Preparing to add the Aruba IDPS-Supported Gateways

If you are an existing customer who wants to enable and use Aruba IDPS, and do not have Aruba IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it.-supported gateways, then you need Aruba IDPS-supported gateways and either gateway or SD-Branch security license. For more information on on-boarding and provisioning gateways, see Aruba Central Licenses.

If you are an existing customer who has Aruba IDPS-supported gateways deployed, then you need a gateway or SD-Branch security license to use Aruba IDPS.

Supported Aruba Gateways for Aruba IDPS

The following table lists the Branch Gateway, VPNC, and Mobility Gateway models that support Aruba IDPS:

Table 1: Supported Aruba Gateways

Platform

Persona

Minimum Supported Software Version

Recommended Software Version

Latest Software Version

Aruba 9004

Branch Gateway

ArubaOS 10.4.1.1 (LSR Long Supported Release. LSR is the release type tag that helps to identify the maintenace schedule of the software version.)

ArubaOS 10.4.1.1 (LSR)

ArubaOS 10.6.0.0 (SSR Short Supported Release. SSR is the release type tag that helps to identify the maintenace schedule of the software version.)

Aruba 9004-LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G.

Branch Gateway

ArubaOS 10.4.1.1 (LSR)

ArubaOS 10.4.1.1 (LSR)

ArubaOS 10.6.0.0 (SSR)

Aruba 9012

  • Branch Gateway

  • VPNC

ArubaOS 10.4.1.1 (LSR)

ArubaOS 10.4.1.1 (LSR)

ArubaOS 10.6.0.0 (SSR)

Aruba 9114

  • Branch Gateway

  • Mobility Gateway

ArubaOS 10.6.0.0 (SSR)

ArubaOS 10.6.0.0 (SSR)

ArubaOS 10.6.0.0 (SSR)

Aruba 9240

  • Branch Gateway

  • Mobility Gateway

ArubaOS 10.6.0.0 (SSR)

ArubaOS 10.6.0.0 (SSR)

ArubaOS 10.6.0.0 (SSR)

The IDPS-supported gateway reboots in the following scenarios:

  • When you apply the security license to Aruba IDPS-supported gateways on the network, the gateways reboot to enable the traffic inspection engine.
  • When a System IP is assigned to the gateway.
  • When the image on Activate and that on the device are different.
  • When you upgrade the software to the recommended version.

When the gateways reboot, there will be a considerable down time (approximately 4 minutes) in the network. It is recommended that you apply the security license to the existing Aruba IDPS-supported gateways during non-working hours.

Best Practices

The following are some of the best practices for configuring Aruba IDPS and get the IDPS-supported gateways up and running:

  • Ensure that you set up the recommended firmware upgrade at the group level. For more information, see Upgrading the Firmware on a Device.
  • Assign the gateway or SD-Branch security subscription before you start to configure the IDPS-supported gateway. For more information, see Assigning Subscriptions to Aruba Devices
  • For gateways provisioned using Aruba Activate, ensure that the image on Aruba Activate and that on the device are same. For more information, see Connecting Aruba Gateways to Aruba Central.
  • Follow the given sequence of steps to configure Aruba IDPS on a IDPS-supported gateway:
    1. Upgrade firmware to ArubaOS 8.5.0.0 - 2.3.0.0.
    2. Apply a valid security subscription.
    3. Enable traffic inspection.