Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Opening Firewall Ports for Device Communication
HPE Aruba Networking Central can be accessed from the HPE GreenLake portal using the following URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet.:
The URL redirects to https://auth.hpe.com/ to present the HPE GreenLake login page.
For more information about accessing the HPE GreenLake portal and adding the WebUI, see Creating an HPE Aruba Networking Central Account.
Most of the communication between devices on the remote site and HPE Aruba Networking Central server in the cloud is carried out through HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). To allow devices to communicate over a network firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., ensure that the following domain names and ports are open.
This section includes the following topics:
- Domain Names for Streaming Telemetry
- Domain Names for Device Communication with HPE Aruba Networking Central
- Domain Names for AOS-CX Device Communication with HPE Aruba Networking Central
- Domain Names for Device Communication with Aruba Activate
- Cloud Guest Server Domains for Guest Access Service
- Domain Names for OpenFlow
- Domain Names for RCS
- Other Domain Names
Domain Names for Streaming Telemetry
Domain names to be allow listed for streaming telemetry.
Region |
Domain Name |
Protocol |
---|---|---|
US-1 |
app1.hybrid.central.arubanetworks.com |
HTTPS TCP port 443 |
US-2 |
hc-prod2.central.arubanetworks.com |
HTTPS TCP port 443 |
US West |
uswest4-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
US West 5 |
uswest5-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-1 |
central-eu-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-2 |
eucentral2-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-3 |
eucentral3-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
ca-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
CN Common Name. CN is the primary name used to identify a certificate. North | china-prod-hc.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
CN-2 | china2-hc.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
AP South |
apac-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
AP Northeast |
apaceast-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
AP-SouthEast |
apacsouth-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
UAE North |
uaenorth1.central.arubanetworks.com |
HTTPS TCP port 443 |
Domain Names for Device Communication with HPE Aruba Networking Central
The HPE Aruba Networking Central URLs mentioned the following table, and the HPE GreenLake portal URL mentioned in the beginning of this chapter are for region-wise administrator (or management) access to the HPE Aruba Networking Central UI.
The URLs in the following table are not applicable to AOS-CX switches.
Region |
HPE Aruba Networking Central URL |
URL for Device Connectivity |
Protocol |
FQDNs for Overlay Route Orchestrator (ORO) and Overlay Tunnel Orchestrator (OTO) Services |
---|---|---|---|---|
US-1 |
app.central.arubanetworks.com |
app1.central.arubanetworks.com |
HTTPS TCP port 443 |
app1-h2.central.arubanetworks.com |
US-2 |
app-prod2.central.arubanetworks.com |
device-prod2.central.arubanetworks.com |
HTTPS TCP port 443 |
device-prod2-h2.central.arubanetworks.com |
US West |
app-uswest4.central.arubanetworks.com |
device-uswest4.central.arubanetworks.com |
HTTPS TCP port 443 |
device-uswest4-h2.central.arubanetworks.com |
US West 5 |
app-uswest5.central.arubanetworks.com |
device-uswest5.central.arubanetworks.com |
HTTPS TCP port 443 |
device-uswest5-h2.central.arubanetworks.com |
EU-1 |
app2-eu.central.arubanetworks.com |
device-eu.central.arubanetworks.com |
HTTPS TCP port 443 |
device-eu-h2.central.arubanetworks.com |
EU-2 |
app-eucentral2.central.arubanetworks.com |
device-eucentral2.central.arubanetworks.com |
HTTPS TCP port 443 |
device-eucentral2-h2.central.arubanetworks.com |
EU-3 |
eucentral3.central.arubanetworks.com |
device-eucentral3.central.arubanetworks.com |
HTTPS TCP port 443 |
device-eucentral3-h2.central.arubanetworks.com |
CA Central |
app-ca.central.arubanetworks.com |
device-ca.central.arubanetworks.com |
HTTPS TCP port 443 |
device-ca-h2.central.arubanetworks.com |
CN North |
app.central.arubanetworks.com.cn |
device.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
device-h2.central.arubanetworks.com.cn |
CN-2 |
app-china2.central.arubanetworks.com.cn |
device-china2.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
device-china2-h2.central.arubanetworks.com.cn |
AP South |
app2-ap.central.arubanetworks.com |
app1-ap.central.arubanetworks.com |
HTTPS TCP port 443 |
app1-ap-h2.central.arubanetworks.com |
AP Northeast |
app-apaceast.central.arubanetworks.com |
device-apaceast.central.arubanetworks.com |
HTTPS TCP port 443 |
device-apaceast-h2.central.arubanetworks.com |
AP SouthEast |
app-apacsouth.central.arubanetworks.com |
device-apacsouth.central.arubanetworks.com |
HTTPS TCP port 443 |
device-apacsouth-h2.central.arubanetworks.com |
UAE North |
app-uaenorth1.central.arubanetworks.com |
device-uaenorth1.central.arubanetworks.com |
HTTPS TCP port 443 |
device-uaenorth1-h2.central.arubanetworks.com |
Domain Names for AOS-CX Device Communication with HPE Aruba Networking Central
The HPE Aruba Networking Central URLs mentioned the following table are applicable to AOS-CX switches only.
Region |
HPE Aruba Networking Central URL |
URL for Device Connectivity |
Protocol |
---|---|---|---|
US-1 |
app.central.arubanetworks.com |
device-prod2-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
US-2 |
app-prod2.central.arubanetworks.com |
device-prod2.central.arubanetworks.com |
HTTPS TCP port 443 |
US West |
app-uswest4.central.arubanetworks.com |
device-uswest4-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
US West 5 |
app-uswest5.central.arubanetworks.com |
device-uswest5-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-1 |
app2-eu.central.arubanetworks.com |
device-eu.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-2 |
app-eucentral2.central.arubanetworks.com |
device-eucentral2-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
EU-3 |
app-eucentral3.central.arubanetworks.com |
device-eucentral3-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
CA Central |
app-ca.central.arubanetworks.com |
device-ca.central.arubanetworks.com |
HTTPS TCP port 443 |
CN North |
app.central.arubanetworks.com.cn |
device-china-prod-d2.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
CN-2 |
app-china2.central.arubanetworks.com.cn |
device-china2-d2.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
AP South |
app2-ap.central.arubanetworks.com |
device-apac-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
AP Northeast |
app-apaceast.central.arubanetworks.com |
device-apaceast.central.arubanetworks.com |
HTTPS TCP port 443 |
AP-SouthEast |
app-apacsouth.central.arubanetworks.com |
device-apacsouth.central.arubanetworks.com |
HTTPS TCP port 443 |
UAE North |
app-uaenorth1.central.arubanetworks.com |
device-uaenorth1-d2.central.arubanetworks.com |
HTTPS TCP port 443 |
Domain Names for Device Communication with Aruba Activate
Domain Name |
Protocol |
---|---|
device.arubanetworks.com |
HTTPS TCP port 443 |
devices-v2.arubanetworks.com |
|
est.arubanetworks.com * |
* Required for Aruba 2530 switches to provision certificate using the EST server in activate.
The device.arubanetworks.com URL is not applicable for AOS-CX switches.
For the switches to establish connection with the Activate server, when a proxy server is configured on the network, the URLs in this table must be added to the list of allowed URLs on the proxy server.
Cloud Guest Server Domains for Guest Access Service
Region |
Domain Name |
Protocol |
---|---|---|
US-1
|
naw2.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
naw2-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
US-2
|
nae1.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
nae1-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
US West |
uswest4.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
uswest4-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
US West 5 |
naw2.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
naw2-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
EU-1 |
euw1.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
euw1-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
EU-2 |
euw2.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
euw2-elb.cloudguest.central.arubanetworks.com | TCP port 443 | |
EU-3 |
euw3.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
euw3-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
CA Central
|
ca.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
ca-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
CN North |
cloudguest.central.arubanetworks.com.cn |
TCP port 2083 TCP port 443 |
cloudguest-elb.central.arubanetworks.com.cn |
TCP port 443 |
|
CN-2 |
naw2.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
naw2-elb.cloudguest-elb.central.arubanetworks.com |
TCP port 443 |
|
AP South
|
ap1.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
ap1-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
AP NorthEast
|
apaceast.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
apaceast-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
AP SouthEast
|
apacsouth.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
apacsouth-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
UAE North |
asw1.cloudguest.central.arubanetworks.com |
TCP port 2083 TCP port 443 |
asw1-elb.cloudguest.central.arubanetworks.com |
TCP port 443 |
|
Domain Names for OpenFlow
Region |
Domain Name |
---|---|
US-1 |
https://app2-ofc.central.arubanetworks.com |
US-2 |
https://ofc-prod2.central.arubanetworks.com |
US West |
https://ofc-uswest4.central.arubanetworks.com |
US West 5 |
https://ofc-uswest5.central.arubanetworks.com |
EU-1 |
https://app2-eu-ofc.central.arubanetworks.com |
EU-2 |
https://ofc-eucentral2.central.arubanetworks.com |
EU-3 |
https://ofc-eucentral3.central.arubanetworks.com |
CA Central |
https://ofc-ca.central.arubanetworks.com |
CN North |
https://ofc.central.arubanetworks.com.cn |
CN-2 |
https://ofc-china2.central.arubanetworks.com.cn |
AP South |
https://app2-ap-ofc.central.arubanetworks.com |
APNorthEast |
https://ofc-apaceast.central.arubanetworks.com |
AP SouthEast |
https://ofc-apacsouth.central.arubanetworks.com |
UAE North |
https://ofc-uaenorth1.central.arubanetworks.com |
Domain Names for RCS
Region |
Domain Name |
Protocol |
---|---|---|
US-1 |
rcs-ng-prod.central.arubanetworks.com |
SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. port 443 |
rcs-ng-xp-prod.central.arubanetworks.com |
||
US-2
|
rcs-ng-central-prod2.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-central-prod2.central.arubanetworks.com |
||
US West
|
rcs-ng-uswest4.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-uswest4.central.arubanetworks.com |
||
US West 5 |
rcs-ng-uswest5.central.arubanetworks.com |
SSH port 443 |
EU-1 |
rcs-ng-eu.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-eu.central.arubanetworks.com |
||
EU-2 |
rcs-ng-eucentral2.central.arubanetworks.com |
SSH port 443 |
rcs-ng-xp-eucentral2.central.arubanetworks.com |
||
EU-3 |
rcs-ng-eucentral3.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-eucentral3.central.arubanetworks.com |
||
CA Central
|
rcs-ng-starman.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-starman.central.arubanetworks.com |
||
CN North |
rcs-ng-china-prod.central.arubanetworks.com.cn |
SSH port 443 |
CN-2 |
rcs-ng-china2.central.arubanetworks.com.cn |
SSH port 443 |
AP South
|
rcs-ng-apac.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-apac.central.arubanetworks.com |
||
AP NorthEast
|
rcs-ng-apaceast.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-apaceast.central.arubanetworks.com |
||
AP SouthEast
|
rcs-ng-apacsouth.central.arubanetworks.com |
SSH port 443
|
rcs-ng-xp-apacsouth.central.arubanetworks.com |
||
UAE North |
rcs-ng-uaenorth1.central.arubanetworks.com |
SSH port 443 |
Other Domain Names
Domain Name |
Protocol |
Description |
---|---|---|
sso.arubanetworks.com |
TCP port 443 |
Allows users to access their accounts on the internal server. |
internal.central.arubanetworks.com internal2.central.arubanetworks.com |
TCP port 443 |
Allows users to access the HPE Aruba Networking Central Internal portal. |
pool.ntp.org |
Allows the device to update the internal clock and configure time zone when a factory default device comes up. By default, the HPE Aruba Networking devices contact and use NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. to synchronize their system clocks. |
|
activate.arubanetworks.com |
TCP port 443 |
Allows the device to configure provisioning rules in Activate. |
stun.pqm.arubanetworks.com |
UDP or TCP port 3478 and 3479 |
Allows the device to discover public IP over the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. uplinks configured on devices. |
pqm.arubanetworks.com |
Allows the device to check the health of WAN uplinks configured on Branch Gateways. |
|
common.cloud.hpe.com/ccssvc/ccs-system-firmware-registry |
TCP port 80 and TCP port 443 |
Allows the device to access the CloudFront server for locating all device type software images. |
https://d20kce0f6gvxjn.cloudfront.net |
TCP port 443 |
Allows the device to access the CloudFront server while Aruba IDPS is enabled in HPE Aruba Networking Central gateways. This URL can be invoked only by gateways that have IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. security enabled. The URL cannot be enabled manually. |
cloud.arubanetworks.com |
TCP port 80 |
Allows users to open the HPE Aruba Networking Central evaluation sign-up page. |
aruba.brightcloud.com |
TCP port 443 |
Enables devices to access the Webroot Brightcloud server for application, application categories, and website content classification. |
bcap15-dualstack.brightcloud.com |
TCP port 443 |
Allows HPE Aruba Networking devices to look up the Webroot Brightcloud server for Website categories. |
api-dualstack.bcti.brightcloud.com |
TCP port 443 |
Allows HPE Aruba Networking devices to access the IP Reputation and IP Geolocation service on the Webroot Brightcloud server. |
database-dualstack.brightcloud.com |
TCP port 443 |
Allows HPE Aruba Networking devices to download the website classification database from the Webroot Brightcloud server. |
When configuring ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. to allow traffic over a network firewall, use the domain names instead of the IP addresses.
For Branch Gateways to set up IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel with the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrators, the UDP 4500 port must be open.