7.5. Gateway Network Requirements

If you are installing a Gateway on a network which has a firewall restricting access to the internet, you may need to work with the local network adminstrator to configure the firewall to allow the Gateway to communicate with the remote hosts it needs.

The Cascade Gateway needs access to these internet services:

Table 7.2 Remote Services
Remote Host Protocol Port Notes
ntp.ubuntu.com UDP 123 Time server
geoip.ubuntu.com TCP/HTTPS 443 Determine local timezone
login.ubuntu.com TCP/HTTPS 443 Software updates
api.snapcraft.io TCP/HTTPS 443 Software updates
dashboard.snapcraft.io TCP/HTTPS 443 Software updates
fastly.cdn.snapcraft.io TCP/HTTPS 443 Provisioning
provision.rigado.com TCP/HTTPS 443 Provisioning
api.rigado.com TCP/HTTPS 443 Posting logs
diagnostics.rigado.com TCP/HTTPS 443 Error Reporting
a2fyo1pewinh1f.iot.us-west-2.amazonaws.com TCP/MQTT 8883 Metrics and control

The Gateway uses DHCP to configure its IP address, default gateway, and DNS servers. If DHCP is not available, contact Rigado Customer Success for assistance setting up a static IP configuration.

The Gateway must have access to a time server to function correctly. If the default time server is not available, contact Rigado Customer Success for assistance configuring the Gateway to use an alternate time server.

Be aware that many of these hosts resolve to multiple IP addresses which may change at any time. System administrators should not rely on whitelisting individual IP addresses for these services.

7.5.1. Using Virtual Private Networks

Rigado sometimes works jointly with customers to diagnose and resolve tough issues during pre-production phases. We may ask to install a Virtual Private Network (VPN) client to remotely connect to a Gateway for diagnostic purposes.

To allow VPN connections, the gateway may use UDP or TCP Ports 1194-1204 to various remote hosts. Rigado may need to coordinate with your network administrators to allow access to some of these ports and hosts.