Device Network Access

LmP devices have no ingress network requirements. However, they do need to connect to external services for device management:

Host Protocol Port(s) Description* TCP 8443 Device gateway* TCP 8443 OSTree server for updates TCP 443 Docker container registry TCP 443 OSTree and Docker redirects
time[1234] UDP 123 Primary NTP servers UDP 123 Last fallback NTP server TCP 443 If using lmp-device-register TCP 443 If using lmp-device-register

* When a factory has PKI enabled it will have it’s own unique DNS name for the device-gateway and OSTree servers. These DNS names can be found by running fioctl keys ca show --pretty | grep DNS.

You may do other customizations to a device that require it to access additional services not mentioned here. Common ones include:

  • A WireGuard VPN server
  • Third-party container registries like Docker (,,, etc)