DMZ doesn't forward port 80 or whatever port "Separate" management interface is using ?

Is this a bug or intentional ? Comeing from Canopy I was accustom to DMZ forwarding not affecting the management interface (or visa versa) because it is after all a separate interface with separate ip/subnet and doesn't really have anything to do with the public interface ip/subnet.  This makes sense.

However apparently even if you are using a separate management interface on a different ip/subnet with ePMP it is somehow affected by port forwarding and DMZ on the public interface.  Is this a bug or intentional or something that can't be helped due to the chipset being used for ePMP ?

Edit: Would really like to know if this is something that is not going to change so I can plan accordingly.

I don’t think that’s expected behavior. We’ve got cnpiolots we manage behind 3.2.2 cpes using dmz and not having trouble. See if setting your port to 81 clears it up for some reason

1 Like

I made Cambium aware of a bug where the management GUI somehow becomes accessible on the WAN aka main wireless interface for NAT mode SMs w/ separate wireless management enabled. It has something to do with applying network related changes. Sri said they reproduced it and will get it fixed for the next release.

What will fix this is a reboot of the SM. Have you tried that? I wonder if it's related.

Are the cnpiolots using the same port as the management interface on the radio ? 

What we are seeing is that whatever port the management interface is using that port will not be forwarded by DMZ.  So if the management interface is on port 80 and the customer's security cameras are using port 80 then their cameras will not work until the radio's managment interface is moved to some other port (even though the interface is on an entirely different IP/subnet).

If the management interface was on the same subnet as the wireless interface on the radio then I would expect this behavior (we used port 777 for the management interface on Ubiquitis because they did not have a separate ip/subnet for the management interface and many customers these days need port 80 forwarded)  However we never had to do this on the old Canopy gear and I  assumed it was because  the management interface was on an entirely different ip/subnet.

Edit: we are using 3.2.1 so possibly 3.2.2 changes this behavior.

This was never answered and as of 3.4.1 DMZ on the public wireless interface still does not forward whatever port (Port 80 by default) is being used by the separate management interface. 

Would be nice to get an official "Yes this is working as intended" or "No, oops, bug. Will be fixed."