Ports needed open for remote connection to ZD1100

  • 1
  • Question
  • Updated 4 years ago
Which ports need to be left open for the ZD to communicate remotely?.

Is the port needed hard coded in the Ruckus OS?
Photo of Mark Young

Mark Young

  • 28 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Mark Young

Mark Young

  • 28 Posts
  • 0 Reply Likes
This is strange...if i close TCP ports above 49152 i lose remote connectivity to the ZD (that is - i am off site and connecting to ZD remotely)

When i remove the TCP blocks on ports above 49152 ...i can get back in to the ZD.

Is the port we are communicating with the ZD through configurable?

Ideally i would like the port used to be below 1024. Is this possible?
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
Hi Mark, this is a weak KB article, but probably will give some insight.

https://support.ruckuswireless.com/an...
(found with query "ports" - 4th result)

The ZD was not designed as a cloud service and so you'll find it a bit limited in terms of flexibility in ports/protocols.

But from your description above it sounds like you are just using SSH or web UI from the remote site? In that case, you have a well-known (< 1024) going in, but TCP uses a random high port (w established bit set) coming back - so you can't block those, but they should be outbound (and thus not much of a security concern anyway...). You can filter on whether the established bit is set however (for TCP at least..)

You don't really want well-known ports in both directions - that would be a security concern.

The best practice model would be to tunnel all AP/ZD traffic inside a VPN tunnel provided by another device.
Photo of Mark Young

Mark Young

  • 28 Posts
  • 0 Reply Likes
Yes that is exactly it - i am remote from site and logging into web UI from far away. I blocked all outgoing ports above 10000 TCP and UDP. This service is running in a hotel - not a corporate office, so no real need to support every little obscure service. What i found was that every time i opened port range 49152 - 65535 things worked again. So i concluded the ZD was using high range ports - just not sure why it was doing that.

So what you say above makes perfect sense. Cant tunnel traffic in a VPN as we go over satellite for the WAN link - too much of a performance hit unless we get into expensive WAN accelerators on both ends of the link.