Firewall Rules

Riverbed Edge requires the following inbound and outbound network access. It does not require any firewall inbound access from the public Internet to your corporate network. Refer to the diagram and table below for a visualization of the firewall rules as well as the Service, Protocol, DNS, Targets, Port, and Descriptions of the rules.

Refer to Configuring Riverbed IQ and Data Sources for how this information is used during the Riverbed Edge configuration process.

Note: We discourage whitelisting any of the individual IP addresses for the DNS targets below, as Microsoft Azure can change the IP addresses behind those records without prior notice! Azure publishes a list of all currently used IP addresses that can be narrowed down further by region (Riverbed IQ’s region is "useast") and service type (IoT Hub, Container Registry): Azure IP Ranges and Service Tags – Public Cloud.

Diagram: Riverbed IQ Connectivity (as enabled by Firewall Rules)

Service/Protocol From To DNS Targets Port Description
HTTPS Riverbed Edge (LAN)

NetProfiler (LAN)

AppResponse (LAN)

   443 Enables secure communications between Riverbed Edge and Riverbed Data Sources.
HTTPS Riverbed Edge (LAN) NetIM (LAN)   8543
HTTP

NetProfiler (LAN)

NetIM (LAN)

Riverbed Edge (LAN)

   11002
HTTPS Riverbed Edge (LAN) Internet (WAN) login.microsoftonline.com 443 Authentication service.

ntp.ubuntu.com

pool.ntp.org

 Enables accurate time-synchronization.

packages.microsoft.com

security.ubuntu.com

archive.ubuntu.com

 Installation and upgrade of Riverbed Edge components.
git.cloud.riverbed.com Access to configuration and software for Riverbed Edge runtime modules.
*.docker.io

Enables secure communications between Riverbed Edge and Riverbed SaaS.

Supported protocols: AMQP, MQTT, and HTTPs.
mcr.microsoft.com
*.azurecr.io
*.azure-devices.net
global.azure-devices-provisioning.net Enables secure upload of observability data from Riverbed Edge to Riverbed SaaS.
*.servicebus.windows.net
*.blob.core.windows.net
AMQP over TLS Riverbed Edge (LAN) Internet (WAN) \*.servicebus.windows.net 5671
5672

Not required if an HTTP proxy is used.

(default config)
AMQP over Websockets Riverbed Edge (LAN) Internet (WAN)   443 Only used if you have configured the config.toml of Riverbed Edge to use upstream protocol AmqpWs.

Table: Riverbed IQ Firewall Rules (to enable Riverbed IQ Connectivity)