In order for the appliance to communicate with other elements of the Spot AI solution, some changes to your firewall configuration may be required. We have purposefully architected the solution such that no special inbound ports or IP addresses need to be configured to help you maintain the security of your network. However, please ensure the following outbound ports and IP addresses are allowed through the firewall.
Required Outbound Ports and IPs
Appliances that start with sn6a and higher can use an internal DNS server. However there are some peripheral services that still run through port 53 that may not work correctly if this port is blocked.
- 22.214.171.124 [Cloudflare DNS server] - 53 TCP and UDP outbound
- 126.96.36.199 [Cloudflare DNS server] - 53 TCP and UDP outbound
- mqtt.googleapis.com [188.8.131.52] - 443 TCP outbound
- [184.108.40.206] - 443 TCP outbound
- [220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199] - 443 TCP outbound
- vault.spotai.co - 443 TCP outbound
- 188.8.131.52 [Part of vault] - 8200 TCP outbound
- oauth2.googleapis.com - 443 TCP outbound
- production-signalingv2.spotai.co - 443 TCP outbound
- pubsub.googleapis.com - 443 TCP outbound
- us-west1-pubsub.googleapis.com - 443 TCP outbound
Spot NTP Server
You do not need to whitelist every NTP URL below, only the one you want to use going forward.
Spot Video Content Delivery Network
- region1.v2.argotunnel.com - 7844 TCP/UDP
- region2.v2.argotunnel.com - 7844 TCP/UDP
- api.cloudflare.com - 443 TCP
Spot Logging Servers
- datadoghq.com - 443 TCP outbound
- *.agent.datadoghq.com - 443 TCP outbound
- agent-intake.logs.datadoghq.com - 443 TCP outbound
These affect the Local Troubleshooting, Native Camera Config, Low Latency, and WebRTC settings. If you need specific IP addresses for Twilio, please refer to this list. Also, Twilio's TURN servers will allocate peer relay ports in the UDP 10,000-60,000 range.
- stun.l.google.com - 19302 UDP
- global.stun.twilio.com - 3478 UDP
- global.turn.twilio.com - 443 TCP, 3478 UDP/TCP
- api.twilio.com - 443 TCP
- archive.canonical.com - 80 TCP
- us.archive.ubuntu.com - 80 TCP
- security.ubuntu.com - 80 TCP
- gcr.io - 443 TCP
- hosted.mender.io - 443 TCP
- *hosted.mender.io - 443 TCP
- s3.amazonaws.com/hosted-mender-artifacts - 443 TCP
- hosted-mender-artifacts.s3.amazonaws.com - 443 TCP
We hope this article was useful to you, please leave us a comment or feedback as it will help us improve our customer support center.