This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ports needed open for remote connection to ZD1100

mark_young_6200
New Contributor III

‎01-06-2014 06:52 AM

Which ports need to be left open for the ZD to communicate remotely?.

Is the port needed hard coded in the Ruckus OS?
3 REPLIES 3

mark_young_6200
New Contributor III

‎01-06-2014 10:14 PM

This is strange...if i close TCP ports above 49152 i lose remote connectivity to the ZD (that is - i am off site and connecting to ZD remotely)

When i remove the TCP blocks on ports above 49152 ...i can get back in to the ZD.

Is the port we are communicating with the ZD through configurable?

Ideally i would like the port used to be below 1024. Is this possible?
0 Kudos

keith_redfield
Valued Contributor II

‎01-07-2014 09:02 AM

Hi Mark, this is a weak KB article, but probably will give some insight.

https://support.ruckuswireless.com/an...
(found with query "ports" - 4th result)

The ZD was not designed as a cloud service and so you'll find it a bit limited in terms of flexibility in ports/protocols.

But from your description above it sounds like you are just using SSH or web UI from the remote site? In that case, you have a well-known (< 1024) going in, but TCP uses a random high port (w established bit set) coming back - so you can't block those, but they should be outbound (and thus not much of a security concern anyway...). You can filter on whether the established bit is set however (for TCP at least..)

You don't really want well-known ports in both directions - that would be a security concern.

The best practice model would be to tunnel all AP/ZD traffic inside a VPN tunnel provided by another device.
0 Kudos

mark_young_6200
New Contributor III

‎01-07-2014 12:15 PM

Yes that is exactly it - i am remote from site and logging into web UI from far away. I blocked all outgoing ports above 10000 TCP and UDP. This service is running in a hotel - not a corporate office, so no real need to support every little obscure service. What i found was that every time i opened port range 49152 - 65535 things worked again. So i concluded the ZD was using high range ports - just not sure why it was doing that.

So what you say above makes perfect sense. Cant tunnel traffic in a VPN as we go over satellite for the WAN link - too much of a performance hit unless we get into expensive WAN accelerators on both ends of the link.
0 Kudos
Copyright © 2024 Khoros, LLC