Shutting down e.g. port 80 on cloud connected access point (NWA55AXE)

Xerxes
Xerxes Posts: 4
I have looked around in Nebula, and in the "direct login" for the AP, but can not find anywhere where i can do stuff like shutting down port 80.

Should this be possible?

All Replies

  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    edited April 2022
    Hi Customer,

    Currently on nebula we can't disable the HTTP function / port 80 of AP.

    Nowadays, most popular browser will initiate HTTPS connection after we type IP address to access the AP, in addition, most people won't know each AP's IP address and even the password. So could you please share with us if there's any reason you'd want to disable this port? 

    Best Regards,
    Richard
  • Xerxes
    Xerxes Posts: 4
    Like you say yourself - port 80 doesn't have much use - so why have it enabled at all (by default)?
    First thing to do when security hardening is to disable everything that is not used... so port 80 should not be open at all.

    And just because something has a password, doesn't mean it's safe:)

    Anyway, perhaps i can shut down port 80 via ssh/terminal? (i can login with the direct user/pwd).
  • Zyxel_Richard
    Zyxel_Richard Posts: 254  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Security
    edited April 2022
    Hi sir,

    You can use command through SSH to shut down the port 80, but every time you change the AP settings on Nebula, the Nebula will push the configuration to AP and overwrite the setting you’ve just set up (to be the same as cloud setting), therefore the port 80 will be enabled again.

    If you do need the command, this is “configure terminal no ip http server”

    Thanks for letting us know your concern, we’ll make this a feature request, and further evaluate if this will be implemented in the NCC.

    Best regards,
    Richard 


Nebula Tips & Tricks