Device Network Access
Important
IPv6 is not supported for cloud services/device-gateway
LmP devices have no ingress network requirements. However, they do need to connect to external services for device management:
Host |
Protocol |
Port(s) |
Description |
ota-lite.foundries.io* |
TCP |
8443 |
|
ostree.foundries.io* |
TCP |
8443 |
OSTree server for updates |
hub.foundries.io |
TCP |
443 |
Docker container registry |
hub-auth.foundries.io |
TCP |
443 |
Docker registry authentication service |
storage.googleapis.com |
TCP |
443 |
OSTree and Docker redirects |
time[1234].google.com |
UDP |
123 |
Primary NTP servers |
time.cloudflare.com |
UDP |
123 |
Last fallback NTP server |
api.foundries.io |
TCP |
443 |
If using lmp-device-register |
app.foundries.io |
TCP |
443 |
If using lmp-device-register |
* When a factory has PKI enabled it will have it’s own unique DNS name for the device-gateway and OSTree servers.
These DNS names can be found by running fioctl keys ca show --pretty | grep DNS.
You may do other customizations to a device that require it to access additional services not mentioned here. Common ones include:
A WireGuard VPN server
Third-party container registries like Docker (registry-1.docker.io, auth.docker.io, index.docker.io, etc)