Skip to main content

Upstream Firewall Configuration Information

  • Updated
 

This document is most helpful for the IT staff and on-site installation personnel.

 

In order for the appliance to communicate with other elements of the Spot AI solution, some changes to your firewall configuration may be required. We have purposefully architected the solution such that no special inbound ports or IP addresses need to be configured to help you maintain the security of your network.  However, please ensure the following outbound ports and IP addresses are allowed through the firewall.

Required Outbound Ports and IPs

DNS Configuration

    • 1.1.1.1 [Cloudflare DNS server] - 53 TCP and UDP outbound
    • 1.0.0.1 [Cloudflare DNS server] - 53 TCP and UDP outbound

Spot Cloud

    • mqtt.googleapis.com [74.125.201.206] - 443 TCP outbound
    • cloudiotdevice.googleapis.com [172.217.164.74] - 443 TCP outbound
    • storage.googleapis.com [142.250.113.128, 142.250.114.128, 142.250.115.128, 142.250.138.128] - 443 TCP outbound
    • vault.spotai.co - 443 TCP outbound
    • 34.83.218.220 [Part of vault] - 8200 TCP outbound
    • oauth2.googleapis.com - 443 TCP outbound
    • production-signalingv2.spotai.co - 443 TCP outbound
    • pubsub.googleapis.com - 443 TCP outbound
    • us-west1-pubsub.googleapis.com - 443 TCP outbound

Spot NTP Server

Note: You do not need to whitelist every URL below only the one you want to use going forward

 

Spot Video Content Delivery Network

    • region1.v2.argotunnel.com - 7844 TCP/UDP
    • region2.v2.argotunnel.com - 7844 TCP/UDP
    • api.cloudflare.com - 443 TCP

Spot Logging Servers

    • datadoghq.com - 443 TCP outbound
    • *.agent.datadoghq.com - 443 TCP outbound
    • agent-intake.logs.datadoghq.com - 443 TCP outbound

STUN/TURN Server 

    • stun.l.google.com - 19302 UDP
    • global.stun.twilio.com - 3478 UDP
    • global.turn.twilio.com - 443 TCP, 3478 UDP/TCP
    • api.twilio.com - 443 TCP

Firmware Update

    • archive.canonical.com - 80 TCP
    • us.archive.ubuntu.com - 80 TCP
    • security.ubuntu.com - 80 TCP
    • developer.download.nvidia.com
    • kernel.org
    • repo.saltproject.io
    • download.docker.com
    • nvidia.github.io
    • gcr.io - 80 TCP

LPR

 

Toggle test

  • old info, not in published

    IPs:

    region1.argotunnel.com. 86400 IN A 198.41.192.7

    region1.argotunnel.com. 86400 IN A 198.41.192.47

    region1.argotunnel.com. 86400 IN A 198.41.192.107

    region1.argotunnel.com. 86400 IN A 198.41.192.167

    region1.argotunnel.com. 86400 IN A 198.41.192.227

    region2.argotunnel.com. 300 IN A 198.41.200.13

    region2.argotunnel.com. 300 IN A 198.41.200.53

    region2.argotunnel.com. 300 IN A 198.41.200.113

    region2.argotunnel.com. 300 IN A 198.41.200.193

    region2.argotunnel.com. 300 IN A 198.41.200.233

    cdn.jwplayer.com. 24 IN A 99.84.203.97

    cdn.jwplayer.com. 24 IN A 99.84.203.99

    cdn.jwplayer.com. 24 IN A 99.84.203.100

    cdn.jwplayer.com. 24 IN A 99.84.203.4

    Performance Monitoring (To ensure everything is good on the appliance)

    IPs:

    datadoghq.com A 13.227.73.112

    datadoghq.com A 13.227.73.83

    datadoghq.com A 13.227.73.65

    datadoghq.com A 13.227.73.36

  

We hope this article was useful to you, please leave us a comment or feedback as it will help us improve our customer support center.

Related articles