**[[https://www.arubanetworks.com/techdocs/central/2.5.7/content/nms/device-mgmt/communication_ports.htm#Cloud|Opening Firewall Ports for Device Communication]]** **Aruba Central** can be accessed from the** HPE GreenLake portal** using the following URLs. [[https://console.greenlake.hpe.com/]] [[https://common.cloud.hpe.com/]] The URLs redirect to [[https://auth.hpe.com/]] to present the **HPE GreenLake** login page. Note: Starting 2024, the https://common.cloud.hpe.com/ URL will be deprecated. For more information about accessing the HPE GreenLake portal and adding the Aruba Central app, [[https://www.arubanetworks.com/techdocs/central/2.5.7/content/nms/get-started/sign-up.htm|Creating an Aruba Central Account]]. Most of the communication between devices on the remote site and Aruba Central server in the cloud is carried out through **HTTPS** (**TCP 443**). To allow devices to communicate over a network firewall, ensure that the following domain names and ports are open. This section includes the following topics: * Domain Names for Aruba Central Portal Access * Domain Names for Device Communication with Aruba Central * Domain Names for Device Communication with Aruba Activate * Cloud Guest Server Domains for Guest Access Service * Domain Names for OpenFlow * Domain Names for RCS * Other Domain Names This section includes the following topics: **Domain Names for Aruba Central Portal Access** Domain names for hybrid endpoint ^Region^Domain Name^Protocol^ |US-1|app1.hybrid.central.arubanetworks.com|HTTPS TCP port 443| |US-2|hc-prod2.central.arubanetworks.com| HTTPS TCP port 443| |US West|uswest4-hc.central.arubanetworks.com|HTTPS TCP port 443| |EU-1|central-eu-hc.central.arubanetworks.com|HTTPS TCP port 443| |CA Central|ca-hc.central.arubanetworks.com|HTTPS TCP port 443| |AP South| apac-hc.central.arubanetworks.com|HTTPS TCP port 443| |AP Northeast|apaceast-hc.central.arubanetworks.com|HTTPS TCP port 443| |AP-SouthEast|apacsouth-hc.central.arubanetworks.com|HTTPS TCP port 443| |UAE North| uaenorth1.central.arubanetworks.com |HTTPS TCP port 443| **Domain Names for Device Communication with Aruba Central** Table 2: Domain Names for Device Communication with Aruba Central ^Region^Aruba Central URL^URL for Device Connectivity^Protocol^FQDNs for Overlay Route Orchestrator (ORO) and Overlay Tunnel Orchestrator (OTO) Service^ |US-1|app.central.arubanetworks.com|app1.central.arubanetworks.com|HTTPS TCP port 443|app1-h2.central.arubanetworks.com| |US-2|app-prod2.central.arubanetworks.com|device-prod2.central.arubanetworks.com|HTTPS TCP port 443|device-prod2-h2.central.arubanetworks.com| |US West|app-uswest4.central.arubanetworks.com|device-uswest4.central.arubanetworks.com|HTTPS TCP port 443|device-uswest4-h2.central.arubanetworks.com| |EU-1|app2-eu.central.arubanetworks.com|device-eu.central.arubanetworks.com|HTTPS TCP port 443|device-eu-h2.central.arubanetworks.com| |EU Central|eucentral3.central.arubanetworks.com|device-eucentral3.central.arubanetworks.com|HTTPS TCP port 443|device-eucentral3-h2.central.arubanetworks.com| |CA Central|app-ca.central.arubanetworks.com|device-ca.central.arubanetworks.com|HTTPS TCP port 443|device-ca-h2.central.arubanetworks.com| |CN North|app.central.arubanetworks.com.cn|device.central.arubanetworks.com.cn|HTTPS TCP port 443|device-h2.central.arubanetworks.com.cn| |AP South|app2-ap.central.arubanetworks.com|app1-ap.central.arubanetworks.com|HTTPS TCP port 443|app1-ap-h2.central.arubanetworks.com | |AP Northeast|app-apaceast.central.arubanetworks.com|device-apaceast.central.arubanetworks.com|HTTPS TCP port 443|device-apaceast-h2.central.arubanetworks.com| |AP-SouthEast|app-apacsouth.central.arubanetworks.com|device-apacsouth.central.arubanetworks.com|HTTPS TCP port 443 |device-apacsouth-h2.central.arubanetworks.com| |UAE North|app-uaenorth1.central.arubanetworks.com|device-uaenorth1.central.arubanetworks.com|HTTPS TCP port 443|device-uaenorth1-h2.central.arubanetworks.com| **Domain Names for AOS-CX Device Communication with Aruba Central** Table 3: Domain Names for AOS-CX Device Communication with Aruba Central ^Region^Aruba Central URL^URL for Device Connectivity^Protocol^ |US-1|app.central.arubanetworks.com|device-prod2-d2.central.arubanetworks.com|HTTPS TCP port 443| |US-2|app-prod2.central.arubanetworks.com|device-prod2.central.arubanetworks.com|HTTPS TCP port 443| |US West|app-uswest4.central.arubanetworks.com|device-uswest4-d2.central.arubanetworks.com|HTTPS TCP port 443| |EU-1|app2-eu.central.arubanetworks.com|device-eu.central.arubanetworks.com|HTTPS TCP port 443| |EU Central|eucentral3.central.arubanetworks.com|device-eucentral3-d2.central.arubanetworks.com|HTTPS TCP port 443| |CA Central|app-ca.central.arubanetworks.com|device-ca.central.arubanetworks.com|HTTPS TCP port 443| |CN North|app.central.arubanetworks.com|device.central.arubanetworks.com|HTTPS TCP port 443| |AP South|app2-ap.central.arubanetworks.com | app1-ap.central.arubanetworks.com|HTTPS TCP port 443| |AP Northeast|app-apaceast.central.arubanetworks.com|device-apaceast.central.arubanetworks.com|HTTPS TCP port 443| |AP-SouthEast|app-apacsouth.central.arubanetworks.com|device-apacsouth.central.arubanetworks.com|HTTPS TCP port 443| |UAE North|app-uaenorth1.central.arubanetworks.com|device-uaenorth1-d2.central.arubanetworks.com|HTTPS TCP port 443| **Domain Names for Device Communication with Aruba Activate** Table 4: Domain Names for Device Communication with Aruba Activate ^Domain Name^Protocol^ |device.arubanetworks.com|HTTPS TCP port 443| |devices-v2.arubanetworks.com|HTTPS TCP port 443| |est.arubanetworks.com *|HTTPS TCP port 443| *** Required for Aruba 2530 switches to provision certificate using the EST server in activate.** Note: For the switches to establish connection with the Activate server, when a proxy server is configured on the network, the URLs in this table must be added to the list of allowed URLs on the proxy server. **Cloud Guest Server Domains for Guest Access Service** Table 5: Domain Names for Cloud Guest Server Access ^Region^Domain Name^Protocol^ |US-1|naw2.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |US-1|naw2-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443| |US-2|nae1.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |US-2|nae1-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |US West|uswest4.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |US West|uswest4-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |EU-1|euw1.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |EU-1|euw1-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |EU Central|euw1.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |EU Central|euw1-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |CA Central|ca.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |CA Central|ca-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |AP South|ap1.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |AP South|ap1-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |AP NorthEast|apaceast.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |AP NorthEast|apaceast-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |AP SouthEast|apacsouth.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |AP SouthEast|apacsouth-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | |UAE North|asw1.cloudguest.central.arubanetworks.com|TCP port 2083 TCP port 443| |UAE North|asw1-elb.cloudguest.central.arubanetworks.com|HTTPS TCP port 443 | **Domain Names for OpenFlow** Table 6: Domain Names for OpenFlow ^Region^Domain Name^ |US-1|https://app2-ofc.central.arubanetworks.com| |US-2|https://ofc-prod2.central.arubanetworks.com| |US West|https://ofc-uswest4.central.arubanetworks.com| |EU-1|https://app2-eu-ofc.central.arubanetworks.com| |EU Central|https://ofc-eucentral3.central.arubanetworks.com| |CA Central|https://ofc-ca.central.arubanetworks.com| |CN North|https://ofc.central.arubanetworks.com.cn| |AP South|https://app2-ap-ofc.central.arubanetworks.com| |APNorthEast|https://ofc-apaceast.central.arubanetworks.com| |AP SouthEast|https://ofc-apacsouth.central.arubanetworks.com| |UAE North|https://ofc-uaenorth1.central.arubanetworks.com| **Domain Names for RCS** Table 7: Domain Names and URLs for RCS ^Region^Domain Name^Protocol^ |US-1|rcs-ng-prod.central.arubanetworks.com|SSH port 443| |US-1|rcs-ng-xp-prod.central.arubanetworks.com|SSH port 443| |US-2|rcs-ng-central-prod2.central.arubanetworks.com|SSH port 443| |US-2|rcs-ng-xp-central-prod2.central.arubanetworks.com|SSH port 443| |US West|rcs-ng-uswest4.central.arubanetworks.com|SSH port 443| |US West|rcs-ng-xp-uswest4.central.arubanetworks.com|SSH port 443| |EU-1|rcs-ng-eu.central.arubanetworks.com|SSH port 443| |EU-1|rcs-ng-xp-eu.central.arubanetworks.com|SSH port 443| |EU Central|rcs-ng-eucentral3.central.arubanetworks.com|SSH port 443| |EU Central|rcs-ng-xp-eucentral3.central.arubanetworks.com|SSH port 443 | |CA Central|rcs-ng-starman.central.arubanetworks.com|SSH port 443| |CA Central|rcs-ng-xp-starman.central.arubanetworks.com|SSH port 443| |CN North|rcs-ng-china-prod.central.arubanetworks.com.cn|SSH port 443| |AP South|rcs-ng-apac.central.arubanetworks.com|SSH port 443| |AP South|rcs-ng-xp-apac.central.arubanetworks.com|SSH port 443| |AP NorthEast|rcs-ng-apaceast.central.arubanetworks.com|SSH port 443| |AP NorthEast|rcs-ng-xp-apaceast.central.arubanetworks.com|SSH port 443| |AP SouthEast|rcs-ng-apacsouth.central.arubanetworks.com|SSH port 443| |AP SouthEast|rcs-ng-xp-apacsouth.central.arubanetworks.com|HSSH port 443| |UAE North|rcs-ng-uaenorth1.central.arubanetworks.com|SSH port 443| **Other Domain Names** Table 8: Other Domain Names ^Domain Name^Protocol^Description^ |sso.arubanetworks.com|TCP port 443|Allows users to access their accounts on the internal server.| |internal.central.arubanetworks.com|TCP port 443|Allows users to access the Aruba Central Internal portal.| |internal2.central.arubanetworks.com|TCP port 443|Allows users to access the Aruba Central Internal portal.| |pool.ntp.org|UDP port 123|Allows users to update the internal clock and configure time zone when a factory default device comes up. By default, the Aruba devices contact pool.ntp.org and use NTP to synchronize their system clocks.| |activate.arubanetworks.com|TCP port 443|Allows users to configure provisioning rules in Activate.| |stun.pqm.arubanetworks.com|UDP or TCP port 3478 and 3479|Allows users to discover public IP over the WAN uplinks configured on devices.| |pqm.arubanetworks.com|ICMP or UDP port 4500|Allows users to check the health of WAN uplinks configured on Branch Gateways.| |common.cloud.hpe.com/ccssvc/ccs-system-firmware-registry|TCP port 80 and TCP port 443|Allows users to access the CloudFront server for locating all device type software images.| |https://d20kce0f6gvxjn.cloudfront.net|TCP port 443|Allows users to access the CloudFront server while Aruba IDPS is enabled in Aruba Central gateways. NOTE: This URL can be invoked only by gateways that have IDPS security enabled. The URL cannot be enabled manually.| |cloud.arubanetworks.com|TCP port 80|SAllows users to open the Aruba Central evaluation sign-up page.| |aruba.brightcloud.com|TCP port 443|Enables devices to access the Webroot Brightcloud server for application, application categories, and website content classification.| |bcap15-dualstack.brightcloud.com|TCP port 443|Allows Aruba devices to look up the Webroot Brightcloud server for Website categories.| |api-dualstack.bcti.brightcloud.com|TCP port 443|Allows Aruba devices to access the IP Reputation and IP Geolocation service on the Webroot Brightcloud server.| |database-dualstack.brightcloud.com|TCP port 443|Allows Aruba devices to download the website classification database from the Webroot Brightcloud server.| Note: When configuring ACLs to allow traffic over a network firewall, use the domain names instead of the IP addresses. For more information on ACLs, see Firewall Policies and ACLs. For Branch Gateways to set up IPsec tunnel with the VPN concentrators, the UDP 4500 port must be open. ---- **Debug ap aruba command** {{ :aruba_networks:debug_ap_aruba_command.zip |}} ----