Opening Firewall Ports for Device Communication

Aruba Central can be accessed from the HPE GreenLake portal using the following URLs Uniform Resource Locator. URL is a global address used for locating web resources on the Internet..

The URLs redirect to https://auth.hpe.com/ to present the HPE GreenLake login page.

Starting 2024, the https://common.cloud.hpe.com/ URL will be deprecated.

For more information about accessing the HPE GreenLake portal and adding the Aruba Central app, see Creating an Aruba Central Account .

Most of the communication between devices on the remote site and Aruba Central server in the cloud is carried out through HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). To allow devices to communicate over a network firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., ensure that the following domain names and ports are open.

This section includes the following topics:

Domain Names for Aruba Central Portal Access

Domain names for hybrid endpoint

Table 1: Domain Names for Aruba Central Portal Access

Region

Domain Name

Protocol

US-1

app1.hybrid.central.arubanetworks.com

HTTPS

TCP port 443

US-2

hc-prod2.central.arubanetworks.com

HTTPS

TCP port 443

US West

uswest4-hc.central.arubanetworks.com

HTTPS

TCP port 443

EU-1

central-eu-hc.central.arubanetworks.com

HTTPS

TCP port 443

EU Central

eucentral3-hc.central.arubanetworks.com

HTTPS

TCP port 443

CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. Central

ca-hc.central.arubanetworks.com

HTTPS

TCP port 443

AP South

apac-hc.central.arubanetworks.com

HTTPS

TCP port 443

AP Northeast

apaceast-hc.central.arubanetworks.com

HTTPS

TCP port 443

AP-SouthEast

apacsouth-hc.central.arubanetworks.com

HTTPS

TCP port 443

UAE North

uaenorth1.central.arubanetworks.com

HTTPS

TCP port 443

Domain Names for Device Communication with Aruba Central

Table 2: Domain Names for Device Communication with Aruba Central

Region

Aruba Central URL

URL for Device Connectivity

Protocol

FQDNs for Overlay Route Orchestrator (ORO) and Overlay Tunnel Orchestrator (OTO) Services

US-1

app.central.arubanetworks.com

app1.central.arubanetworks.com

HTTPS

TCP port 443

app1-h2.central.arubanetworks.com

US-2

app-prod2.central.arubanetworks.com

device-prod2.central.arubanetworks.com

HTTPS

TCP port 443

device-prod2-h2.central.arubanetworks.com

US West

app-uswest4.central.arubanetworks.com

device-uswest4.central.arubanetworks.com

HTTPS

TCP port 443

device-uswest4-h2.central.arubanetworks.com

EU-1

app2-eu.central.arubanetworks.com

device-eu.central.arubanetworks.com

HTTPS

TCP port 443

device-eu-h2.central.arubanetworks.com

EU Central

eucentral3.central.arubanetworks.com

device-eucentral3.central.arubanetworks.com

HTTPS

TCP port 443

device-eucentral3-h2.central.arubanetworks.com

CA Central

app-ca.central.arubanetworks.com

device-ca.central.arubanetworks.com

HTTPS

TCP port 443

device-ca-h2.central.arubanetworks.com

CN Common Name. CN is the primary name used to identify a certificate.  North

app.central.arubanetworks.com.cn

device.central.arubanetworks.com.cn

HTTPS

TCP port 443

device-h2.central.arubanetworks.com.cn

AP South

app2-ap.central.arubanetworks.com

app1-ap.central.arubanetworks.com

HTTPS

TCP port 443

app1-ap-h2.central.arubanetworks.com

AP Northeast

app-apaceast.central.arubanetworks.com

device-apaceast.central.arubanetworks.com

HTTPS

TCP port 443

device-apaceast-h2.central.arubanetworks.com

AP SouthEast

app-apacsouth.central.arubanetworks.com

device-apacsouth.central.arubanetworks.com

HTTPS

TCP port 443

device-apacsouth-h2.central.arubanetworks.com

UAE North

app-uaenorth1.central.arubanetworks.com

device-uaenorth1.central.arubanetworks.com

HTTPS

TCP port 443

device-uaenorth1-h2.central.arubanetworks.com

Domain Names for AOS-CX Device Communication with Aruba Central

Table 3: Domain Names for AOS-CX Device Communication with Aruba Central

Region

Aruba Central URL

URL for Device Connectivity

Protocol

US-1

app.central.arubanetworks.com

device-prod2-d2.central.arubanetworks.com

HTTPS

TCP port 443

US-2

app-prod2.central.arubanetworks.com

device-prod2.central.arubanetworks.com

HTTPS

TCP port 443

US West

app-uswest4.central.arubanetworks.com

device-uswest4-d2.central.arubanetworks.com

HTTPS

TCP port 443

EU-1

app2-eu.central.arubanetworks.com

device-eu.central.arubanetworks.com

HTTPS

TCP port 443

EU Central

app-eucentral3.central.arubanetworks.com

device-eucentral3-d2.central.arubanetworks.com

HTTPS

TCP port 443

CA Central

app-ca.central.arubanetworks.com

device-ca.central.arubanetworks.com

HTTPS

TCP port 443

CN North

app.central.arubanetworks.com

device.central.arubanetworks.com

HTTPS

TCP port 443

AP South

app2-ap.central.arubanetworks.com

app1-ap.central.arubanetworks.com

HTTPS

TCP port 443

AP Northeast

app-apaceast.central.arubanetworks.com

device-apaceast.central.arubanetworks.com

HTTPS

TCP port 443

AP-SouthEast

app-apacsouth.central.arubanetworks.com

device-apacsouth.central.arubanetworks.com

HTTPS

TCP port 443

UAE North

app-uaenorth1.central.arubanetworks.com

device-uaenorth1-d2.central.arubanetworks.com

HTTPS

TCP port 443

Domain Names for Device Communication with Aruba Activate

Table 4: Domain Names for Device Communication with Aruba Activate

Domain Name

Protocol

device.arubanetworks.com

HTTPS

TCP port 443

devices-v2.arubanetworks.com

est.arubanetworks.com *

* Required for Aruba 2530 switches to provision certificate using the EST server in activate.

For the switches to establish connection with the Activate server, when a proxy server is configured on the network, the URLs in this table must be added to the list of allowed URLs on the proxy server.

Cloud Guest Server Domains for Guest Access Service

Table 5: Domain Names for Cloud Guest Server Access

Region

Domain Name

Protocol

US-1

 

naw2.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

naw2-elb.cloudguest.central.arubanetworks.com

TCP port 443

US-2

 

nae1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

nae1-elb.cloudguest.central.arubanetworks.com

TCP port 443

US West

uswest4.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

uswest4-elb.cloudguest.central.arubanetworks.com

TCP port 443

EU-1

 

euw1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

euw1-elb.cloudguest.central.arubanetworks.com

TCP port 443

EU Central

euw1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

euw1-elb.cloudguest.central.arubanetworks.com

TCP port 443

CA Central

 

ca.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

ca-elb.cloudguest.central.arubanetworks.com

TCP port 443

AP South

 

ap1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

ap1-elb.cloudguest.central.arubanetworks.com

TCP port 443

AP NorthEast

 

apaceast.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

apaceast-elb.cloudguest.central.arubanetworks.com

TCP port 443

AP SouthEast

 

apacsouth.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

apacsouth-elb.cloudguest.central.arubanetworks.com

TCP port 443

UAE North

asw1.cloudguest.central.arubanetworks.com

TCP port 2083

TCP port 443

asw1-elb.cloudguest.central.arubanetworks.com

TCP port 443

Domain Names for OpenFlow

Table 6: Domain Names for OpenFlow

Region

Domain Name

US-1

https://app2-ofc.central.arubanetworks.com

US-2

https://ofc-prod2.central.arubanetworks.com

US West

https://ofc-uswest4.central.arubanetworks.com

EU-1

https://app2-eu-ofc.central.arubanetworks.com

EU Central

https://ofc-eucentral3.central.arubanetworks.com

CA Central

https://ofc-ca.central.arubanetworks.com

CN North

https://ofc.central.arubanetworks.com.cn

AP South

https://app2-ap-ofc.central.arubanetworks.com

APNorthEast

https://ofc-apaceast.central.arubanetworks.com

AP SouthEast

https://ofc-apacsouth.central.arubanetworks.com

UAE North

https://ofc-uaenorth1.central.arubanetworks.com

Domain Names for RCS

Table 7: Domain Names and URLs for RCS

Region

Domain Name

Protocol

US-1

rcs-ng-prod.central.arubanetworks.com

SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. port 443

rcs-ng-xp-prod.central.arubanetworks.com

US-2

 

rcs-ng-central-prod2.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-central-prod2.central.arubanetworks.com

US West

 

rcs-ng-uswest4.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-uswest4.central.arubanetworks.com

EU-1

rcs-ng-eu.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-eu.central.arubanetworks.com

EU Central

 

rcs-ng-eucentral3.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-eucentral3.central.arubanetworks.com

CA Central

 

rcs-ng-starman.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-starman.central.arubanetworks.com

CN North

rcs-ng-china-prod.central.arubanetworks.com.cn

SSH port 443

AP South

 

rcs-ng-apac.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apac.central.arubanetworks.com

AP NorthEast

 

rcs-ng-apaceast.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apaceast.central.arubanetworks.com

AP SouthEast

 

rcs-ng-apacsouth.central.arubanetworks.com

SSH port 443

 

rcs-ng-xp-apacsouth.central.arubanetworks.com

UAE North

rcs-ng-uaenorth1.central.arubanetworks.com

SSH port 443

Other Domain Names

Table 8: Other Domain Names

Domain Name

Protocol

Description

sso.arubanetworks.com

TCP port 443

Allows users to access their accounts on the internal server.

internal.central.arubanetworks.com

internal2.central.arubanetworks.com

TCP port 443

Allows users to access the Aruba Central Internal portal.

pool.ntp.org

UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port 123

Allows users to update the internal clock and configure time zone when a factory default device comes up.

By default, the Aruba devices contact pool.ntp.org and use NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. to synchronize their system clocks.

activate.arubanetworks.com

TCP port 443

Allows users to configure provisioning rules in Activate.

stun.pqm.arubanetworks.com

UDP or TCP port 3478 and 3479

Allows users to discover public IP over the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. uplinks configured on devices.

pqm.arubanetworks.com

ICMP Internet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. or UDP port 4500

Allows users to check the health of WAN uplinks configured on Branch Gateways.

common.cloud.hpe.com/ccssvc/ccs-system-firmware-registry

TCP port 80 and TCP port 443

Allows users to access the CloudFront server for locating all device type software images.

https://d20kce0f6gvxjn.cloudfront.net

TCP port 443

Allows users to access the CloudFront server while Aruba IDPS is enabled in Aruba Central gateways.

NOTE: This URL can be invoked only by gateways that have IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. security enabled. The URL cannot be enabled manually.

cloud.arubanetworks.com

TCP port 80

Allows users to open the Aruba Central evaluation sign-up page.

aruba.brightcloud.com

TCP port 443

Enables devices to access the Webroot Brightcloud  server for application, application categories, and website content classification.

bcap15-dualstack.brightcloud.com

TCP port 443

Allows Aruba devices to look up the Webroot Brightcloud server for Website categories.

api-dualstack.bcti.brightcloud.com

TCP port 443

Allows Aruba devices to access the IP Reputation and IP Geolocation service on the Webroot Brightcloud server.

database-dualstack.brightcloud.com

TCP port 443

Allows Aruba devices to download the website classification database from the Webroot Brightcloud server.