Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

qotd filter for 7005 controllers with vMM?

This thread has been viewed 15 times
  • 1.  qotd filter for 7005 controllers with vMM?

    Posted Jun 16, 2022 04:39 PM
    Hi,

    I have a number of 7005 controllers on a vMM using 8.6. My vulnerability scanner says it's vulnerable to QOTD scans. I wrote a policy rule at the top of the vMM tree to block TCP port 17. That should do it.

    But it doesn't seem to ... the vulnerability remains. I use "localIP" destinations, that are supposed to mean "all IPs on this controller". I added a new one that uses a destination of the network range for the controllers (a /16).

    What should a good rule look like to filter the QOTD (TCP & UDP port 17)? Is it OK to put at my first node (folder)? Does it need to be at the "Managed Network" level?

    Thanks,

    Ambi

    ------------------------------
    Ambidexter
    ------------------------------


  • 2.  RE: qotd filter for 7005 controllers with vMM?

    EMPLOYEE
    Posted Jun 16, 2022 09:55 PM
    Please download the hardening guide here:  https://support.hpe.com/hpesc/public/docDisplay?docId=a00107216en_us and search for "17/TCP"

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: qotd filter for 7005 controllers with vMM?

    Posted Jun 20, 2022 01:20 PM
    Hi,

    If I get on my vMM, and go to a site's controller, and do Configuration--> Services --> Firewall --> ACL Whitelist --> add an entry -->

    ipv4 any proto 6 17 17 deny no contract

    I get the following error message:

            "Error: Max CP firewall filter limit (97) reached"

    If I delete the current allow for tcp 17 and create a new one for the deny, will that clear the issue? And what is the issue? I have AP, PEF, and RF Protect on this vMM with proper license counts to cover this change.

    Thanks,

    A


    ------------------------------
    Ambidexter
    ------------------------------



  • 4.  RE: qotd filter for 7005 controllers with vMM?

    EMPLOYEE
    Posted Jun 20, 2022 05:17 PM
    The idea in the hardening documentation is not to block it, it is to indicate that it triggers false positives.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------