Firewall settings for company networks

Introduction

For most DIAP customers and distributors, the Standard configuration is enough to start using DIAP. In case of special requirements, please provide the information described in the section Custom configuration.

If DIAP is connected to the internet via a company network, please make sure that the outbound ports are opened as specified in the section Firewall rules.

Standard configuration

Per default, DIAP is configured using Ethernet DHCP. To change the default configuration, we recommend that you connect DIAP to a network providing internet via DHCP.

The configuration can also be done using the DIAP local web interface. To do this, use the static IP of the DIAP using the following URL: http://10.1.14.57:8080/static/index.html 
Please note: The web interface can also be reached by any other network IP that the DIAP has been assigned to.

Specification

Defaults

Static IP

10.1.14.57

Dynamic IP

yes

DNS

DHCP

Custom configuration

Wi-Fi configuration

If DIAP is to be connected to the internet via Wi-Fi hotspot, an ssid and pre-shared key (PSK) is needed. We strongly recommend that the PSK is either a temporary key for a temporary hotspot, or that you send the key to us in a secure way. 

Requirements: SSID, and PSK

Static IP configuration

If a static IP is needed, you need to specify the assigned IP to the DIAP, a Gateway IP, and the DNS server IP(s).

Requirements: IP for DIAP, Gateway IP, and DNS IP.

Firewall rules

For customers that set up firewall rules for DIAP, the following applies:

Cloud name Communication url * Port ** Communication direction ***
DIAP Live iot-diapcustomerdemo.azure-devices.net 8883 (MQTT) Outbound TCP
DIAP Interroll iot-diap-interroll-customer.azure-devices.net 8883 (MQTT) Outbound TCP


*: Microsoft Azure may change the IP of the IoT-Hub location. Consequently, we are unable to supply customers with a specific IP.
**: The communication port is MQTT standard port.
***: Only an outbound port is used for security reasons.

In order to perform DIAP remote updates, an additional rule is required:

Cloud name Communication IP* Port Communication Direction
Update server 52.164.127.14 22 (ssh) Outbound TCP

 

*: The DIAP update server has no domain name registration. Only the static IP is available.


Furthermore then NTP (time servers) has to be accessible on the network on UDP outbound port 123. This is used for the DIAP to be able to synchronize the time.

Update Server IP running on Virtual Machine on Microsoft Azure

IP Address: 52.164.127.14