Controllerless Networks

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Contributor I

Aruba Airwave DMZ design with instants connecting from internet

Hey guys, I am looking to deploy an Airwave server in a DMZ and then allow instant AP's to connect from the internet. Looking at the configuration it looks like I need to allow 443 inbound from the internet to allow this connection, however that also opens up mgmt login for users. Is there a way to designate a seperate mgmt interface so that I don't open it up for logins like with clearpass or configure instants to connect on a different port than 443 as some examples? Obviously I can lock down the firewall to only the source IP's of the instants but I am trying to avoid that initally for various reasons. 


Thanks, 


Accepted Solutions
Highlighted
Valued Contributor II

Re: Aruba Airwave DMZ design with instants connecting from internet

Hi,

 

It is possible.

We can configure a customised port in AMP server. AMP Setup->General-->"Aruba Instant Options" section you find an option to change the default port number 443 to any other port # ranges from 1000 to 65534.

For your Ref :

L_BCAE.tmp.PNG

Try and let me know if you need any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]

View solution in original post


All Replies
Highlighted
Valued Contributor II

Re: Aruba Airwave DMZ design with instants connecting from internet

Hi,

 

It is possible.

We can configure a customised port in AMP server. AMP Setup->General-->"Aruba Instant Options" section you find an option to change the default port number 443 to any other port # ranges from 1000 to 65534.

For your Ref :

L_BCAE.tmp.PNG

Try and let me know if you need any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]

View solution in original post

Highlighted
New Contributor

Re: Aruba Airwave DMZ design with instants connecting from internet

Thanks and good that we can use the diff TCP port to listen only for IAPs. How about the below scenario?

1. Airwave on the Datacenter,

2. Some of IAP Branch locations are connecting through WAN to reach Airwave at DC

3. we have some of the IAP on the plain internet and want to manage using same airwave @ DC

 

What is your recommendation?

Can i seperate Internal IAP land External IAP listening ports?

Highlighted
Guru Elite

Re: Aruba Airwave DMZ design with instants connecting from internet

Unfortunately, they can only use the same listening port.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide