Legacy Open Mesh: How Do I Configure My Firewall to Allow Access to CloudTrax?
Question
How do I configure my firewall to allow access to CloudTrax?
Environment
- CloudTrax
Answer
CloudTrax
Access Points connect to the following CloudTrax server via HTTPS(port 443):
- cloud_ap.cloudtrax.com
Switches connect to the following CloudTrax server via HTTPS(port 443):
- cloud-switch.cloudtrax.com
Routers connect to the following CloudTrax server via HTTPS(port 443):
- router.cloudtrax.com
Legacy access points using 4xx firmware utilize the following server via HTTP(port 80):
- checkin.cloudtrax.com
Note: Our servers are behind load balancers. Configure your firewall with the DNS name(if possible) because the resolved IP addresses can change any time.
Access Point Fallback
In case the access points cannot reach the main CloudTrax servers, they will revert to the fallback server. Please ensure the following domain and IP address are allowed through your firewall.
- checkin-fallback.cloudtrax.com
- 54.245.251.231
Switch Fallback
In case the switch cannot reach the main CloudTrax servers, they will revert to the fallback server. Please ensure the following domain and IP address are allowed through your firewall.
- 54.245.115.10
Router Fallback
In case the router cannot reach the main CloudTrax servers, they will revert to the fallback server. Please ensure the following domain and IP address are allowed through your firewall.
- 54.68.39.120
CloudTrax Connection Keeper
All devices use an always-on background connection to receive reconfiguration events more quickly. To do this, they need access to the following server via HTTP(port 80):
- connkeeper.cloudtrax.com
- 35.165.84.99
- 35.163.125.115
- 35.162.249.62
Network Time Protocol
All devices need access to the following time servers via NTP(port 123):
- pool.ntp.org
- 0.openwrt.pool.ntp.org
- ntp.cloudtrax.com
Firmware Updates
Firmware updates require access to the following file servers via both HTTP(port 80) and HTTPS(port 443)
- dev.cloudtrax.com
- files-mirror.cloudtrax.com
Advanced Troubleshooting
To debug hard-to-track problems right in your network, our access points are equipped with a tunnel software allowing technical support to connect via SSH tunnel(TCP Port 18991):
- vpn.cloudtrax.com
To deny access, it suffices to block outbound requests to vpn.cloudtrax.com.
Firewall Timeout
Ensure your firewall TCP and HTTP timeout settings are set to at least 10 minutes(600 seconds). Short duration timeouts could cause the Connection Keeper connection to drop unexpectedly.
Special Notes
NOTE: There is a known issue with Cisco router models RV350/RV345/RV345P/RV340W that are running firmware release 1.0.01.17 or older that causes it's content filtering system to block all communications to the Cloudtrax servers. To resolve this issue, please update your routers firmware to the beta release 1.0.01.1702 or other newer version.