambidexter
    ------------------------------



  • 4.  RE: qotd filter for 7005 controllers with vMM?

    EMPLOYEE
    Posted 10 days ago
    The idea in the hardening documentation is not to block it, it is to indicate that it triggers false positives.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------