Before you Begin
Note the following licensing and port requirements before you begin configuring your VIA deployment.
License Requirements
Controllers running ArubaOS 8.x require one of two available license types to support VIA users, the license, or the license.
The controller. This PEFV license is purchased as a single controller-specific license that enabled the functionality up to the full user capacity of the controller.
license allows a network administrator to apply firewall policies to clients using a VPN to connect to theArubaOS 8.2.0.0 and later supports a sharable license. Each VIA client or 3rd party VPN client consumes a single VIA license. (VIA licenses are not consumed by site-to-site VPNs.) If a standalone controller or a controller managed by Mobility Master has a PEFV license, that device will not consume VIA licenses from a licensing pool, as a single PEFV license supports all VIA and 3rd party VPN clients, up to the full user capacity for that controller.
|
For more information on purchasing, installing and managing licenses in ArubaOS 8.x, refer to the ArubaOS Licensing Guide for your ArubaOS version. |
License Requirements
Controllers running ArubaOS 6.5.x.x require the PEFV license to support VIA users. The license allows a network administrator to apply firewall policies to clients using a VPN to connect to the controller. This PEFV license is purchased as a single controller-specific license that enabled the functionality up to the full user capacity of the controller.
|
For more information on purchasing, installing and managing licenses in ArubaOS 6.5.x.x, refer to the ArubaOS Licensing Guide for your ArubaOS version. |
Port Access
VIA requires access to the following ports:
TCP 443: During the initialization phase, VIA uses HTTPS connections to perform trusted network and captive portal checks. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.
UDP 4500: This port is used for a VPN connection.
VIA authentication profile, you can define the port used for profile downloads in the profile. The supported range is port 1025-65535, and the default value is 8085.
: If you have enabled the feature in theThe ports configured for VIA client certificate-based authentication must also be added to the controller
the
command
If the port is not configured on the control plane firewall, all packets sent to the controller port will be dropped, and the HTTPS connection will not be established.
Functionality |
TCP Port 443 |
||||
---|---|---|---|---|---|
|
|
|
|
|
|
Web Auth |
|||||
Download VIA client software |
N/A |
N/A |
|||
Credential based connection-profile download |
|||||
Certificate based connection-profile download |
N/A |
N/A |
N/A |
||
VPN Connection |
|
|
|||
Trusted network check |
|||||
SSL fallback |
N/A |
N/A |
|||
Captive portal detect |
N/A |
N/A |
N/A |
N/A |
Functionality |
UDP port 4500 |
||||
---|---|---|---|---|---|
|
|
|
|
|
|
VPN Connection |
Functionality |
Custom Port <1025-65535> |
||||
---|---|---|---|---|---|
|
|
|
Linux |
|
|
Certificate based connection-profile download (default, port 8085) |
N/A |
N/A |
N/A |
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!