Firewall configuration for access of the software controller to the cloud
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Which ports and target IP addresses must be enabled so that the software controller can connect to the cloud access?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.
Omada Cloud’s Domain Names | TP-Link Deutschland
| Domain User |
Domain Name |
Port |
Usage |
| Omada Devices (Omada Gateway, Omada Switch, Omada EAP) |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP). Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below. |
|
| aps1-omada-device.tplinkcloud.com use1-omada-device.tplinkcloud.com euw1-omada-device.tplinkcloud.com |
29810 29811 29812 29813 29814 29815 29816 443 |
These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada devices to download new official firmware for updates. |
|
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains allow Omada devices to download firmware that has been manually uploaded for custom updates. Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well. |
|
| Software Controller & Hardware Controller |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services. |
|
| aps1-api-omada.tplinknbu.com use1-api-omada.tplinknbu.com euw1-api-omada.tplinknbu.com |
443 |
These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access. |
|
| n-wap-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada Software and Hardware Controllers to download new official releases. |
|
| n-da.tplinkcloud.com |
443 |
This domain provides the User Experience Improvement Program services. |
|
| Omada Users |
omada.tplinkcloud.com aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
These domains are used when you access your Omada CBC via a web browser or the Omada APP. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains are used to load some customized resources such as Heatmap images and Portal background pictures. |
|
| omada.tplinkcloud.com aps1-api-omada.tplinkcloud.com use1-api-omada.tplinkcloud.com euw1-api-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”). |
|
| Clients |
aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.amazonaws.com *.s3.eu-west-1.amazonaws.com |
443 |
These domains are used to load Omada CBC’s Portal resources, such as customized background pictures. |
|
| privacy.tp-link.com |
443 |
Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal. |
- Copy Link
- Report Inappropriate Content
Hey, this document may help you: Which ports do Omada SDN Controller and Omada Discovery Utility use? (above Controller 5.0.15)
- Copy Link
- Report Inappropriate Content
many thanks for your response. I already know the document, but I can't find a destination IP. We have quite a strict policy and I need to provide ports as well as source and destination IP addresses for setup.
- Copy Link
- Report Inappropriate Content
Use the wireshark to capture the packets and analyze which destination IP that it uses. And the source IP I think is the PC's IP?
- Copy Link
- Report Inappropriate Content
I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.
Omada Cloud’s Domain Names | TP-Link Deutschland
| Domain User |
Domain Name |
Port |
Usage |
| Omada Devices (Omada Gateway, Omada Switch, Omada EAP) |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP). Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below. |
|
| aps1-omada-device.tplinkcloud.com use1-omada-device.tplinkcloud.com euw1-omada-device.tplinkcloud.com |
29810 29811 29812 29813 29814 29815 29816 443 |
These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada devices to download new official firmware for updates. |
|
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains allow Omada devices to download firmware that has been manually uploaded for custom updates. Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well. |
|
| Software Controller & Hardware Controller |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services. |
|
| aps1-api-omada.tplinknbu.com use1-api-omada.tplinknbu.com euw1-api-omada.tplinknbu.com |
443 |
These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access. |
|
| n-wap-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada Software and Hardware Controllers to download new official releases. |
|
| n-da.tplinkcloud.com |
443 |
This domain provides the User Experience Improvement Program services. |
|
| Omada Users |
omada.tplinkcloud.com aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
These domains are used when you access your Omada CBC via a web browser or the Omada APP. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains are used to load some customized resources such as Heatmap images and Portal background pictures. |
|
| omada.tplinkcloud.com aps1-api-omada.tplinkcloud.com use1-api-omada.tplinkcloud.com euw1-api-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”). |
|
| Clients |
aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.amazonaws.com *.s3.eu-west-1.amazonaws.com |
443 |
These domains are used to load Omada CBC’s Portal resources, such as customized background pictures. |
|
| privacy.tp-link.com |
443 |
Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal. |
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1788
Replies: 4
Voters 0
No one has voted for it yet.