Dell 6.2 Server User Manual

Open as PDF

of 869

DellPowerConnectW-SeriesArubaOS6.2 | User Guide ExternalFirewallConfiguration | 507

Chapter 29

External Firewall Configuration

In many deployment scenarios, an external firewall is situated between Dell devices. This appendix describes the

network ports that need to be configured on the external firewall to allow proper operation of the Dell network. You

can also use this information to configure session ACLs to apply to physical ports on the controller for enhanced

security. Note, however, that this appendix does not describe requirements for allowing specific types of user traffic

on the network.

NOTE: A controller uses both its loopback address and VLAN addresses for communications with other network elements. If the

firewall uses host-specific ACLS, those ACLs must specify all IP addresses used on the controller.

Topics in this chapter include:

l "Understanding Firewall Port Configuration Among Dell Devices" on page 507

l "Enabling Network Access" on page 508

l "Ports Used for Virtual Internet Access (VIA)" on page 508

l "Configuring Ports to Allow Other Traffic Types" on page 508

Understanding Firewall Port Configuration Among Dell Devices

This section describes the network ports that need to be configured on the firewall to allow proper operation of the

network.

Between any two Dell controllers:

l IPSec (UDP ports 500 and 4500) and ESP (protocol 50). PAPI between a master and a local controller is

encapsulated in IPSec.

l IP-IP (protocol 94) and UDP port 443 if Layer-3 mobility is enabled.

l GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.

l IKE (UDP 500).

l ESP (protocol 50).

l NAT-T (UDP 4500).

Between an AP and the controller:

l PAPI (UDP port 8211). If the AP uses DNS to discover the LMS controller, the AP first attempts to connect to

the master controller. (Also allow DNS (UDP port 53) traffic from the AP to the DNS server.)

l PAPI (UDP port 8211). All APs running as Air Monitors (AMs) require a permanent PAPI connection to the

master controller.

l FTP (TCP port 21).

l TFTP (UDP port 69) all APs, if there is no local image on the AP (for example, a new AP) the AP will use TFTP

to retrieve the initial image.

l SYSLOG (UDP port 514).

l PAPI (UDP port 8211).

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell 6.2 Server User Manual