Wired Intelligent Edge

 View Only
  • 1.  Aruba central port enable to remote console session

    Posted Oct 02, 2024 12:37 PM
      |   view attached

    Hi everyone, 

    i need to validate a doubt. for SSH connections in aruba central you need port 443 allowed, but this communication is for both ways or only access?
     
    I would appreciate it if you could clear this doubt.
    Regards
    attached image of process


  • 2.  RE: Aruba central port enable to remote console session
    Best Answer

    Posted Oct 02, 2024 06:50 PM
    Hi! I hope to have understood correctly your doubt, if so please have a look here:


    "Aruba Networking Central server in the cloud is carried out through HTTPS (TCP 443). To allow devices to communicate over a network firewall, ensure that the following domain names and ports are open."

    The above means that local devices deployed on premises (switches, as example) should be able to reach - thus we are speaking about egress traffic going from a local site to the Cloud traversing a Firewall - the FQDNs specified on the provided lists on the above URL, each one on its port 443/TCP (HTTPS).

    When an "SSH Remote Session" (so against the port 22/TCP) is opened by Central in Cloud against a device hosted on premises...that communication could happen by a "reverse communication" established through the already active HTTPS 443/TCP tunnel (so no ports are required to be opened for traffic coming from the Cloud with destination the on premises devices). If that would not the case - and to me it's highly unlikely it isn't - it means that an SSH/tcp ingress rule on local Firewall on premises is required to let Central to reach those device from any of its Cloud based positions...and I don't believe it happens that way for security.

    The same could be said also considering an on-premise Central appliance firewalled (segregated) by its controlled devices placed on the other side of the fence.






  • 3.  RE: Aruba central port enable to remote console session

    Posted Oct 03, 2024 09:54 AM

    Thanks Parnassus, 

    this information has been very helpful. 
    Regards