Firewall Ports to Open for RUCKUS LTE AP Management
The following table lists the ports that must be opened in the network firewall to ensure that managed APs, guest users, DNS servers that can communicate successfully with RUCKUS LTE AP Management.
| From (Sender) | To (Listener) | Port | Purpose | Symptoms When Blocked |
|---|---|---|---|---|
| Admin | Any | TCP:443 | Login and access tenant account for managing tenant APs | The AP Management portal is inaccessible. |
| AP | LTE AP Management | UDP:4500 | Used for NAT traversal | Connection to the management fails. |
| AP | LTE AP Management | UDP:500 | Used for IKE and management | Connection to the management fails. |
| AP | LTE AP Management | IP: 50 | ESP | Connection to the management fails. |
| AP | LTE AP Management | TCP:22 | SSH tunnel between the AP and RUCKUS Cloud for management and control traffic |
|
| AP | LTE AP Management | TCP:443 | Discovery of vSZ | This port is only used when an AP is first added to a tenant account. If this port is blocked, an AP cannot connect to the AP Management after a factory-reset. |
| AP | RUCKUS AP Registrar | TCP:443 | Query vSZ associated with registered AP | This port is only used when an AP is first added to a tenant account. If this port is blocked, any factory-reset an AP cannot connect to the AP Management after a factory-reset. |
| AP | RUCKUS NTP Server (ntp.ruckuswireless.com) | UDP:123 | Synchronization of the AP clock with the NTP server | The LTE AP may not become operational. |
| AP | DNS server (provided by local DHCP) | TCP/UDP:53 | Query to resolve RUCKUS AP Registrar's FQDN | This port is only used when an AP is first added to a tenant account. If this port is blocked, an AP cannot connect to the AP Management after a factory-reset. |
| AP | Commscope SAS | TCP/8443 SSL | AP to SAS communication | The SAS communicaiton would be blocked. |
| AP | Satellite Data Service | TCP/80 HTTP | XTRA Predicted Satellite Data Service | The Satellite Data Service would be blocked. |