Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
This topic describes the Data Collector firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. requirements and how to create a Data Collector.
Before You Begin
Before you can create a data collector, you must have already successfully set up a physical appliance or virtual appliance.
For more information, see Setting Up Appliances.
Data Collector Firewall Requirements
Most of the communication between Data Collector and HPE Aruba Networking Central server in the cloud is carried out through HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. 443). To allow Data Collector to communicate over a network firewall, ensure that the following domain names and ports are open:
Network Services (Internal or External) from Collector
The network services (internal or external) requirements from the data collector include:
- TCP/UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. 53 (DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.)
- UDP 123 (NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network.)
- Production Core Update Server and Protocol: coreupdate-prod.central.arubanetworks.com and https tcp port 443
- Container Registry URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. and Protocol: quay.io (allow subdomains also) and https tcp 443
- Helm chart repository for Cilium url and Protocol : helm.cilium.io and https tcp 443
- Aruba Cloud URL Discovery Server and Protocol: api-csp.central.arubanetworks.com and https tcp 443
- Domain Names for HPE Aruba Networking Central
- Domain Names for Hybrid Endpoints
- Domain Names for RCS
- ClearPass Device Insight Requirements
Domain Names for HPE Aruba Networking Central
|
Region |
Domain Name |
Protocol |
|---|---|---|
|
US-1 |
app.central.arubanetworks.com |
HTTPS TCP port 443 |
|
US-2 |
app-prod2.central.arubanetworks.com |
HTTPS TCP port 443 |
|
US-WEST-4 |
app-uswest4.central.arubanetworks.com |
HTTPS TCP port 443 |
|
EU-1 |
app2-eu.central.arubanetworks.com |
HTTPS TCP port 443 |
|
EU-Central |
app-eucentral3.central.arubanetworks.com |
HTTPS TCP port 443 |
|
app-ca.central.arubanetworks.com |
HTTPS TCP port 443 |
|
|
CN Common Name. CN is the primary name used to identify a certificate. -North |
app.central.arubanetworks.com.cn |
HTTPS TCP port 443 |
|
AP-South |
app2-ap.central.arubanetworks.com |
HTTPS TCP port 443 |
|
AP-Northeast |
app-apaceast.central.arubanetworks.com |
HTTPS TCP port 443 |
|
AP-Southeast |
app-apacsouth.central.arubanetworks.com |
HTTPS TCP port 443 |
|
UAE-North |
app-uaenorth1.central.arubanetworks.com |
HTTPS TCP port 443 |
Domain Names for Hybrid Endpoints
|
Region |
Domain Name |
Protocol |
|---|---|---|
|
US-1 |
app1-hybrid.central.arubanetworks.com |
HTTPS TCP port 443 |
|
US-2 |
hc-prod2.central.arubanetworks.com |
HTTPS TCP port 443 |
|
US-WEST-4 |
uswest4-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
EU-1 |
central-eu-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
EU-3 |
eucentral3-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
Canada-1
|
ca-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
APAC-1 |
apac-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
APAC-EAST1 |
apaceast-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
APAC-SOUTH1 |
apacsouth-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
|
UAENORTH1 |
uaenorth1-hc.central.arubanetworks.com |
HTTPS TCP port 443 |
Domain Names for RCS
|
Region |
Domain Name |
Protocol |
|---|---|---|
|
US-1 |
rcs-ng-prod.central.arubanetworks.com |
SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. port 443 |
|
rcs-ng-xp-prod.central.arubanetworks.com |
||
|
US-2 |
rcs-ng-central-prod2.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-central-prod2.central.arubanetworks.com |
||
|
US-WEST-4 |
rcs-ng-uswest4.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-uswest4.central.arubanetworks.com |
||
|
EU-1 |
rcs-ng-eu.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-eu.central.arubanetworks.com |
||
|
EU-3 |
rcs-ng-eucentral3.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-eucentral3.central.arubanetworks.com |
||
|
Canada-1
|
rcs-ng-starman.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-starman.central.arubanetworks.com |
||
|
China-1 |
rcs-ng-china-prod.central.arubanetworks.com.cn |
SSH port 443 |
|
APAC-1 |
rcs-ng-apac.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-apac.central.arubanetworks.com |
||
|
APAC-EAST1 |
rcs-ng-apaceast.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-apaceast.central.arubanetworks.com |
||
|
APAC-SOUTH1 |
rcs-ng-apacsouth.central.arubanetworks.com |
SSH port 443
|
|
rcs-ng-xp-apacsouth.central.arubanetworks.com |
||
|
UAENORTH1 |
rcs-ng-uaenorth1.central.arubanetworks.com |
SSH port 443 |
ClearPass Device Insight Requirements
This topic lists the ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. Device Insight requirements.
Network Requirements for CPDI Collector
The network requirements for CPDI ClearPass Device Insight provides a full-spectrum of visibility across the network by intelligently discovering and profiling all connected devices. collector include:
- Static IP address
- Outbound Internet Access on TCP port 443
- Optional: Proxy Server
Network Services (Internal or External) from Data Collector
The network services (internal or external) requirements from the data collector include:
- TCP/UDP 53 (DNS)
- UDP 123 (NTP)
Recommended Access to Network Devices from Data Collector
The recommended access to network devices from the collector includes UDP 161: SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. (V1 through 3, but 3 is preferred).
Recommended Access from Network Devices to Data Collector
The recommended access to network devices from the collector includes:
- UDP 67: DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. for the ip-helpers / DHCP relays
- When used: Netflow or IPFix
Recommended Access to Endpoints from Data Collector
The recommended access to endpoints from the collector includes:
- TCP, UDP, ICMP Internet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. - For nmap profiling and WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. profiling
- TCP:22 - For SSH scans
- UDP:161 - for SNMP scans
The following section explains how to manage data collectors:
