We have a cloud controller running in azure and have ports 8080,8443 and 8880 open. We have 20 sites running fine at the moment but need to enable 2fa or restrict access to the management console to only selected IP addresses.
how can this be achieved without blocking out access to all of the sites and their devices from connecting to the controller?
We first thought that we would restrict the source IP on specific ports but then wondered how devices on each site connect. Do they connect over a specific port and the UI over another?
Can i enable 2fa in the cloud controller software? i dont see any options for it.
- UI uses 8443/TCP.
- 8880/TCP is for portal redirects (may not be necessary).
- Devices connect on 8080/TCP, which is considered safe to open up (though IMO GeoIP filters won't hurt there).
- Don't forget 3478/UDP for STUN.