Device Network Access

LmP devices have no ingress network requirements. However, they do need to connect to external services for device management:

Host Protocol Port(s) Description
ota-lite.foundries.io* TCP 8443 Device gateway
ostree.foundries.io* TCP 8443 OSTree server for updates
hub.foundries.io TCP 443 Docker container registry
storage.googleapis.com TCP 443 OSTree and Docker redirects
time[1234].google.com UDP 123 Primary NTP servers
time.cloudflare.com UDP 123 Last fallback NTP server
api.foundries.io TCP 443 If using lmp-device-register
app.foundries.io TCP 443 If using lmp-device-register

* When a factory has PKI enabled it will have it’s own unique DNS name for the device-gateway and OSTree servers. These DNS names can be found by running fioctl keys ca show --pretty | grep DNS.

You may do other customizations to a device that require it to access additional services not mentioned here. Common ones include:

  • A WireGuard VPN server
  • Third-party container registries like Docker (registry-1.docker.io, auth.docker.io, index.docker.io, etc)