What ports are needed to allow an on-prem cnMaestro to communicate back and forth with AP/SMs? I want to make sure the firewall doesn't block the traffic. Thanks!
It appears that all communication from Maestro to the devices occurs over port 443, so for anyone on-prem you can turn the firewall on and restrict by ip (run commands as sudo or place in a shell script). Replace the x.x.x.x with the computer/network that is accessing Maestro and y.y.y.y with the ip of Maestro. Run this from the console rather than ssh so as not to lock yourself out of the ssh session.
# View current firewall rules and status of firewall
ufw status
# Start ufw (should enable on boot too)
ufw enable
# for ssh access
ufw allow from x.x.x.x to y.y.y.y port 22
# For web access
ufw allow from x.x.x.x to y.y.y.y port 443
# Restrict by network, if needed (fill in the cidr)
ufw allow from x.x.0.0/16 to y.y.y.y port 443
2 Likes