Firewall Rules
Alluvio Edge requires the following inbound and outbound network access. It does not require any firewall inbound access from the public Internet to your corporate network.
Note: We discourage whitelisting any of the individual IP addresses for the DNS targets below, as Microsoft Azure can change the IP addresses behind those records without prior notice! Azure publishes a list of all currently used IP addresses that can be narrowed down further by region (Alluvio IQ’s region is "useast") and service type (IoT Hub, Container Registry): Azure IP Ranges and Service Tags – Public Cloud.
Service/Protocol | From | To | DNS Targets | Port | Description |
HTTPS | Hyperion Gateway (LAN) | NetProfiler (LAN) | 443 | ||
HTTPS | Hyperion Gateway (LAN) | NetIM (LAN) | 8543 | ||
HTTPS |
NetProfiler (LAN) NetIM (LAN) Hyperion Gateway (LAN) |
Internet (WAN) | 11002 | ||
HTTPS | Hyperion Gateway (LAN) | Internet (WAN) |
mcr.microsoft.com \*.azure-devices.net \*.blob.core.windows.net \*.docker.io |
443 | |
AMQP over TLS | Hyperion Gateway (LAN) | Internet (WAN) | 5671 | (default config) | |
AMQP over Websockets | Hyperion Gateway (LAN) | Internet (WAN) | 443 | Used only if you have configured the config.toml of iot edge to use upstream protocol AmqpWs. |
Refer to this step in Configuring Alluvio Edge and Data Sources to see how this information is used during the Alluvio Edge configuration process.