Company's Firewall configuration: what resources need to be opened in Firewall for the Nodegrid appliances to connect to ZPE Cloud?

Company's Firewall configuration: what resources need to be opened in Firewall for the Nodegrid appliances to connect to ZPE Cloud?

ZPE Cloud uses some IP addresses and hostnames that may be blocked by the Firewall rules.  This can prevent the Nodegrid appliances from connecting to the Cloud and/or utilizing specific ZPE Cloud features.

ZPE Cloud utilizes TCP port 443 for communication and that it is required to allow TLS1_2 and TLS1_3 on Firewall.

US ZPE Cloud Servers:
Hostname(s)IP AddressUsage
second-tier-ca.zpecloud.com
device-api.zpecloud.com
device-apiv2.zpecloud.com

35.233.194.48
Required to sign the CSR to connect to Remote Access.
Required to Upload/Restore Backups.
Required to upload output from executed profiles.
api.astarte.zpecloud.com34.83.86.148Required for Pairing API - without it, device is not able to authenticate against PubSub service and consequently connect to Cloud.
access.zpecloud.com35.230.32.156Required for Remote Access - without it, device is not able to connect to Remote Access socket.
broker.astarte.zpecloud.com 34.83.67.57Required for Broker connection - without it, device is not able to connect to PubSub service and consequently connect to Cloud.
proxy-access.zpecloud.com
api.zpecloud.com
34.83.37.8
Required for Enrollment.
Required to SSO from Cloud to Nodegrid appliance; also needs to be enabled on the Nodegrid appliance under Security :: Authentication :: SSO.

European ZPE Cloud Servers:
Hostname(s)IP AddressUsage
second-tier-ca.zpecloud.eu
device-api.zpecloud.eu
device-apiv2.zpecloud.eu
34.107.16.100
Required to sign the CSR to connect to Remote Access.
Required to Upload/Restore Backups.
Required to upload output from executed profiles.
api.astarte.zpecloud.eu34.107.15.10Required for Pairing API - without it, device is not able to authenticate against PubSub service and consequently connect to Cloud.
access.zpecloud.eu34.107.6.32Required for Remote Access - without it, device is not able to connect to Remote Access socket.
broker.astarte.zpecloud.eu 34.107.54.54Required for Broker connection - without it, device is not able to connect to PubSub service and consequently connect to Cloud.
proxy-access.zpecloud.eu
api.zpecloud.eu
34.83.37.8
Required for Enrollment.
Required to SSO from Cloud to Nodegrid appliance; also needs to be enabled on the Nodegrid appliance under Security :: Authentication :: SSO.


Note: When enrolling a unit, it first connects to zpecloud.com and then is redirected to use the region specific servers.  This means you may need to allow access to both sets of domains and IPs during enrollment.

    • Related Articles

    • How to: Enable ZPE Cloud in a Nodegrid device

      ZPE Cloud is a powerful platform that allows you to manage your Nodegrid devices from anywhere in the world. In order to use the benefits of managing your Nodegrid devices through ZPE Cloud, you need to enroll the Nodegrid device to your company and ...

    • How to: Backup a Nodegrid device using ZPE Cloud

      ZPE cloud enables managing on-demand and scheduled backups of your Nodegrid devices. Login to ZPE Cloud Go to Devices :: Enrolled Select the devices you want to backup and then click Backup. You can backup multiples devices at once. Select the File ...

    • Firewall Rules for the Nodegrid Platform

      Version 0.2 (17 May 2018) Overview This guide lists all required and recommended firewall rules, to ensure a proper working of the solution. The list will need to be adjusted based on specific customer requirements. By default will the firewall will ...

    • How to: Add Devices to your ZPE Cloud company using Transfer Key

      ZPE Cloud is a powerful tool for managing your Nodegrid devices, and one of the methods to add a device to your company in ZPE Cloud is to use a unique 45-digit Transfer Key, which is a unique identifier assigned to a device or list of devices. ...

    • How to: Add Devices to your ZPE Cloud company using Customer Code and Enrollment key

      ZPE Cloud is a powerful tool for managing your Nodegrid devices, and one of the recommended methods to add devices to your company in ZPE Cloud is to use the Customer Code and Enrollment key. Customer Code is a unique 5-digit identifier assigned to ...