Searching...

Matching results

    How to configure private networks for proper device operation

    Overview of DNS and Firewall Considerations for AirVantage and ALMS

    AirLink routers and Semtech cellular modules require access to firmware updates and work best within a managed environment. AirVantage is the management platform for Semtech modules, and AirLink Management Service (ALMS) provides additional functionality for managing AirLink routers and Semtech cellular plans. If your firewall cannot be configured for DNS-based destinations, then the IP address used must be dynamically updated through ongoing DNS resolution.

    The following are the requirements for firewall rules and required DNS entries to support these products in a safe and secure manner. These are relevant to private cellular networks, and also to router operation within a full tunnel VPN environment where management traffic is restricted.

    DNS Entries

    The following DNS entries must be propagated to your internal DNS server(s) in order to support proper router behavior. The complete domains are required as most traffic is directed to specific subdomains, including for regional data center locations.

    • airvantage.net
    • m2mop.net

    Firewall Rules

    The following ports must be allowed for outbound access (from your private network outbound to the domains listed and their corresponding responses) to the appropriate regional domains to support router communication and management, including firmware upgrades. All AirVantage and ALMS traffic should be configured by name for best results in the event of an address change.

    Note: In the case of routers that include out-of-band management (OOBM), only the Lightweight M2M (LwM2M) traffic is currently allowed through the OOBM link. Firmware downloads and log file uploads must be facilitated over a higher capacity WAN link, so firewall rules must be implemented on any private network link to support these services.

    DESTINATION PORT/PROTOCOL DESTINATION NAME FUNCTION NOTES
    UDP 5684/LwM2M bs.airvantage.net Bootstrap No device operational data is sent during bootstrap. All data is encrypted. One single global address.
    UDP 5686/LwM2M

    lw.na.airvantage.net

    lw.eu.airvantage.net

    lw.cad.airvantage.net

    lw.au.airvantage.net

    Device management communications

    All data is encrypted. Traffic is sent only to the regional data center where your account is located.

    • na is North America (USA)
    • eu is EMEA
    • cad is Canada
    • au is Australia

    TCP 443/HTTPS

    na.airvantage.net

    na.m2mop.net

    eu.airvantage.net

    eu.m2mop.net

    cad.airvantage.net

    au.airvantage.net

    Firmware downloads and log file upload

    Download is from digitally secured repository. Log files are sent over secured link. Some DNS entries are required for supporting legacy devices, and so are not needed for the newest AV/ALMS instances.

    Traffic is sent only to the regional data center where your account is located.

    • na is North America (USA)
    • eu is EMEA
    • cad is Canada
    • au is Australia

    TCP 44900/M3DA

    na.airvantage.net

    eu.airvantage.net

    cad.airvantage.net

    au.airvantage.net

    ALEOS Application Framework (AAF) traffic

    Only required by ALEOS router customers using M3DA/AAF, including ALEOS vehicle telemetry. Traffic is sent only to the regional data center where your account is located.

    • na is North America (USA)
    • eu is EMEA
    • cad is Canada
    • au is Australia

    TCP 8883/MQTT over TLS

    na.airvantage.net

    eu.airvantage.net

    cad.airvantage.net

    au.airvantage.net

    Encrypted MQTT traffic

    Only required by ALEOS router customers who have AAF applications configured to report MQTT data to ALMS, including ALEOS vehicle telemetry. Unsecured MQTT (TCP/1883) should never be used. Traffic is sent only to the regional datacenter where your account is located.

    • na is North America (USA)
    • eu is EMEA
    • cad is Canada
    • au is Australia

    TOP