Manualshelf

User's Manual

ManualsBrandsTranzeo Wireless Technologies ManualsElectronicsWIRELESS MESH ROUTER
111112113114115116117118119120
Chapter 15: Controlling Access to the EnRoute500
TR0153 Rev. E1 112
15 Controlling Access to the EnRoute500
The EnRoute500 supports the following features for restricting access to it, restricting inter-
client device communication and access to mesh devices, and shielding client devices from an
external network:
Firewall
Client-to-client communication blocking
Gateway firewall
It further supports controlled network access by client devices through MAC address black lists
and mesh association through MAC white lists.
15.1 Firewall
The EnRoute500 has a firewall that blocks certain types of traffic destined for the EnRoute500.
This prevents client devices attached to an EnRoute500 and devices on the mesh gateway
WAN from connecting to the gateway.
The default firewall rules only affect packets destined for the EnRoute500, and have
no effect on packets forwarded by the device. The firewall should typically be
enabled on all EnRoute500s since it prevents undesired access to the mesh
devices.
By default, the ports listed in Table 14 are set to be allowed for connection to the EnRoute500.
Function Port(s) Type Protocol
SSH 22 Source & destination TCP
DNS 53 Source & destination UDP
DHCP 67, 68 Destination UDP
HTTP 80 Destination TCP
SNMP 161 Source & destination UDP
HTTPS 443 Destination TCP
HTTP redirect (if splash pages are
enabled)
3060 Destination TCP
Roaming support
7202 – 7205,
7207
Destination UDP
OnRamp 20123 Source & destination UDP
Table 14. Source and destination ports allowed by default