Thank you Victor!
If I see well the following ports and directions have to setup on the firewall, to the connection will be good. And it can be said that all of the following connections initiate from the AP itself.
Please correct it if it is wrong.
source: AP, destination: controller, service: DHCP
source: AP, destination: controller, service: PAPI
source: AP, destination: controller, service: FTP, TFTP
source: AP, destination: controller, service: GRE
source: AP, destination: controller, service: udp 4500
source: AP, destination: controller, service: NTP
source: AP, destination: controller, service: SYSLOG
If I turn on the CPSEC do I need to allow ntp and syslog traffic or those are going through the IPSEC tunnel as well as the others?
Thank you!
Zs