FIREWALL CONFIGURATION GUIDES

Connectivity between Extreme Cloud Global Data Center and managed devices as well as the ExtremeCloud IQ Virtual Appliance (IQ VA) is required for licensing check, image updates check and device redirecting. Ensure all in-line firewalls allow outbound connections to the following Extreme Cloud Services:

Global Data Center Services

Domain Name IPv4 Addresses Protocol Port
redirector.aerohive.com 54.172.0.252 HTTPS TCP 443
HTTP TCP 80
UDP UDP 12222
hmupdates-ng.aerohive.com 54.86.95.132 HTTPS TCP 443
extremecloudiq.com 34.253.190.192 ~ 34.253.190.255
18.194.95.0 ~ 18.194.95.15
3.234.248.0 ~ 3.234.248.31
44.234.22.92 ~ 44.234.22.95		 HTTPS TCP 443
HTTP TCP 80
cloud-rd.aerohive.com 34.253.190.192 ~ 34.253.190.255 HTTPS TCP 443
stun.extremecloudiq.com 3.234.248.28, 3.234.248.29 UDP UDP 12222
18.194.95.14, 18.194.95.15


Extreme Networks devices attempt to obtain the time and date for their internal clocks from an NTP (Network Time Protocol) server. Accurate time and date settings are critical for several key operations including country and region detection, certification validation, schedule enforcement, and event logging. To ensure Access Points can obtain the correct time, please do either of following:
  • Create firewall rule to allow outbound traffic from Extreme Networks devices to 0.aerohive.pool.ntp.org on UDP port 123
  • Configure DHCP options on your DHCP server to assign an allowed NTP server to Extreme Networks devices.