Cambium Licensing Server URL

What is the URL for the Cambium Licensing server that AP's make https requests to?

All of our AP's on private IP's with no direct access to the internet but we can open requests to the specific URL.

Hi,

Sorry for delay with response.

Today APs are using secured HTTPS connection to Licensing Server.

URL is not visible on UI or officially introduced because of safety reasons.

HTTPS should be allowed on Firewalls to establish upstream connection.

We are working now to make these process easier and provide more specific rules for cases when AP's are running inprivate network without direct access to Internet.

I will revert back to you as soon as possible.

Thank you.

1 Like

Is there any update on this? We have a similar situation as we do not want to put public IP addresses on individual APs, both for security reasons and for public IP address conservation. We are NAT'ing these APs instead out through a shared public IP. However, we would like to secure this setup to only allow the https connections to specific IP addresses. We can see the public IP address that the AP is using to connect to the licensing server by doing a packet capture on its interface, but it would be better if we had a defined solution for this that will work going forward. Thanks.

I think we got what we need for this from a packet capture of DNS lookups coming from the AP. So can you please confirm if the related URL is fixed in the firmware or might this also change dynamically?

The IP addresses resolved by the licensing server URIs (there are two of them and not too hard to find, but apparently they're secret!) changed over the last couple of days.

Given that the only way to avoid exposing all of our APs to the internet is a hacky workaround, it would be really nice if sentinalcloud.com would refrain from changing their DNS entries too often (or even ever).

Hi Barry,

I'm sorry this change caused you a problem. The license server currently runs on Amazon Web Services. This week Russian regulators started blocking AWS address ranges for people inside Russia, which meant some of our Russian customers were unable to access the license server. We had to change the IP addresses to allow them to access it again.

We expect to revert the change once the AWS IPs are accessible in Russia again, but I'm afraid we can't guarantee that we won't have to make similar changes in the future.

An upcoming release of the ePMP software will allow you to specify a proxy that APs should use to contact the license server. Would that be suitable for your network configuration?

Simon

Hi Simon, A proxy would probably solve this issue for us. Perhaps you could give a notification or announcement of IP address changes if it happens again before proxy comes available. You don’t even need to tell us what they are changing to, just a heads up to advise us to change them. Thanks Barry

1 Like

Hi Guys, 

Proxy server support is now available in 3.5.2-RC15 that is currently available as a beta release

http://community.cambiumnetworks.com/t5/ePMP-Elevate/Proxy-Server-support-for-Elevate-Flexible-Licensing/m-p/87364#M982

Sriram

The proxy server seems like a fair workaround for now, but the better long-term solution that seems so much more obvious (at least to me) is to simply make license management a cnMaestro feature instead of having it be a discrete on-line service!

We run cnMaestro on-premise, and it would be great if we could just load and manage our Flexible Elevate licenses on *that*.  Have the cnMaestro track and manage Flexible licenses for all the APs on the network, and only make cnMaestro "phone home" to the licensing server when more Elevate licenses are purchased.  Then if Cambium licensing server is not reachable for some reason, who cares?

-- Nathan

1 Like