How do I configure my firewall to allow access to CloudTrax?

Follow

CloudTrax

Access Points connect to the following CloudTrax server via HTTPS(port 443):

  • cloud_ap.cloudtrax.com

Switches connect to the following CloudTrax server via HTTPS(port 443):

  • cloud-switch.cloudtrax.com

Legacy access points using 4xx firmware utilize the following server via HTTP(port 80):

  • checkin.cloudtrax.com

Note: Our servers are behind load balancers. Configure your firewall with the DNS name(if possible) because the resolved IP addresses can change any time.

CloudTrax Fallback

In case the access points cannot reach the main CloudTrax servers, they will revert  to the fallback server. Please ensure the following domain and IP address are allowed through your firewall.

  • checkin-fallback.cloudtrax.com
  • 54.245.251.231

CloudTrax Connection Keeper

Access points and switches use an always-on background connection to receive reconfiguration events more quickly. To do this, they need access to the following server via HTTP(port 80):

  • connkeeper.cloudtrax.com

Network Time Protocol

The switches and access points need access to the following time servers via NTP(port 123):

  • pool.ntp.org
  • 0.openwrt.pool.ntp.org

Firmware Updates

Firmware updates require access to the following file servers via both HTTP(port 80) and HTTPS(port 443)

  • dev.cloudtrax.com
  • files.cloudtrax.com

Advanced Troubleshooting

To debug hard-to-track problems right in your network, our access points are equipped with a tunnel software allowing technical support to connect via SSH tunnel(TCP Port 18991):

  • vpn.cloudtrax.com

For denying the access points to establish this connection back to us, it suffices to block access to vpn.cloudtrax.com (fixed IP).

Firewall Timeout

Ensure your firewall TCP and HTTP timeout settings are set to at least 10 minutes(600 seconds). Short duration timeouts could cause the Connection Keeper connection to drop unexpectedly.

Special Notes

NOTE: There is a known issue with Cisco router models RV350/RV345/RV345P/RV340W that are running firmware release 1.0.01.17 or older that causes it's content filtering system to block all communications to the Cloudtrax servers. To resolve this issue, please update your routers firmware to the beta release 1.0.01.1702 or other newer version.

Have more questions? Submit a request

Comments

Powered by Zendesk