Hi! I hope to have understood correctly your doubt, if so please have a look here:
"Aruba Networking Central server in the cloud is carried out through HTTPS (TCP 443). To allow devices to communicate over a network firewall, ensure that the following domain names and ports are open."
The above means that local devices deployed on premises (switches, as example) should be able to reach - thus we are speaking about egress traffic going from a local site to the Cloud traversing a Firewall - the FQDNs specified on the provided lists on the above URL, each one on its port 443/TCP (HTTPS).
When an "SSH Remote Session" (so against the port 22/TCP) is opened by Central in Cloud against a device hosted on premises...that communication could happen by a "reverse communication" established through the already active HTTPS 443/TCP tunnel (so no ports are required to be opened for traffic coming from the Cloud with destination the on premises devices). If that would not the case - and to me it's highly unlikely it isn't - it means that an SSH/tcp ingress rule on local Firewall on premises is required to let Central to reach those device from any of its Cloud based positions...and I don't believe it happens that way for security.
The same could be said also considering an on-premise Central appliance firewalled (segregated) by its controlled devices placed on the other side of the fence.
Original Message:
Sent: 10/2/2024 12:37:00 PM
From: DT
Subject: Aruba central port enable to remote console session
Hi everyone,
i need to validate a doubt. for SSH connections in aruba central you need port 443 allowed, but this communication is for both ways or only access?
I would appreciate it if you could clear this doubt.
Regards
attached image of process