Access points, Firewall rules required. (Aware of the CAPWAP, 80/443)

  • 1
  • Question
  • Updated 5 years ago
  • Answered

Can I please check a couple of things please.
I am aware that I can send CAPWAP via HTTP or add a proxy server to the AP.

However a customer is asking for the source (I know i control this) and the destination of the requests. What are the Aerohive addresses i need to supply for destination.
It may be worth noting I have 2 on premise Hive Manager appliances, I take It that I will need to supply these too.
Photo of Lee Byatt

Lee Byatt

  • 4 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
As HMOL is cloud hosted, this is always going to be a moving goal post so what you are asking for is not at all realistic or sensible.

If you want to do this properly you should constrain based on the source IP address ranges for the APs and then the destination ports and/or protocols in use, not destination address ranges.

You should also not use CAPWAP via HTTP unless absolutely necessary as it has performance implications. (This is usually where you cannot get things configured optimally as you cannot realistically get access to the systems necessary to do so for whatever reason.)