Firewall Rules

Alluvio Edge requires the following inbound and outbound network access. It does not require any firewall inbound access from the public Internet to your corporate network.

Note: We discourage whitelisting any of the individual IP addresses for the DNS targets below, as Microsoft Azure can change the IP addresses behind those records without prior notice! Azure publishes a list of all currently used IP addresses that can be narrowed down further by region (Alluvio IQ’s region is "useast") and service type (IoT Hub, Container Registry): Azure IP Ranges and Service Tags – Public Cloud.

Service/Protocol From To DNS Targets Port Description
HTTPS Hyperion Gateway (LAN) NetProfiler (LAN)   443  
HTTPS Hyperion Gateway (LAN) NetIM (LAN)   8543  
HTTPS

NetProfiler (LAN)

NetIM (LAN)

Hyperion Gateway (LAN)

Internet (WAN)   11002  
HTTPS Hyperion Gateway (LAN) Internet (WAN)

mcr.microsoft.com
iotivmqorgqdldua.azurecr.io

\*.azure-devices.net

\*.blob.core.windows.net

\*.docker.io

443  
AMQP over TLS Hyperion Gateway (LAN) Internet (WAN)   5671 (default config)
AMQP over Websockets Hyperion Gateway (LAN) Internet (WAN)   443 Used only if you have configured the config.toml of iot edge
to use upstream protocol AmqpWs.

 

Refer to this step in Configuring Alluvio Edge and Data Sources to see how this information is used during the Alluvio Edge configuration process.