Firewall Ports to Open for RUCKUS LTE AP Management

The following table lists the ports that must be opened in the network firewall to ensure that managed APs, guest users, DNS servers that can communicate successfully with RUCKUS LTE AP Management.

Table 1. Ports Required for RUCKUS LTE AP Management Communication
From (Sender) To (Listener) Port Purpose Symptoms When Blocked
Admin Any TCP:443 Login and access tenant account for managing tenant APs The AP Management portal is inaccessible.
AP LTE AP Management UDP:4500 Used for NAT traversal Connection to the management fails.
AP LTE AP Management UDP:500 Used for IKE and management Connection to the management fails.
AP LTE AP Management IP: 50 ESP Connection to the management fails.
AP LTE AP Management TCP:22 SSH tunnel between the AP and RUCKUS Cloud for management and control traffic
  • The AP is unable to connect to the AP Management, DIR LED is off.
  • Tenant account shows that AP is disconnected.
AP LTE AP Management TCP:443 Discovery of vSZ This port is only used when an AP is first added to a tenant account. If this port is blocked, an AP cannot connect to the AP Management after a factory-reset.
AP RUCKUS AP Registrar TCP:443 Query vSZ associated with registered AP This port is only used when an AP is first added to a tenant account. If this port is blocked, any factory-reset an AP cannot connect to the AP Management after a factory-reset.
AP RUCKUS NTP Server (ntp.ruckuswireless.com) UDP:123 Synchronization of the AP clock with the NTP server The LTE AP may not become operational.
AP DNS server (provided by local DHCP) TCP/UDP:53 Query to resolve RUCKUS AP Registrar's FQDN This port is only used when an AP is first added to a tenant account. If this port is blocked, an AP cannot connect to the AP Management after a factory-reset.
AP Commscope SAS TCP/8443 SSL AP to SAS communication The SAS communicaiton would be blocked.
AP Satellite Data Service TCP/80 HTTP XTRA Predicted Satellite Data Service The Satellite Data Service would be blocked.