ExtremeCloud IQ (formerly Aerohive) access points rely on several cloud-based services for redirection, updates, management, and STUN communication. If any of these destinations are blocked, the APs may fail to check in, upgrade, or function properly.
To ensure proper operation, please allow outbound access to the following domains, IP ranges, and ports through your SecureSchool Firewall Tables (Firewall -> Firewall Tables)
Global Data Center Services #
redirector.aerohive.com #
Used for initial device redirection and onboarding.
| Protocol | Port | IP Address(es) |
|---|---|---|
| HTTPS | TCP 443 | 54.172.0.252 |
| HTTP | TCP 80 | 54.172.0.252 |
| UDP | UDP 12222 | 54.172.0.252 |
hmupdates-ng.aerohive.com #
Used for update delivery and cloud communication.
| Protocol | Port | IP Address(es) |
|---|---|---|
| HTTPS | TCP 443 | 54.86.95.132 34.253.190.192 – 34.253.190.255 18.194.95.0 – 18.194.95.15 |
extremecloudiq.com #
Primary cloud management platform.
| Protocol | Port | IP Address(es) |
|---|---|---|
| HTTPS | TCP 443 | 3.234.248.0 – 3.234.248.31 44.234.22.92 – 44.234.22.95 18.194.95.0 – 18.194.95.15 |
cloud-rd.aerohive.com #
Cloud-based redirection service.
| Protocol | Port | IP Address(es) |
|---|---|---|
| HTTPS | TCP 443 | 34.253.190.192 – 34.253.190.255 3.234.248.28, 3.234.248.29 |
| UDP | UDP 12222 | 18.194.95.14, 18.194.95.15 |
stun.extremecloudiq.com #
Used for device STUN/NAT traversal.
| Protocol | Port | IP Address(es) |
|---|---|---|
| UDP | UDP 12222 | 3.234.248.28, 3.234.248.29 18.194.95.14, 18.194.95.15/td> |
US_East2 Regional Data Center Services #
These IP blocks are used for regional cloud services and must also be allowed outbound.
| Protocol | Ports | IPv4 Address Block |
|---|---|---|
| HTTP | TCP 80 | 34.202.197.0 – 34.202.197.63 |
| HTTPS | TCP 443, 8090 | 3.234.248.0 – 3.234.248.31 |
| TCP | TCP 2083, 20000–20256 | 44.192.245.0 – 44.192.245.63 |
| UDP | UDP 12222 | 44.192.245.0 – 44.192.245.63 |
SecureSchool Notes #
- All rules should be created as Outbound Allow exceptions under Firewall -> Firewall Tables.
- You may enter the destination domain OR the IP range(s). For best compatibility, IP ranges are recommended when available.
Need Assistance? #
If you have any trouble adding the rules or your devices are still unable to connect, please contact us at support@k12usa.com or call 877-225-0100. We’re always happy to help!
