Wireless Access

Hey all,

Due to the customers circumstances we have enabled access to the outside world via an inbound NAT on the firewall. This is working okay without issues and they can access the GPP however it also appears that I can login using the management credentials as well. At the moment I don't believe I can restrict the source of the inbound NAT so need a way of denying access to the management UI via the same inbound NAT.

Any suggestions? Thanks in advance....

If you deny traffic to port tcp 4343, a user should not be able to get to the portal.  Does this help?

I'm afraid it doesn't, I've tried this but there is a re-direct from 4343 to 80 for the GPP :(

Where are you doing inbound NAT and why?  A session can be redirected to port 4343, but if you are not allowing it....the connection cannot be made.

I'm doing an inbound NAT on the upstream firewall. Since the deployment is used only for guest access there is no corporate access to the GPP. So in order to provision an account the corporate users browse to an external NAT on the firewall which translates to GPP on the Aruba. I could look at restricting the firewall policy however I was just wondering if there was another method on the Aruba.

My main concern is that we have no IP restrictions on the outside world to the management UI on the Aruba

:)