Wireless Access

Hello,

AOS version 8.10.0.4
active and standby MCs
2x clusters

Our security team run Nessus scans and they are highlighting HSTS headers being missing on our MCs (active and standby). I'm not sure what this is telling us, obviously those (the MCs) aren't used for the captive portal (are they?) - would the CP be the normal culprit for this kind of warning? We don't get the warning for our cluster members which have a public cert configured for the captive portal, so in the meantime I have just done the same for the MCs. I'd like to understand this a bit more if anyone can fill me in?

Guy

There is a management login interface in the GUI.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Nov 01, 2022 05:37 AM
From: Guy Goodrick
Subject: Security scan warnings about HSTS on MCs

Hello,

AOS version 8.10.0.4
active and standby MCs
2x clusters

Our security team run Nessus scans and they are highlighting HSTS headers being missing on our MCs (active and standby). I'm not sure what this is telling us, obviously those (the MCs) aren't used for the captive portal (are they?) - would the CP be the normal culprit for this kind of warning? We don't get the warning for our cluster members which have a public cert configured for the captive portal, so in the meantime I have just done the same for the MCs. I'd like to understand this a bit more if anyone can fill me in?

Guy