Following ports should be allowed on the Firewall for bringing up Aruba Instant ON APs in cloud
In order to get an IP address, DHCP port 67/68 should be allowed (Note: The Subnet where the AP is connected should have internet address).
Below are the snapshot of the AP getting an IP address through DHCP process.
Once the AP gets an IP, it will try to reach the NTP url “pool.ntp.org” to update the clock. Hence, DNS query(uses port: 53) will be generated for the NTP url.
After getting the NTP server IP, the device use the port number 123 to contact the NTP server and will sync up the Clock.
Once the time is synced, the device will try to reach out to “onboarding.portal.arubainstanton.com” for the Onboarding process.
The device will do HTTPS handshake via the port 443 for the Onborading process.
After Onboarding to a site, the device will try to get the configuration.
The configuration for the site will be saved in the Cloud, hence the device will reach to the respective cloud server to get the configuration.
The device will use HTTPS(443) to get the configuration from the Cloud Server.
Once the device gets the complete configuration, it will go to Active state in the UI/APP Portal.