Below are advanced details on firewall whitelisting and static provisioning for Density sensors. All communication, except NTP, DNS, and Connectivity Check listed below, is done via port 443.
Note: Please review our Network and Power Requirements Guide prior to reviewing this article.
IP Addresses
Density doesn't control the IP addresses to many of the services that need to be whitelisted.
Density's IP addresses change periodically. Whitelisting would need to be done via domain name.
Connectivity Check
Port 80 needs to be open for connectivity check.
Bi-directional Traffic
Density's sensor only needs outbound connections. The device does not have any listening ports open. Data does come back to the device as all communication is done over Amazon endpoints (HTTPS and MQTT over TLS),so port 443 needs to be allowed to all of the domains provided.
NTP Servers
There needs to be a firewall rule to allow traffic to port 123 or whichever NTP server you are using. If you are using static provisioning and not running an NTP server at the gateway, then the NTP servers would be:
3.pool.ntp.org
Internal DNS Server
If you are not using an internal DNS server, Port 53 needs to be open to whichever name server was provided. (8.8.8.8 or 8.8.4.4 by default). Note: NTP and DNS use UDP.
Static Provisioning
There is no need for the Unit Setup app if you choose to use DHCP on ethernet. For static provisioning, there is no alternative - you must use the Unit Setup App provided. For more information on how to use the Unit Setup app, refer to this guide.
Notes:
*.density.io has endpoints for secure WebSockets and HTTPS
Comments
Please sign in to leave a comment.