Below are advanced details on firewall whitelisting and static provisioning for Density sensors. All communication, except NTP, DNS, and Connectivity Check listed below, is done via port 443.
Note: Please review our Network and Power Requirements Guide prior to reviewing this article.
Density doesn't control the IP addresses to many of the services that need to be whitelisted.
Density's IP addresses change periodically. Whitelisting would need to be done via domain name.
Port 80 needs to be open for connectivity check.
Density's sensor only needs outbound connections. The device does not have any listening ports open. Data does come back to the device as all communication is done over Amazon endpoints (HTTPS and MQTT over TLS),so port 443 needs to be allowed to all of the domains provided.
There needs to be a firewall rule to allow traffic to port 123 or whichever NTP server you are using. If you are using static provisioning and not running an NTP server at the gateway, then the NTP servers would be:
Internal DNS Server
If you are not using an internal DNS server, Port 53 needs to be open to whichever name server was provided. (220.127.116.11 or 18.104.22.168 by default). Note: NTP and DNS use UDP.
There is no need for the Unit Setup app if you choose to use DHCP on ethernet. For static provisioning, there is no alternative - you must use the Unit Setup App provided. For more information on how to use the Unit Setup app, refer to this guide.
*.density.io has endpoints for secure WebSockets and HTTPS