Dear all,
I have some 70+ IAPs deployed at serveral sites, all with a firewall between the IAP management network and the Internet. Therefore I need to configure appropriate firewall rules to let traffic from the IAPs / VC through to Aruba Central.
After investigating the traffic, I found that my IAPs connect to the following IPs:
- 52.208.175.191 ec2-52-208-175-191.eu-west-1.compute.amazonaws.com
- 52.211.173.59 ec2-52-211-173-59.eu-west-1.compute.amazonaws.com
- 35.161.26.163 ec2-35-161-26-163.us-west-2.compute.amazonaws.com
- 52.210.133.162 ec2-52-210-133-162.eu-west-1.compute.amazonaws.com
- 54.154.194.92 ec2-54-154-194-92.eu-west-1.compute.amazonaws.com
- 35.166.103.179 ec2-35-166-103-179.us-west-2.compute.amazonaws.com
- 52.40.248.70 ec2-52-40-248-70.us-west-2.compute.amazonaws.com
- 52.27.193.179 ec2-52-27-193-179.us-west-2.compute.amazonaws.com
As this are all AWS-Systems, I assume that the IPs can change at any time. Are the public documented DNS-Names for those systems available, so I can configure firewall rules based on those names? Letting all IAPs connect to all IPs in the Internet for access to Aruba Central causes me some headache.
Having a complete list of which IPs/DNS-Names an IAP manged by Aruba Central needs to be able to contact would help here very much. From different sources I have assembled the following list:
- Activate Service: device.arubanetworks.com
- AppCentral: app1.central.arubanetworks.com, app2.central.arubanetworks.com
- FirmwareUpdates: images.arubanetworks.com, d2vxf1j0rhr3p0.cloudfront.net
- CloudGuest: euw1.cloudguest.central.arubanetworks.com, 54.194.135.148
Thanks, Gerhard