Connecting a device securely to a network segment that does not have Internet access
There are two ways to address this problem:
- 1.Update the firewall protecting the network segment to allow the Ardexa Device to create an outgoing connection to: the US Cluster (app.ardexa.com), then the agent needs to contact
broker.ardexa.comon TCP port
5671...or the EU Cluster (eur1.ardexa.com), then the agent needs to contact
broker-eu.ardexa.comon TCP port
- 2.Connect the Ardexa Device to a second network segment that DOES have internet access
Option 1 is our recommended option as this leaves the firewall as the only connection point between the protected network segment and the outside world. Plus, because the only change is to allow an outgoing connection request, the network segment remains secure because it still blocks all incoming connections.
Option 2 is the fallback when Option 1 is not available (e.g. you do not have access to the firewall/router that controls the network segment). All Ardexa Devices come with a firewall that blocks all incoming connections by default, so this is still a secure option, but this may or may not comply with the security policy guiding the management of the target network segment.