Each access point needs to connect to the dashboard (HTTP - port 80) to send its check in data:
There are a number of servers powering the dashboard with various IP addresses behind a load balancer. Configure your firewall with the DNS name (if possible) because the resolved IP addresses can change any time.
For the over-the-air firmware upgrades / packages / hotfixes the nodes need to be able to connect to our file server (HTTP - port 80):
dev.cloudtrax.com & files.cloudtrax.com
Again, the resolving IP addresses might change.
To debug hard-to-track problems right in your network, our access points are equipped with a tunnel software allowing us to connect via SSH (TCP - port 18991):
For denying the access points to establish this connection back to us, it suffices to block access to vpn.cloudtrax.com (fixed IP).
For access to beta builds and portals, make sure access is kept open to:
5xx (or newer) firmware utilizes a new check-in service (HTTPS - port 443):