Cloud Managed Networks

We use a separate SSID for the guest portal, and in this configuration you can specify which URLs are whitelisted. That’s why I want to know which URL I need to allow.

-------------------------------------------

Have you opened up the URLs mentioned in the documentation already? Then most specific the Guest related URLs?

UPDATE: I ran a network capture, and it seems there is access needed to the CA as well:
You are probably on another Central cluster, but putting ca- in front of the cloudguest URL may do the job. 

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Mar 03, 2026 08:22 AM
From: Jordy de Kleijn
Subject: Which URL are used for the Aruba Onboard Network Profile

I have the following question: when I try to install the network profile via the Aruba Onboard tool, the first step is that it needs to connect to the server in order to download and install the network profile.
During this first step, I get an error message with a red cross.

Can someone tell me which URL (server) it is trying to connect to? I can't find any URLs or similar information in the log file.

We use a separate SSID for the guest portal, and in this configuration you can specify which URLs are whitelisted. That's why I want to know which URL I need to allow.

-------------------------------------------

Hi Herman,

Today we've done some onsite troubleshooting, testing and packet capturing and I think we found the issue.

After adding the "ca-euw1.cloudguest.central.arubanetworks.com" it stil didn't work.

We made a capture after that on the device itself. This revealed that there also was done a dns resolve for "crl.comodoca.com".
After adding that one to the allowlist url's in the guest splashpage we can now onboard via the guest portal.
(we've added the cloud Auth onboard link in  the Terms & Conditions to make onboarding easy) 

My guess is that there is a CRL check done in the Aruba onboard App for the server certificate before requesting the usercertificate that is used for authenticating on the passpoint SSID

Thank you for pushing us into the right direction.

Original Message:
Sent: Mar 03, 2026 10:52 AM
From: Herman Robers
Subject: Which URL are used for the Aruba Onboard Network Profile

Have you opened up the URLs mentioned in the documentation already? Then most specific the Guest related URLs?

UPDATE: I ran a network capture, and it seems there is access needed to the CA as well:
You are probably on another Central cluster, but putting ca- in front of the cloudguest URL may do the job. 

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Mar 03, 2026 08:22 AM
From: Jordy de Kleijn
Subject: Which URL are used for the Aruba Onboard Network Profile

I have the following question: when I try to install the network profile via the Aruba Onboard tool, the first step is that it needs to connect to the server in order to download and install the network profile.
During this first step, I get an error message with a red cross.

Can someone tell me which URL (server) it is trying to connect to? I can't find any URLs or similar information in the log file.

We use a separate SSID for the guest portal, and in this configuration you can specify which URLs are whitelisted. That's why I want to know which URL I need to allow.

-------------------------------------------