What are the ports that needs to be allowed on Firewall in order to bring up Aruba Instant ON APs?

Employee
Employee

What are the ports that needs to be allowed on Firewall in order to bring up Aruba Instant ON APs?

Following ports should be allowed on the Firewall for bringing up Aruba Instant ON APs in cloud

  • DNS     : 53 (UDP)                           
  • HTTP    :  80 (TCP)                       
  • HTTPS : 443 (TCP)
  • NTP      : 123 (UDP)

In order to get an IP address, DHCP port 67/68 should be allowed (Note: The Subnet where the AP is connected should have internet address).

Below are the snapshot of the AP getting an IP address through DHCP process.

dhcp.png

Once the AP gets an IP, it will try to reach the NTP url “pool.ntp.org” to update the clock. Hence, DNS query(uses port: 53) will be generated for the NTP url.

After getting the NTP server IP, the device use the port number 123 to contact the NTP server and will sync up the Clock.

ntp.png

Once the time is synced, the device will try to reach out to “onboarding.portal.arubainstanton.com” for the Onboarding process.

The device will do HTTPS handshake via the port 443 for the Onborading process.

onboarding.png

After Onboarding to a site, the device will try to get the configuration.

The configuration for the site will be saved in the Cloud, hence the device will reach to the respective cloud server to get the configuration.

The device will use HTTPS(443) to get the configuration from the Cloud Server.

configuration.png

Once the device gets the complete configuration, it will go to Active state in the UI/APP Portal. 

 

Regards,
Swaathi Ramaswamy
Labels (1)