I have several AP's at a remote site. They are accessing the controller through a public IP. I have no issues with this. The issue appears when I try to upgrade the controller. The AP's do not update and they fail. They are found in the controller. However, they don't get a channel and are inaccessible to the remote clients as they don't see a SSID. Is there a port I need to open on the firewall to handle the upgrade of AP's?