Enterprise Gateway UDP port Range

book

Article ID: 170902

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

When testing the Radius Validation server from the Enterprise Gateway we can get a successful login using vsradiusclient_test however when we test from a client box we fail.

 ERROR "2018-01-25 23:09:32.341 GMT0000" 0.0.0.0 VIP-Linux:1815 0 18530 "text=Error 18530 occurred at VSValidationServer.cpp:851. Description: VSValidationServer._receiveRequest() -- Invalid request received - -1" Thread-992 VSValidationServer.cpp 

Cause

Customer had UDP high ports closed on the firewall outbound from EGW inbound ports were open.

Environment

Any Radius Validation Server running on an Enterprise Gateway.

Resolution

The radius client always chooses a random UDP port to communicate to the Radius Server . The Radius request originates from high port on client XXX (which is random) to the Enterprise Gateway server port 1815 (or the port configured on the radius server). The Enterprise Gateway server (radius) response will be sent from port 1815 back to the client on the same originating port XXX.

We recommend since radius is only internal to allow all outbound UDP traffic from the Enterprise Gateway to the orginiating client.