Open port between SZ100 and firewall

  • 1
  • Question
  • Updated 11 months ago
  • Answered
Hi all, 

I would like to map SZ100 to external ip, but i don't want to using Full NAT for this.

And i would like to open those port SZ100 need in firewall.

Please help to tell which port i need to open?

As i know, I need to open port TCP 8443 was access the page, UDP 12222 and UDP 12223 for AP.

But how about guest pass or other function.

Best regards,
Tom
Photo of Tom Cheung

Tom Cheung

  • 1 Post
  • 0 Reply Likes

Posted 11 months ago

  • 1
Photo of Dionis

Dionis, AlphaDog

  • 70 Posts
  • 36 Reply Likes
Hello Tom,

This is a simple matter and surely can be done. 

Here is the ports you need, but be ware of some caveats, read at the end for details on those.

Management interface access from outside in on port 8443
AP firmware upgrade and other functions port TCP 11443
AP Stats and other info on port 91
AP to controller communication and configuration updates, etc.. port 22
AP to controller registration on port 443
Wispr portal on controller 9998
AP hosted WISPr portal 9997
API access for SWIPE and other tools on port 7443
AP to dataplane tunneling for client data if you are tunneling to the controller on port 23233 TCP/UDP on this one
All ports are TCP with exception of those mentioned

You do not need ports 12223 and 12222 unless you have legacy APs currently in ZoneDirectors that you want to migrate.

Now, caveats:

All ports listed above should be targeting your control plane/management plane with exception of dataplane ports listed 23233 which should be targeting your data plane of the controller.

This is true if you configured the SZ100 in a two port group configuration, if you use one single IP for the entire unit and a single port group, then all ports should target that IP when you do your PAT at your firewall/router.


Hope this helps.