Skip to main content

Upstream Firewall Configuration Information

  • Updated
 

In order for the appliance to communicate with other elements of the Spot AI solution, some changes to your firewall configuration may be required. We have purposefully architected the solution such that no special inbound ports or IP addresses need to be configured to help you maintain the security of your network.  However, please ensure the following outbound ports and IP addresses are allowed through the firewall.

Required Outbound Ports and IPs

DNS Configuration

Appliances that start with sn6a and higher can use an internal DNS server. However there are some peripheral services that still run through port 53 that may not work correctly if this port is blocked. 

    • 1.1.1.1 [Cloudflare DNS server] - 53 TCP and UDP outbound
    • 1.0.0.1 [Cloudflare DNS server] - 53 TCP and UDP outbound

Spot Cloud

    • mqtt.googleapis.com [74.125.201.206] - 443 TCP outbound
    • cloudiotdevice.googleapis.com [172.217.164.74] - 443 TCP outbound
    • storage.googleapis.com [142.250.113.128, 142.250.114.128, 142.250.115.128, 142.250.138.128] - 443 TCP outbound
    • vault.spotai.co - 443 TCP outbound
    • 34.83.218.220 [Part of vault] - 8200 TCP outbound
    • oauth2.googleapis.com - 443 TCP outbound
    • production-signalingv2.spotai.co - 443 TCP outbound
    • pubsub.googleapis.com - 443 TCP outbound
    • us-west1-pubsub.googleapis.com - 443 TCP outbound

Spot NTP Server

You do not need to whitelist every NTP URL below, only the one you want to use going forward.

Spot Video Content Delivery Network

    • region1.v2.argotunnel.com - 7844 TCP/UDP
    • region2.v2.argotunnel.com - 7844 TCP/UDP
    • api.cloudflare.com - 443 TCP

Spot Logging Servers

    • datadoghq.com - 443 TCP outbound
    • *.agent.datadoghq.com - 443 TCP outbound
    • agent-intake.logs.datadoghq.com - 443 TCP outbound

STUN/TURN Server

These affect the Local Troubleshooting, Native Camera Config, Low Latency, and WebRTC settings. If you need specific IP addresses for Twilio, please refer to this list. Also, Twilio's TURN servers will allocate peer relay ports in the UDP 10,000-60,000 range.

    • stun.l.google.com - 19302 UDP
    • global.stun.twilio.com - 3478 UDP
    • global.turn.twilio.com - 443 TCP, 3478 UDP/TCP
    • api.twilio.com - 443 TCP

Firmware Update

    • archive.canonical.com - 80 TCP
    • us.archive.ubuntu.com - 80 TCP
    • security.ubuntu.com - 80 TCP
    • developer.download.nvidia.com
    • kernel.org
    • repo.saltproject.io
    • download.docker.com
    • nvidia.github.io
    • gcr.io - 443 TCP
    • hosted.mender.io - 443 TCP
    • *hosted.mender.io - 443 TCP
    • s3.amazonaws.com/hosted-mender-artifacts - 443 TCP
    • hosted-mender-artifacts.s3.amazonaws.com - 443 TCP

LPR

  

We hope this article was useful to you, please leave us a comment or feedback as it will help us improve our customer support center.

Related articles

Comments

0 comments

Please sign in to leave a comment.