Firewall configuration for access of the software controller to the cloud

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Firewall configuration for access of the software controller to the cloud

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Firewall configuration for access of the software controller to the cloud
Firewall configuration for access of the software controller to the cloud
2023-09-06 11:32:05 - last edited 2023-11-06 11:43:23
Tags: #Controller #Firewall
Hardware Version: V5
Firmware Version: 5.9.9

Which ports and target IP addresses must be enabled so that the software controller can connect to the cloud access?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Firewall configuration for access of the software controller to the cloud-Solution
2023-11-06 11:41:57 - last edited 2023-11-06 11:43:23

I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.

 

 

Omada Cloud’s Domain Names | TP-Link Deutschland

 

 

 

 

Domain User

Domain Name

Port

Usage

Omada Devices

(Omada Gateway, Omada Switch, Omada EAP)

n-device-omada.tplinkcloud.com

n-device-entry-omada.tplinkcloud.com

n-device-omada-api.tplinkcloud.com

443

These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services.

n-aps1-device-omada.tplinkcloud.com

n-aps1-device-api.tplinkcloud.com

n-euw1-device-omada.tplinkcloud.com

n-euw1-device-api.tplinkcloud.com

n-use1-device-omada.tplinkcloud.com

n-use1-device-api.tplinkcloud.com

443

These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP).

Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below.

aps1-omada-device.tplinkcloud.com

use1-omada-device.tplinkcloud.com

euw1-omada-device.tplinkcloud.com

29810

29811

29812

29813

29814

29815

29816

443

These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port.

download.tplinkcloud.com

80

This domain is used for Omada devices to download new official firmware for updates.

*.s3.ap-southeast-1.amazonaws.com

*.s3.eu-west-1.amazonaws.com

*.s3.amazonaws.com

443

These domains allow Omada devices to download firmware that has been manually uploaded for custom updates.

Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well.

Software Controller

& Hardware Controller

n-device-omada.tplinkcloud.com

n-device-entry-omada.tplinkcloud.com

n-device-omada-api.tplinkcloud.com

443

These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services.

n-aps1-device-omada.tplinkcloud.com

n-aps1-device-api.tplinkcloud.com

n-euw1-device-omada.tplinkcloud.com

n-euw1-device-api.tplinkcloud.com

n-use1-device-omada.tplinkcloud.com

n-use1-device-api.tplinkcloud.com

443

These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services.

aps1-api-omada.tplinknbu.com

use1-api-omada.tplinknbu.com

euw1-api-omada.tplinknbu.com

443

These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access.

n-wap-omada.tplinkcloud.com

aps1-wap-omada.tplinknbu.com

use1-wap-omada.tplinknbu.com

euw1-wap-omada.tplinknbu.com

443

These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access.

download.tplinkcloud.com

80

This domain is used for Omada Software and Hardware Controllers to download new official releases.

n-da.tplinkcloud.com

443

This domain provides the User Experience Improvement Program services.

Omada Users

omada.tplinkcloud.com

aps1-omada-controller.tplinkcloud.com

aps1-api-omada-controller.tplinkcloud.com

euw1-omada-controller.tplinkcloud.com

euw1-api-omada-controller.tplinkcloud.com

use1-omada-controller.tplinkcloud.com

use1-api-omada-controller.tplinkcloud.com

443

These domains are used when you access your Omada CBC via a web browser or the Omada APP.

*.s3.ap-southeast-1.amazonaws.com

*.s3.eu-west-1.amazonaws.com

*.s3.amazonaws.com

443

These domains are used to load some customized resources such as Heatmap images and Portal background pictures.

omada.tplinkcloud.com

aps1-api-omada.tplinkcloud.com

use1-api-omada.tplinkcloud.com

euw1-api-omada.tplinkcloud.com

aps1-wap-omada.tplinknbu.com

use1-wap-omada.tplinknbu.com

euw1-wap-omada.tplinknbu.com

443

These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”).

Clients

aps1-omada-controller.tplinkcloud.com

aps1-api-omada-controller.tplinkcloud.com

euw1-omada-controller.tplinkcloud.com

euw1-api-omada-controller.tplinkcloud.com

use1-omada-controller.tplinkcloud.com

use1-api-omada-controller.tplinkcloud.com

443

If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page.

*.s3.ap-southeast-1.amazonaws.com

*.s3.amazonaws.com

*.s3.eu-west-1.amazonaws.com

443

These domains are used to load Omada CBC’s Portal resources, such as customized background pictures.

www.tp-link.com

privacy.tp-link.com

443

Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal.

Recommended Solution
  3  
  3  
#5
Options
4 Reply
Re:Firewall configuration for access of the software controller to the cloud
2023-09-07 07:33:05
Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Firewall configuration for access of the software controller to the cloud
2023-09-07 07:47:37

  @Virgo 

many thanks for your response. I already know the document, but I can't find a destination IP. We have quite a strict policy and I need to provide ports as well as source and destination IP addresses for setup.

  0  
  0  
#3
Options
Re:Firewall configuration for access of the software controller to the cloud
2023-09-08 03:26:28

  @FKO 

 

Use the wireshark to capture the packets and analyze which destination IP that it uses. And the source IP I think is the PC's IP?

Just striving to develop myself while helping others.
  0  
  0  
#4
Options
Re:Firewall configuration for access of the software controller to the cloud-Solution
2023-11-06 11:41:57 - last edited 2023-11-06 11:43:23

I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.

 

 

Omada Cloud’s Domain Names | TP-Link Deutschland

 

 

 

 

Domain User

Domain Name

Port

Usage

Omada Devices

(Omada Gateway, Omada Switch, Omada EAP)

n-device-omada.tplinkcloud.com

n-device-entry-omada.tplinkcloud.com

n-device-omada-api.tplinkcloud.com

443

These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services.

n-aps1-device-omada.tplinkcloud.com

n-aps1-device-api.tplinkcloud.com

n-euw1-device-omada.tplinkcloud.com

n-euw1-device-api.tplinkcloud.com

n-use1-device-omada.tplinkcloud.com

n-use1-device-api.tplinkcloud.com

443

These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP).

Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below.

aps1-omada-device.tplinkcloud.com

use1-omada-device.tplinkcloud.com

euw1-omada-device.tplinkcloud.com

29810

29811

29812

29813

29814

29815

29816

443

These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port.

download.tplinkcloud.com

80

This domain is used for Omada devices to download new official firmware for updates.

*.s3.ap-southeast-1.amazonaws.com

*.s3.eu-west-1.amazonaws.com

*.s3.amazonaws.com

443

These domains allow Omada devices to download firmware that has been manually uploaded for custom updates.

Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well.

Software Controller

& Hardware Controller

n-device-omada.tplinkcloud.com

n-device-entry-omada.tplinkcloud.com

n-device-omada-api.tplinkcloud.com

443

These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services.

n-aps1-device-omada.tplinkcloud.com

n-aps1-device-api.tplinkcloud.com

n-euw1-device-omada.tplinkcloud.com

n-euw1-device-api.tplinkcloud.com

n-use1-device-omada.tplinkcloud.com

n-use1-device-api.tplinkcloud.com

443

These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services.

aps1-api-omada.tplinknbu.com

use1-api-omada.tplinknbu.com

euw1-api-omada.tplinknbu.com

443

These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access.

n-wap-omada.tplinkcloud.com

aps1-wap-omada.tplinknbu.com

use1-wap-omada.tplinknbu.com

euw1-wap-omada.tplinknbu.com

443

These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access.

download.tplinkcloud.com

80

This domain is used for Omada Software and Hardware Controllers to download new official releases.

n-da.tplinkcloud.com

443

This domain provides the User Experience Improvement Program services.

Omada Users

omada.tplinkcloud.com

aps1-omada-controller.tplinkcloud.com

aps1-api-omada-controller.tplinkcloud.com

euw1-omada-controller.tplinkcloud.com

euw1-api-omada-controller.tplinkcloud.com

use1-omada-controller.tplinkcloud.com

use1-api-omada-controller.tplinkcloud.com

443

These domains are used when you access your Omada CBC via a web browser or the Omada APP.

*.s3.ap-southeast-1.amazonaws.com

*.s3.eu-west-1.amazonaws.com

*.s3.amazonaws.com

443

These domains are used to load some customized resources such as Heatmap images and Portal background pictures.

omada.tplinkcloud.com

aps1-api-omada.tplinkcloud.com

use1-api-omada.tplinkcloud.com

euw1-api-omada.tplinkcloud.com

aps1-wap-omada.tplinknbu.com

use1-wap-omada.tplinknbu.com

euw1-wap-omada.tplinknbu.com

443

These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”).

Clients

aps1-omada-controller.tplinkcloud.com

aps1-api-omada-controller.tplinkcloud.com

euw1-omada-controller.tplinkcloud.com

euw1-api-omada-controller.tplinkcloud.com

use1-omada-controller.tplinkcloud.com

use1-api-omada-controller.tplinkcloud.com

443

If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page.

*.s3.ap-southeast-1.amazonaws.com

*.s3.amazonaws.com

*.s3.eu-west-1.amazonaws.com

443

These domains are used to load Omada CBC’s Portal resources, such as customized background pictures.

www.tp-link.com

privacy.tp-link.com

443

Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal.

Recommended Solution
  3  
  3  
#5
Options