cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

Hi,

We are using Endpoint Security clients from E80.87 to E82.10, on approximately 1000 users. Our firewall gateway is on version R80.30, and our Endpoint Security Management Server is also on R80.30 (with two external Endpoint Policy Servers). As we have a lot of roaming users we need the ability to use the Register to Hotspot functionality with all ports open during the registration.

I followed the sk41586 and defined the any_port through GuiDBedit tool, and applied it on the Global Properties (see attachment below) on the firewall gateway.

GP.jpg

 

But, as we are using the SmartEndpoint console, there is also the ability to define the ports to be used for Hotspot registration (Policy -> Allow hotspot registration). How can I define the any_port through SmartEndpoint, what value do I have to use (see attachment below)? There is no description in the admin guide what to use for any port if you define it through SmartEndpoint.

SE.jpg

 

And the thing that confuses me the most. What configuration will be applied on the client side when connected to VPN, the one defined on the gateway in Global Properties or the one defined in the SmartEndpoint Policy?

 

Below is the configuration I get in trac.config when I connect to the VPN:

<PARAM fw_hotspot_ports="&lt;any_port>"></PARAM>
<PARAM fw_hotspot_ports="443"></PARAM>
<PARAM fw_hotspot_ports="80"></PARAM>
<PARAM fw_hotspot_ports="8080"></PARAM>
<PARAM fw_hotspot_ports="8080"></PARAM>
<PARAM fw_hotspot_ports="8444"></PARAM>

 

Thanks,

Hrvoje

 

 

0 Kudos
5 Replies
Admin
Admin

Re: Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

Maybe try a port range 1-65535?
0 Kudos

Re: Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

Already tried, it doesn't accept any kind of port range:

port.jpg

 

There is also sk155072 which states the format above should work, but it doesn't (I tried while we were on R70.30.03 and now on R80.30):

port_range.JPG

0 Kudos
Admin
Admin

Re: Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

If the SK says it should work and it doesn’t…probably worth a TAC case to clarify.
Admin
Admin

Re: Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

Checked with R&D, this is most definitely a GUI bug.
Please open a TAC case.

Re: Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

OK, thanks, will do so 🙂

0 Kudos