Firewall Rules
Riverbed Edge requires the following inbound and outbound network access. It does not require any firewall inbound access from the public Internet to your corporate network.
Note: We discourage whitelisting any of the individual IP addresses for the DNS targets below, as Microsoft Azure can change the IP addresses behind those records without prior notice! Azure publishes a list of all currently used IP addresses that can be narrowed down further by region (Riverbed IQ’s region is "useast") and service type (IoT Hub, Container Registry): Azure IP Ranges and Service Tags – Public Cloud.
| Service/Protocol | From | To | DNS Targets | Port | Description |
| HTTPS | Riverbed Edge (LAN) |
NetProfiler (LAN) AppResponse (LAN) |
443 | ||
| HTTPS | Riverbed Edge (LAN) | NetIM (LAN) | 8543 | ||
| HTTP |
NetProfiler (LAN) NetIM (LAN) |
Riverbed Edge (LAN) |
11002 | ||
| HTTPS | Riverbed Edge (LAN) | Internet (WAN) |
mcr.microsoft.com \*.azure-devices.net \*.blob.core.windows.net \*.docker.io \*.servicebus.windows.net
|
443 | |
| AMQP over TLS | Riverbed Edge (LAN) | Internet (WAN) | \*.servicebus.windows.net | 5671 5672 Not required if an HTTP proxy is used. |
(default config) |
| AMQP over Websockets | Riverbed Edge (LAN) | Internet (WAN) | 443 | Used only if you have configured the config.toml of iot edge to use upstream protocol AmqpWs. |
Refer to this step in Configuring Riverbed IQ and Data Sources to see how this information is used during the Riverbed Edge configuration process.