In very simple terms, here are the network requirements for the three different network ports on the server:
WAN – this needs a direct connection to the Internet, and can be a public or private IP address.
If you are using a private IP address, it must be on a different subnet to the LAN IP address. You initially specify the WAN IP address in the Installation Console, and once commissioned can change it in the User Control Console.
If your server is going to sit behind a firewall, you will need to configure the firewall to allow the necessary traffic through. You need to open the following ports to allow the required traffic to pass through your firewall.
From the servers WAN IP address to the Internet:
We strongly recommend that you allow all traffic outbound from the WAN IP of your server to the Internet. We also strongly recommend that any form of traffic filtering is disabled.
However, if you do have to restrict what ports are open outbound - the following ports are required to be open Outbound, from the WAN IP of your server to the specified hosts:
A VPN tunnel needs to be established from the server to our Management Cloud, on either port UDP 1194 or TCP 443. The server will first try and use UDP 1194, and if that doesn't work will fall back to TCP 443.
- VPN Connection
UDP 1194 to 220.127.116.11
TCP 443 to 18.104.22.168
- Other services
TCP 443 to 22.214.171.124 and 126.96.36.199
From the Internet to the servers WAN IP address:
- UDP 1194
LAN – this needs a connection to the local area network, and needs a private IP address. You specify the LAN IP address in the Commissioning Console.
ILO – this needs a direct connection to the Internet, and can be a public or private IP address. If it’s a private IP because it’s behind a firewall, you need to ensure that there is full outbound access to the Internet (all ports open), and inbound you need these ports open: TCP TCP 20022, TCP 20080, TCP 20443, TCP 20988, TCP 20990. You specify the ILO IP address in the Commissioning Console.