End User GuideRelease NotesCustomer Support Portal

Firewall Rules for Connector Connectivity

Suggest Edits

The Atmos Connector requires two connectivity components as shown in the following network topology.

  1. Connector to Atmos Cloud Connectivity
  2. Connector to Customer App Connectivity
3840

Atmos Connector to the Cloud

To enable service between the Atmos Connector and the Atmos Cloud, configure your firewall and environment to allow the Atmos Connector as shown in the following sections.

Important: If the network you are placing the Connector is on 10.244.0.0/16, contact Axis Support for assistance to change the Atmos Connector 's Kubernetes network configuration to a non-conflicting 10.200.0.0/16 range.

  1. Connector->DNS (External/Local) - DNS UDP Port 53
  • For public IP resolution, including axissecurity.com names.
  • Use only secure and trustable DNS servers.
  • The DNS server must be able to resolve axissecurity.com addresses.
  1. Connector->backend-tcp.axissecurity.com - TCP Port 443
  • For agentless access to Axis Application Access Cloud.
  • IP addresses:
    • 3.33.176.114
    • 15.197.168.157
  1. Connector->backend-udp-geo.axissecurity.com - UDP Port 443
  • For Agent-based access to the Axis Application Access Cloud using Geo Proximity resolution.
  • IP addresses
    • 99.83.147.106
    • 75.2.111.171
    • 20.165.33.241
    • 40.78.142.235
    • 4.205.3.154
    • 51.16.148.64
    • 51.16.206.144
    • 34.176.202.93

📘

Important

In content-filtering firewalls, make sure that WireGuard Protocol is allowed for all entries pointing to backend-udp.axissecurity.com and any other backend-related addresses

  1. Connector->install-server.axissecurity.com - TCP Port 443
  • For installation resources for connector installation and updates.
  • IP addresses
    • 3.33.174.95
    • 15.197.177.140
  1. Connector->ops.axissecurity.com - TCP Port 443
  • For install script and Axis specific resources for connector installation and updates
  • IP addresses
    • 3.33.143.65
    • 15.197.150.161
  1. In your firewall, whitelist download.axissecurity.com if you are installing the OVA version of the Connector so that you can download it.
  2. URLs for backend discovery: backend-discovery.axissecurity.com

📘

Important

The Atmos Agent requires additional firewall rules. To learn more, see Atmos Agent Device Prerequisites.

Atmos Connector to Customer Apps

Atmos Connector to Customer Apps

To enable service between the Atmos Connector and your (Customer) applications, configure your firewall and environment to allow the relevant application traffic for each connection between the connector and application servers at the Settings > Applications screen.

📘

Important

Axis Security recommendation is to allow application traffic through the firewall by port number, when possible, to avoid incorrect classification of the traffic by the firewall; for example, if you are using RDP, use port 3389.

Once the firewall and environment is configured, log into the connector and become a root user.

Run the following command to verify that you have a root user privileges.

sudo whoami

Verifying connectivity between the Connector and each service

Here are some examples on how you can verify connectivity between the connector and each service.

Example 1: Testing Connectivity to HTTP and HTTPS Applications

To test connectivity to HTTP and HTTPS applications:
Type the following command in your terminal (shell):

curl test.axisapps.io
curl test.axisportal.io

📘

Note

The output should be a HTML page.

Example 2: Testing connectivity to SSH Servers

To test connectivity to the SSH servers:

Type into the terminal.

ssh -p <port - default is 22> <address>

📘

Note

The output should not be a timeout or a connection refused error.

Example 3: Testing Connectivity to RDP Servers

To test connectivity to RDP servers:

In the terminal, type

telnet <address> <port - default is 3389>

📘

Note

The output should not be a timeout or a connection refused error.

Connector to Apps via Proxy

For deployment scenarios in which a proxy is deployed between the connector and the published application, contact your Axis Security representative for detailed assistance.

  • Only Agentless access is supported via proxy to the published app.
  • Proxy values will be passed via the installation script (contact Axis)
  • Inline services like SSL inspection may need to be bypassed

Atmos Agent to Atmos Cloud

Use the Atmos Agent access approach when a user's device is behind a firewall or on a VPN.

Checking Connectivity to Axis Security

The following script checks connectivity to Axis Security: 

curl -kfsSLv -m 5 https://backend-tcp.axissecurity.com

Updated 9 days ago

Copyright © 2021 Axis Security. All rights reserved.