ITC/3AV WIKI

User Tools

Site Tools

Trace: opening_firewall_ports_for_device_communication
aruba_networks:opening_firewall_ports_for_device_communication

Opening Firewall Ports for Device Communication

Aruba Central can be accessed from the HPE GreenLake portal using the following URLs.

https://console.greenlake.hpe.com/

https://common.cloud.hpe.com/

The URLs redirect to https://auth.hpe.com/ to present the HPE GreenLake login page. 

Note: Starting 2024, the https://common.cloud.hpe.com/ URL will be deprecated.

For more information about accessing the HPE GreenLake portal and adding the Aruba Central app, Creating an Aruba Central Account.

Most of the communication between devices on the remote site and Aruba Central server in the cloud is carried out through HTTPS (TCP 443). To allow devices to communicate over a network firewall, ensure that the following domain names and ports are open.

This section includes the following topics:

  • Domain Names for Aruba Central Portal Access
  • Domain Names for Device Communication with Aruba Central
  • Domain Names for Device Communication with Aruba Activate
  • Cloud Guest Server Domains for Guest Access Service
  • Domain Names for OpenFlow
  • Domain Names for RCS
  • Other Domain Names

This section includes the following topics:

Domain Names for Aruba Central Portal Access

Domain names for hybrid endpoint

RegionDomain NameProtocol
US-1app1.hybrid.central.arubanetworks.comHTTPS TCP port 443
US-2hc-prod2.central.arubanetworks.com HTTPS TCP port 443
US Westuswest4-hc.central.arubanetworks.comHTTPS TCP port 443
EU-1central-eu-hc.central.arubanetworks.comHTTPS TCP port 443
CA Centralca-hc.central.arubanetworks.comHTTPS TCP port 443
AP South apac-hc.central.arubanetworks.comHTTPS TCP port 443
AP Northeastapaceast-hc.central.arubanetworks.comHTTPS TCP port 443
AP-SouthEastapacsouth-hc.central.arubanetworks.comHTTPS TCP port 443
UAE North uaenorth1.central.arubanetworks.com HTTPS TCP port 443

Domain Names for Device Communication with Aruba Central

Table 2: Domain Names for Device Communication with Aruba Central

RegionAruba Central URLURL for Device ConnectivityProtocolFQDNs for Overlay Route Orchestrator (ORO) and Overlay Tunnel Orchestrator (OTO) Service
US-1app.central.arubanetworks.comapp1.central.arubanetworks.comHTTPS TCP port 443app1-h2.central.arubanetworks.com
US-2app-prod2.central.arubanetworks.comdevice-prod2.central.arubanetworks.comHTTPS TCP port 443device-prod2-h2.central.arubanetworks.com
US Westapp-uswest4.central.arubanetworks.comdevice-uswest4.central.arubanetworks.comHTTPS TCP port 443device-uswest4-h2.central.arubanetworks.com
EU-1app2-eu.central.arubanetworks.comdevice-eu.central.arubanetworks.comHTTPS TCP port 443device-eu-h2.central.arubanetworks.com
EU Centraleucentral3.central.arubanetworks.comdevice-eucentral3.central.arubanetworks.comHTTPS TCP port 443device-eucentral3-h2.central.arubanetworks.com
CA Centralapp-ca.central.arubanetworks.comdevice-ca.central.arubanetworks.comHTTPS TCP port 443device-ca-h2.central.arubanetworks.com
CN Northapp.central.arubanetworks.com.cndevice.central.arubanetworks.com.cnHTTPS TCP port 443device-h2.central.arubanetworks.com.cn
AP Southapp2-ap.central.arubanetworks.comapp1-ap.central.arubanetworks.comHTTPS TCP port 443app1-ap-h2.central.arubanetworks.com
AP Northeastapp-apaceast.central.arubanetworks.comdevice-apaceast.central.arubanetworks.comHTTPS TCP port 443device-apaceast-h2.central.arubanetworks.com
AP-SouthEastapp-apacsouth.central.arubanetworks.comdevice-apacsouth.central.arubanetworks.comHTTPS TCP port 443 device-apacsouth-h2.central.arubanetworks.com
UAE Northapp-uaenorth1.central.arubanetworks.comdevice-uaenorth1.central.arubanetworks.comHTTPS TCP port 443device-uaenorth1-h2.central.arubanetworks.com

Domain Names for AOS-CX Device Communication with Aruba Central

Table 3: Domain Names for AOS-CX Device Communication with Aruba Central

RegionAruba Central URLURL for Device ConnectivityProtocol
US-1app.central.arubanetworks.comdevice-prod2-d2.central.arubanetworks.comHTTPS TCP port 443
US-2app-prod2.central.arubanetworks.comdevice-prod2.central.arubanetworks.comHTTPS TCP port 443
US Westapp-uswest4.central.arubanetworks.comdevice-uswest4-d2.central.arubanetworks.comHTTPS TCP port 443
EU-1app2-eu.central.arubanetworks.comdevice-eu.central.arubanetworks.comHTTPS TCP port 443
EU Centraleucentral3.central.arubanetworks.comdevice-eucentral3-d2.central.arubanetworks.comHTTPS TCP port 443
CA Centralapp-ca.central.arubanetworks.comdevice-ca.central.arubanetworks.comHTTPS TCP port 443
CN Northapp.central.arubanetworks.comdevice.central.arubanetworks.comHTTPS TCP port 443
AP Southapp2-ap.central.arubanetworks.com app1-ap.central.arubanetworks.comHTTPS TCP port 443
AP Northeastapp-apaceast.central.arubanetworks.comdevice-apaceast.central.arubanetworks.comHTTPS TCP port 443
AP-SouthEastapp-apacsouth.central.arubanetworks.comdevice-apacsouth.central.arubanetworks.comHTTPS TCP port 443
UAE Northapp-uaenorth1.central.arubanetworks.comdevice-uaenorth1-d2.central.arubanetworks.comHTTPS TCP port 443

Domain Names for Device Communication with Aruba Activate

Table 4: Domain Names for Device Communication with Aruba Activate

Domain NameProtocol
device.arubanetworks.comHTTPS TCP port 443
devices-v2.arubanetworks.comHTTPS TCP port 443
est.arubanetworks.com *HTTPS TCP port 443

* Required for Aruba 2530 switches to provision certificate using the EST server in activate. 

Note: For the switches to establish connection with the Activate server, when a proxy server is configured on the network, the URLs in this table must be added to the list of allowed URLs on the proxy server.

Cloud Guest Server Domains for Guest Access Service

Table 5: Domain Names for Cloud Guest Server Access

RegionDomain NameProtocol
US-1naw2.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
US-1naw2-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
US-2nae1.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
US-2nae1-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
US Westuswest4.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
US Westuswest4-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
EU-1euw1.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
EU-1euw1-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
EU Centraleuw1.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
EU Centraleuw1-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
CA Centralca.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
CA Centralca-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
AP Southap1.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
AP Southap1-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
AP NorthEastapaceast.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
AP NorthEastapaceast-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
AP SouthEastapacsouth.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
AP SouthEastapacsouth-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443
UAE Northasw1.cloudguest.central.arubanetworks.comTCP port 2083 TCP port 443
UAE Northasw1-elb.cloudguest.central.arubanetworks.comHTTPS TCP port 443

Domain Names for OpenFlow

Table 6: Domain Names for OpenFlow

RegionDomain Name
US-1https://app2-ofc.central.arubanetworks.com
US-2https://ofc-prod2.central.arubanetworks.com
US Westhttps://ofc-uswest4.central.arubanetworks.com
EU-1https://app2-eu-ofc.central.arubanetworks.com
EU Centralhttps://ofc-eucentral3.central.arubanetworks.com
CA Centralhttps://ofc-ca.central.arubanetworks.com
CN Northhttps://ofc.central.arubanetworks.com.cn
AP Southhttps://app2-ap-ofc.central.arubanetworks.com
APNorthEasthttps://ofc-apaceast.central.arubanetworks.com
AP SouthEasthttps://ofc-apacsouth.central.arubanetworks.com
UAE Northhttps://ofc-uaenorth1.central.arubanetworks.com

Domain Names for RCS

Table 7: Domain Names and URLs for RCS

RegionDomain NameProtocol
US-1rcs-ng-prod.central.arubanetworks.comSSH port 443
US-1rcs-ng-xp-prod.central.arubanetworks.comSSH port 443
US-2rcs-ng-central-prod2.central.arubanetworks.comSSH port 443
US-2rcs-ng-xp-central-prod2.central.arubanetworks.comSSH port 443
US Westrcs-ng-uswest4.central.arubanetworks.comSSH port 443
US Westrcs-ng-xp-uswest4.central.arubanetworks.comSSH port 443
EU-1rcs-ng-eu.central.arubanetworks.comSSH port 443
EU-1rcs-ng-xp-eu.central.arubanetworks.comSSH port 443
EU Centralrcs-ng-eucentral3.central.arubanetworks.comSSH port 443
EU Centralrcs-ng-xp-eucentral3.central.arubanetworks.comSSH port 443
CA Centralrcs-ng-starman.central.arubanetworks.comSSH port 443
CA Centralrcs-ng-xp-starman.central.arubanetworks.comSSH port 443
CN Northrcs-ng-china-prod.central.arubanetworks.com.cnSSH port 443
AP Southrcs-ng-apac.central.arubanetworks.comSSH port 443
AP Southrcs-ng-xp-apac.central.arubanetworks.comSSH port 443
AP NorthEastrcs-ng-apaceast.central.arubanetworks.comSSH port 443
AP NorthEastrcs-ng-xp-apaceast.central.arubanetworks.comSSH port 443
AP SouthEastrcs-ng-apacsouth.central.arubanetworks.comSSH port 443
AP SouthEastrcs-ng-xp-apacsouth.central.arubanetworks.comHSSH port 443
UAE Northrcs-ng-uaenorth1.central.arubanetworks.comSSH port 443

Other Domain Names

Table 8: Other Domain Names

Domain NameProtocolDescription
sso.arubanetworks.comTCP port 443Allows users to access their accounts on the internal server.
internal.central.arubanetworks.comTCP port 443Allows users to access the Aruba Central Internal portal.
internal2.central.arubanetworks.comTCP port 443Allows users to access the Aruba Central Internal portal.
pool.ntp.orgUDP port 123Allows users to update the internal clock and configure time zone when a factory default device comes up. By default, the Aruba devices contact pool.ntp.org and use NTP to synchronize their system clocks.
activate.arubanetworks.comTCP port 443Allows users to configure provisioning rules in Activate.
stun.pqm.arubanetworks.comUDP or TCP port 3478 and 3479Allows users to discover public IP over the WAN uplinks configured on devices.
pqm.arubanetworks.comICMP or UDP port 4500Allows users to check the health of WAN uplinks configured on Branch Gateways.
common.cloud.hpe.com/ccssvc/ccs-system-firmware-registryTCP port 80 and TCP port 443Allows users to access the CloudFront server for locating all device type software images.
https://d20kce0f6gvxjn.cloudfront.netTCP port 443Allows users to access the CloudFront server while Aruba IDPS is enabled in Aruba Central gateways. NOTE: This URL can be invoked only by gateways that have IDPS security enabled. The URL cannot be enabled manually.
cloud.arubanetworks.comTCP port 80SAllows users to open the Aruba Central evaluation sign-up page.
aruba.brightcloud.comTCP port 443Enables devices to access the Webroot Brightcloud server for application, application categories, and website content classification.
bcap15-dualstack.brightcloud.comTCP port 443Allows Aruba devices to look up the Webroot Brightcloud server for Website categories.
api-dualstack.bcti.brightcloud.comTCP port 443Allows Aruba devices to access the IP Reputation and IP Geolocation service on the Webroot Brightcloud server.
database-dualstack.brightcloud.comTCP port 443Allows Aruba devices to download the website classification database from the Webroot Brightcloud server. 
Note: When configuring ACLs to allow traffic over a network firewall, use the domain names instead of the IP addresses. For more information on ACLs, see Firewall Policies and ACLs.  For Branch Gateways to set up IPsec tunnel with the VPN concentrators, the UDP 4500 port must be open.

—- Debug ap aruba command debug_ap_aruba_command.zip

aruba_networks/opening_firewall_ports_for_device_communication.txt · Last modified: 2024/02/18 12:39 by aperez
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki