cancel
Showing results for 
Search instead for 
Did you mean: 

ZoneDirector 10.5.1.0.124 behind a firewall - AP upgrade broken

ms264556
Contributor III

Is there updated guidance for firewall ports to open, for ZoneDirector 10.5.1?

I did an upgrade to 10.5.1.0.124, and all of my APs (R600s, H510s, R650s) failed to upgrade.

I reverted to 10.5.0.0.212, turned on Secured AP Image Upgrade, and re-attempted the upgrade. Now all the APs updated, but the APs at remote sites kept rebooting with config sync errors: "Configuration update request failed".

I notice in the release notes for 10.5.1.0.124, the new feature:-

Replace FTP with HTTPS
As a security enhancement, File Transfer Protocol (FTP) is replaced with Hypertext Transfer Protocol Secure (HTTPS).

Do I need to let port 443 traffic through my firewall for the configuration upgrade to succeed?
(I have a reverse proxy on port 443 of the firewall currently, so this would be a significant infrastructure change).

5 REPLIES 5

pieter_schepens
New Contributor III

There's a workaround: you can enable "Legacy AP Image Upgrade" to perform the upgrade via FTP and not with HTTPS (cfr. https://docs.commscope.com/bundle/zd-10.5.1-userguide/page/GUID-68CEB800-AFC8-4944-838F-9696921BD6FF...).

If you use HTTPS: TCP 11443 must be open between the AP and the ZoneDirector (https://docs.commscope.com/bundle/zd-10.5.1-userguide/page/GUID-0CF2BF2B-7D54-4C73-B492-99A5423D3E14...). 

ms264556
Contributor III

Yes, I had TCP 11443 whitelisted and this got the APs upgraded.

But the config sync seems to use some other mechanism.

@anthony_rielly 

Except for 11443, you need to enable HTTPs default port 443 for AP configuration after upgrading to ZD10.5.1.

As I said, it's really inconvenient to have the firewall send all 443 traffic to the ZoneDirector. My intranet currently lives there.

This is a major change from previous releases.

Unless this is part of a plan to make ZoneDirector unattractive & force owners towards SmartZone/Cloud, then I hope Ruckus reconsider for the next release.