This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

How to block ports?

andy_emerine
New Contributor

‎11-07-2016 08:23 AM

I need to block some standard VPN ports on the Ruckus. I think blocking these ports will keep most of the VPN apps under control, and will give us a trail of breadcumbs to see who's trying to VPN. How do I do this? Step-by-step directions would be fantastic!

UDP/80
UDP/443
UDP/500
TCP/1723
UDP/4500
5 REPLIES 5

max_o_driscoll
Valued Contributor

‎11-07-2016 08:39 AM

On ZD

configure
access control
L2-L7 Access control
L3/4IP address Access control

screenshot below
caveat: test, test again and beware of unintended consequences when you start denying things or rely on "deny" as a form of firewall security!

Image_ images_messages_5f91c42d135b77e2479a3906_25f6e5d89cf6968e4ac4e9c7dc86b0cd_RackMultipart20161107654171cjj-02786ad6-9492-4536-8c21-1240f7019307-1037994932.jpg1478536853

...you have to name the rule and then apply it to a WLAN (or several).

Edit WLAN and apply relevant rule in drop down of access control.
0 Kudos

andy_emerine
New Contributor

‎11-07-2016 09:39 AM

How do I specify UDP or TCP?
0 Kudos

max_o_driscoll
Valued Contributor

‎11-08-2016 01:57 AM

That's why I suggested testing. The ZD is not that granular - it is not a firewall and is not intended as such. The protocol list is fairly limited and probably doesn't cover your needs.

Typing 80 into port and UDP into the protocol box produces this response...so if you know the correct numbering scheme then you might get further along. Have fun.

Image_ images_messages_5f91c42e135b77e2479a476f_03212861865a98a82381bf5322afedef_RackMultipart2016110822809a930-f08d8c27-e914-4d81-8e54-8c947172bc77-276067469.jpg1478598961
0 Kudos

max_o_driscoll
Valued Contributor

‎11-08-2016 02:04 AM

From the ruckus ZD help manual (4th bullet point is the one you need)

                   =======================
Define each access policy by configuring a combination of the following:

    • Type: The access privilege (allow or deny) that this policy grants.

    • Destination Address: Enter an IP subnet and netmask of the network target to which you want to allow or deny access. (IP address must be in the format A.B.C.D/M, where M is the subnet mask.) Otherwise, select Any. For example, if you enter 192.168.0.1/24, the rule would allow or deny the entire Class C subnet. To allow/deny a single host, use /32 as the netmask.

    • Application: If you select a specific application from the menu, the Protocol and Destination Port options are automatically filled with the relevant values and are not configurable.

    • Protocol: Enter a network protocol number (0-254), as defined by the IANA (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) to allow or deny. Otherwise, select Any.

    • Destination Port: Enter a valid port number (1-65534) or port range (e.g., 80-443).

      ========================
      UDP is 17 on that (IANA) list. Perhaps you can make this work. I've learned something new - hooray!

    0 Kudos
    Copyright © 2025 Khoros, LLC
    Top

    Type a product name