Firewall Settings for MindSphere

Introduction

The edge gateway needs to integrate into your companies´ network, to communicate with the configuration server and data ingest server.

Firewall rules

The edge gateway only uses outgoing connections on port 443. All network traffic is encrypted using TLS/HTTPS.

If your firewall and/or proxy server blocks outgoing connections on port 443, you need to add exceptions for the following endpoints:

• URL: edge-api.vergelink.io, Port: 443 (HTTPS) - The configuration server
• URL: hosted.mender.io, Port: 443 (HTTPS) - For secure OTA Updates
• URL: s3.amazonaws.com, Port: 443 (HTTPS) - For the OTA update artifacts
• URL: southgate.eu1.mindsphere.io, Port: 443 (HTTPS) - Siemens MindSphere (Data Ingest)

caution

You can not resolve the URLs to IP addresses and allow connections for IP addresses, since all services are hosted using redundancy with load balancers to guarantee high availability. This means that the IP addresses behind the URLs can change and the client on the edge gateway can't use only one IP address.

The client re-resolves the DNS frequently to use new Load Balancing resources added to the DNS. This is done so that clients can not overwhelm a small portion of the allocated Load Balancing resources, while overall Load Balancing is not being heavily utilized.