Firewall configuration for access of the software controller to the cloud
Which ports and target IP addresses must be enabled so that the software controller can connect to the cloud access?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.
Omada Cloud’s Domain Names | TP-Link Deutschland
| Domain User |
Domain Name |
Port |
Usage |
| Omada Devices (Omada Gateway, Omada Switch, Omada EAP) |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP). Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below. |
|
| aps1-omada-device.tplinkcloud.com use1-omada-device.tplinkcloud.com euw1-omada-device.tplinkcloud.com |
29810 29811 29812 29813 29814 29815 29816 443 |
These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada devices to download new official firmware for updates. |
|
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains allow Omada devices to download firmware that has been manually uploaded for custom updates. Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well. |
|
| Software Controller & Hardware Controller |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services. |
|
| aps1-api-omada.tplinknbu.com use1-api-omada.tplinknbu.com euw1-api-omada.tplinknbu.com |
443 |
These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access. |
|
| n-wap-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada Software and Hardware Controllers to download new official releases. |
|
| n-da.tplinkcloud.com |
443 |
This domain provides the User Experience Improvement Program services. |
|
| Omada Users |
omada.tplinkcloud.com aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
These domains are used when you access your Omada CBC via a web browser or the Omada APP. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains are used to load some customized resources such as Heatmap images and Portal background pictures. |
|
| omada.tplinkcloud.com aps1-api-omada.tplinkcloud.com use1-api-omada.tplinkcloud.com euw1-api-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”). |
|
| Clients |
aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.amazonaws.com *.s3.eu-west-1.amazonaws.com |
443 |
These domains are used to load Omada CBC’s Portal resources, such as customized background pictures. |
|
| privacy.tp-link.com |
443 |
Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal. |
- Copy Link
- Report Inappropriate Content
Hey, this document may help you: Which ports do Omada SDN Controller and Omada Discovery Utility use? (above Controller 5.0.15)
- Copy Link
- Report Inappropriate Content
many thanks for your response. I already know the document, but I can't find a destination IP. We have quite a strict policy and I need to provide ports as well as source and destination IP addresses for setup.
- Copy Link
- Report Inappropriate Content
Use the wireshark to capture the packets and analyze which destination IP that it uses. And the source IP I think is the PC's IP?
- Copy Link
- Report Inappropriate Content
I found a much simpler solution. There is an article in the FAQ that lists all domain names with ports. Unfortunately, no one at TP-Link knew they had it and it was difficult to find.
Omada Cloud’s Domain Names | TP-Link Deutschland
| Domain User |
Domain Name |
Port |
Usage |
| Omada Devices (Omada Gateway, Omada Switch, Omada EAP) |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada devices can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada cloud services. Omada devices connect to these domains first, and then are redirected to the Omada Cloud-Based Controllers (CBC) if they have been added via Zero-Touch Provisioning (ZTP). Domain names indicate the region of the Omada cloud services: “aps1” for Asia Pacific, “euw1” for Europe, and “use1” for the Americas. This applies to all the domains mentioned below. |
|
| aps1-omada-device.tplinkcloud.com use1-omada-device.tplinkcloud.com euw1-omada-device.tplinkcloud.com |
29810 29811 29812 29813 29814 29815 29816 443 |
These are the domains of the Omada CBC. See FAQ#3281 for more information on the purpose of each port. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada devices to download new official firmware for updates. |
|
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains allow Omada devices to download firmware that has been manually uploaded for custom updates. Domains correspond to the region of the cloud service: the first one is for Asia Pacific, the second one is for Europe, and the last one is for the Americas. This pattern applies to the following domains as well. |
|
| Software Controller & Hardware Controller |
n-device-omada.tplinkcloud.com n-device-entry-omada.tplinkcloud.com n-device-omada-api.tplinkcloud.com |
443 |
These domains serve as the gateway to TP-Link’s various cloud services. By first connecting to these domains, Omada Software and Hardware Controllers can access Omada cloud services. |
| n-aps1-device-omada.tplinkcloud.com n-aps1-device-api.tplinkcloud.com n-euw1-device-omada.tplinkcloud.com n-euw1-device-api.tplinkcloud.com n-use1-device-omada.tplinkcloud.com n-use1-device-api.tplinkcloud.com |
443 |
These domains serve as the gateway to Omada Cloud Services. Omada Software and Hardware Controllers connect to these domains first and then are redirected to the Cloud Access services. |
|
| aps1-api-omada.tplinknbu.com use1-api-omada.tplinknbu.com euw1-api-omada.tplinknbu.com |
443 |
These are the domains of the Omada Cloud Access. Omada Software and Hardware Controllers connect to the domains for Cloud Access. |
|
| n-wap-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you bind your TP-Link ID to the Omada Software and Hardware Controllers to enable the Cloud Access. |
|
| download.tplinkcloud.com |
80 |
This domain is used for Omada Software and Hardware Controllers to download new official releases. |
|
| n-da.tplinkcloud.com |
443 |
This domain provides the User Experience Improvement Program services. |
|
| Omada Users |
omada.tplinkcloud.com aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
These domains are used when you access your Omada CBC via a web browser or the Omada APP. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.s3.amazonaws.com |
443 |
These domains are used to load some customized resources such as Heatmap images and Portal background pictures. |
|
| omada.tplinkcloud.com aps1-api-omada.tplinkcloud.com use1-api-omada.tplinkcloud.com euw1-api-omada.tplinkcloud.com aps1-wap-omada.tplinknbu.com use1-wap-omada.tplinknbu.com euw1-wap-omada.tplinknbu.com |
443 |
These domains are used when you access your Omada Software or Hardware Controllers via a Web browser (domains containing “api”) or Omada APP (domains containing “wap”). |
|
| Clients |
aps1-omada-controller.tplinkcloud.com aps1-api-omada-controller.tplinkcloud.com euw1-omada-controller.tplinkcloud.com euw1-api-omada-controller.tplinkcloud.com use1-omada-controller.tplinkcloud.com use1-api-omada-controller.tplinkcloud.com |
443 |
If you use Omada CBC and have Portal enabled, when a client accesses the network, it will be redirected to these domains to access the Portal page. |
| *.s3.ap-southeast-1.amazonaws.com *.s3.amazonaws.com *.s3.eu-west-1.amazonaws.com |
443 |
These domains are used to load Omada CBC’s Portal resources, such as customized background pictures. |
|
| privacy.tp-link.com |
443 |
Terms of Service and Privacy Policy of TP-Link for Omada CBC’s Portal. |
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 516
Replies: 4
Voters 0
No one has voted for it yet.