Why are NWA1123-ACv2 trying to connect to various internet-hosts
Freshman Member
Hello
I noticed that my NWA1123-ACv2 access points are trying to contact various internet-hosts on ports tcp:4335 and tcp:6667, and they do so every 1-3 minutes. At the moment I counted 4 different target IP-adresses which are all in "eu-west-1.compute.amazonaws.com". The access points have a local configuration, not Nebula-connected, and so should at most try to connect to an ntp-host over udp:123.
Why do they try to connect and if a connection is successful, what data is transferred?
Thanks
Eric
PS. if I try to connect to them over a webbrowser, why do I always have to click away this Nebula-page? If it has a local config, why not go directly to the local login?
Best Answers
-
Maybe it's helpful to disable NCC discovery if you don't want to use it in cloud mode.
5 -
Hi @Eric_
About the tcp:4335, tcp:6667 and ntp-host over udp:123, it is the Nebula mechanism to let the AP find Nebula. Once we adds AP into the Nebula completely, we do not have to enable anything on the AP. AP will go online and get the configuration via Nebula automatically.
To manage ZYXEL AP more convenient, ZYXEL published Nebula which could let the customer to login everywhere. Moreover, Nebula will help you to realize the AP status with one login page and configure the AP via the remote access. We do not have to login every AP one by one. That's why we encourage all customers register their APs on the Nebula.
If you do not want to let the AP send out the packet to the Nebula, you could disable the NCC discover here.
Joslyn
5
Zyxel Employee
All Replies
-
Maybe it's helpful to disable NCC discovery if you don't want to use it in cloud mode.
5 -
Hi @Eric_
About the tcp:4335, tcp:6667 and ntp-host over udp:123, it is the Nebula mechanism to let the AP find Nebula. Once we adds AP into the Nebula completely, we do not have to enable anything on the AP. AP will go online and get the configuration via Nebula automatically.
To manage ZYXEL AP more convenient, ZYXEL published Nebula which could let the customer to login everywhere. Moreover, Nebula will help you to realize the AP status with one login page and configure the AP via the remote access. We do not have to login every AP one by one. That's why we encourage all customers register their APs on the Nebula.
If you do not want to let the AP send out the packet to the Nebula, you could disable the NCC discover here.
Joslyn
5 -
Hello Joslyn & 唐小鴨
Thanks for the hint & solution. I did not know this option yet but I do now.
@Joslyn
OT - as for this line: "That's why we encourage all customers register their APs on the Nebula."
Excuse me, encourage is a nicer word for pressuring/harassing customers to use the desired platform. I do not like cloud, I find it absurd to store security-info in some piece of cloud where I cannot influence the safety of this info, I don't want to use it unless I have no alternatives left and even then, I might consider dumping the product if there is no real NEED for using it. Example: open the webinterface of an access point. eventhough I have NCC disabled and use a local config, I still have to read the "invitation" to use Nebula and click it away if I want to get to my local setup. Bl*dy annoying, just like those wizards that have to run, create undesired objects in a configuration and only stop pestering once a config is made.
Maybe I shoud stop now, before I really say things i don't want to. I very much appreciate the quick help but Zyxel is, with suchs "encouragements", quickly pushing me away towards other brands. Good products offer choices, like Zyxel, but don't keep pushing like Zyxel is doing more and more.
Greetings from Switzerland
Eric
0 -
Hi @Eric_
It's our honor to answer your question.
Thanks for your great opinion. This is very helpful for us. We will have a discussion for it and evaluate how to enhance this part. Thank you for being a ZYXEL user.
Joslyn
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
