I believe the Onboard app interacts with the Cloud Guest endpoints/URLs mentioned here (depending on your cluster): https://www.arubanetworks.com/techdocs/central/latest/content/nms/device-mgmt/communication_ports.htm
Will check if I can confirm said assumption.
That being said, you won't really be able to lock destinations down to IP addresses as these services are cloud-hosted, hence the IP addresses might change. If you can allow access based on FQDN, then you should be able to achieve that with the correct FQDNs.
------------------------------
I work for Aruba. Any opinions expressed here are solely my own and not do not represent that of Hewlett Packard Enterprise or Aruba.
------------------------------
Original Message:
Sent: Jan 03, 2024 10:43 AM
From: Airjunky2020
Subject: Cloud Auth - Onboarding APP ports
Good afternoon,
Have a question in regards with Aruba Onboard APP with Central CloudAuth. The APP looks as if it uses ports 443 and 80 but would like to restrict 80 down to possible destinations. The firewall output from a session doesnt show much information, does anyone have any suggestions please?