Tranzeo Wireless Technologies Inc GNVPZ1NT3 Manuale Utente
Chapter 15: Controlling Access to the EnRoute500
TR0153 Rev. E1
112
15 Controlling Access to the EnRoute500
The EnRoute500 supports the following features for restricting access to it, restricting inter-
client device communication and access to mesh devices, and shielding client devices from an
external network:
• Firewall
• Client-to-client communication blocking
• Gateway firewall
It further supports controlled network access by client devices through MAC address black lists
and mesh association through MAC white lists.
client device communication and access to mesh devices, and shielding client devices from an
external network:
• Firewall
• Client-to-client communication blocking
• Gateway firewall
It further supports controlled network access by client devices through MAC address black lists
and mesh association through MAC white lists.
15.1 Firewall
The EnRoute500 has a firewall that blocks certain types of traffic destined for the EnRoute500.
This prevents client devices attached to an EnRoute500 and devices on the mesh gateway
WAN from connecting to the gateway.
This prevents client devices attached to an EnRoute500 and devices on the mesh gateway
WAN from connecting to the gateway.
The default firewall rules only affect packets destined for the EnRoute500, and have
no effect on packets forwarded by the device. The firewall should typically be
enabled on all EnRoute500s since it prevents undesired access to the mesh
devices.
no effect on packets forwarded by the device. The firewall should typically be
enabled on all EnRoute500s since it prevents undesired access to the mesh
devices.
By default, the ports listed in Table 14 are set to be allowed for connection to the EnRoute500.
Function
Port(s)
Type
Protocol
SSH
22
Source & destination
TCP
DNS
53
Source & destination
UDP
DHCP
67, 68
Destination
UDP
HTTP
80
Destination
TCP
SNMP
161
Source & destination
UDP
HTTPS
443
Destination
TCP
HTTP redirect (if splash pages are
enabled)
enabled)
3060
Destination
TCP
Roaming support
7202 – 7205,
7207
Destination
UDP
OnRamp
20123
Source & destination
UDP
Table 14. Source and destination ports allowed by default