Aruba Central Online Help

Opening Firewall Ports for Device Communication

Most of the communication between devices on the remote site and Aruba Central server in the cloud is carried out through HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). To allow devices to communicate over a network firewallFirewall is a network security system used for preventing unauthorized access to or from a private network., ensure that the following domain names and ports are open.

This section includes the following topics:

Domain names for Aruba Central Portal Access

Table 1: Domain Names and URLs for Aruba Central Portal Access

Region

Domain Name

Protocol

US-1

portal.central.arubanetworks.com

HTTPS

TCP port 443

US-2

portal-prod2.central.arubanetworks.com

HTTPS

TCP port 443

EU-1

portal-eu.central.arubanetworks.com

HTTPS

TCP port 443

Canada-1

portal-ca.central.arubanetworks.com

HTTPS

TCP port 443

China-1

portal.central.arubanetworks.com.cn

HTTPS

TCP port 443

APAC-1

portal-apac.central.arubanetworks.com

HTTPS

TCP port 443

APAC-EAST1

portal-apaceast.central.arubanetworks.com

HTTPS

TCP port 443

APAC-SOUTH1

portal-apacsouth.central.arubanetworks.com

HTTPS

TCP port 443

Domain Names for Device Communication with Aruba Central

 

Table 2: Domain Names for Device Communication with Aruba Central

Region

Aruba Central URL

URL for Device Connectivity

Protocol

FQDNs for SD-WAN Orchestrator Service

US-1

app.central.arubanetworks.com

app1.central.arubanetworks.com

HTTPS

TCP port 443

app1-h2.central.arubanetworks.com

US-2

app-prod2.central.arubanetworks.com

device-prod2.central.arubanetworks.com

HTTPS

TCP port 443

device-prod2-h2.central.arubanetworks.com

EU-1

app2-eu.central.arubanetworks.com

device-eu.central.arubanetworks.com

HTTPS

TCP port 443

device-eu-h2.central.arubanetworks.com

Canada-1

app-ca.central.arubanetworks.com

device-ca.central.arubanetworks.com

HTTPS

TCP port 443

device-ca-h2.central.arubanetworks.com

China-1

app.central.arubanetworks.com.cn

device.central.arubanetworks.com.cn

HTTPS

TCP port 443

device-h2.central.arubanetworks.com.cn

APAC-1

app2-ap.central.arubanetworks.com

app1-ap.central.arubanetworks.com

HTTPS

TCP port 443

app1-ap-h2.central.arubanetworks.com

APAC-EAST1

app-apaceast.central.arubanetworks.com

device-apaceast.central.arubanetworks.com

HTTPS

TCP port 443

device-apaceast-h2.central.arubanetworks.com

APAC-SOUTH1

app-apacsouth.central.arubanetworks.com

device-apacsouth.central.arubanetworks.com

HTTPS

TCP port 443

device-apacsouth-h2.central.arubanetworks.com

Domain Names for Device Communication with Aruba Activate

Table 3: Domain Names for Device Communication with Aruba Activate

Domain Name

Protocol

device.arubanetworks.com

HTTPS

TCP port 443

devices-v2.arubanetworks.com

Cloud Guest Server Domains for Guest Access Service

Table 4: Domain Names for Cloud Guest Server Access

Region

Domain Name

Protocol

US-1

 

nae1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

nae1-elb.cloudguest.central.arubanetworks.com

TCP port 443

US-2

 

naw2.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

naw2-elb.cloudguest.central.arubanetworks.com

TCP port 443

EU-1

 

euw1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

euw1-elb.cloudguest.central.arubanetworks.com

TCP port 443

Canada-1

 

ca.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

ca-elb.cloudguest.central.arubanetworks.com

TCP port 443

APAC-1

 

ap1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

ap1-elb.cloudguest.central.arubanetworks.com

TCP port 443

APAC-EAST1

 

apaceast.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

apaceast-elb.cloudguest.central.arubanetworks.com

TCP port 443

APAC-SOUTH1

 

apacsouth.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

apacsouth-elb.cloudguest.central.arubanetworks.com

TCP port 443

Domain Names for OpenFlow

Table 5: Domain Names for OpenFlow

Region

Domain Name

US-1

https://app2-ofc.central.arubanetworks.com

US-2

https://ofc-prod2.central.arubanetworks.com

EU-1

https://app2-eu-ofc.central.arubanetworks.com

Canada-1

https://ofc-ca.central.arubanetworks.com

China-1

https://ofc.central.arubanetworks.com.cn

APAC-1

https://app2-ap-ofc.central.arubanetworks.com

APAC-EAST1

https://ofc-apaceast.central.arubanetworks.com

APAC-SOUTH1

https://ofc-apacsouth.central.arubanetworks.com

Other Domain Names

Table 6: Other Domain Names

Domain Name

Protocol

Description

sso.arubanetworks.com

TCP port 443

Allows users to access their accounts on the internal server.

internal.central.arubanetworks.com

internal2.central.arubanetworks.com

TCP port 443

Allows users to access the Aruba Central Internal portal.

pool.ntp.org

UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port 123

Allows users to update the internal clock and configure time zone when a factory default device comes up.

By default, the Aruba devices contact pool.ntp.org and use NTPNetwork Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. to synchronize their system clocks.

activate.arubanetworks.com

TCP port 443

Allows users to configure provisioning rules in Activate.

pqm.arubanetworks.com ICMPInternet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. or UDP port 4500 Allows users to check the health of WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. uplinks configured on Branch Gateways.

images.arubanetworks.com

TCP port 80

Allows users to access the server that hosts software images available for upgrading devices.

http://h30326.www3.hpe.com

TCP port 80

Allows users to access the Aruba switch software images. To view the URLUniform Resource Locator. URL is a global address used for locating web resources on the Internet. for software updates, use the show activate software-update command.

d2vxf1j0rhr3p0.cloudfront.net

TCP port 80

Allows users to access the CloudFront server for locating Instant AP software images.

rcs-m.central.arubanetworks.com (For all other regions)

central-eu-rcs.central.arubanetworks.com (For Europe region)

TCP port 443

Allows users to access a device console through SSHSecure Shell. SSH is a network protocol that provides secure access to a remote device. .

cloud.arubanetworks.com

TCP port 80

Allows users to open the Aruba Central evaluation sign-up page.

aruba.brightcloud.com

TCP port 443

Enables devices to access the Webroot Brightcloud  server for application, application categories, and website content classification.

bcap15-dualstack.brightcloud.com

TCP port 443

Allows Aruba devices to look up the Webroot Brightcloud server for Website categories.

api-dualstack.bcti.brightcloud.com

TCP port 443

Allows Aruba devices to access the IP Reputation and IP Geolocation service on the Webroot Brightcloud server.

database-dualstack.brightcloud.com

TCP port 443

Allows Aruba devices to download the website classification database from the Webroot Brightcloud server.