Thin Edge Ports and Security

Harshil_Gandhi · March 21, 2023, 3:51pm

What product/components do you use and which version/fix level are you on?

Is your question related to the free trial, or to a production (customer) instance?

What are you trying to achieve? Please describe it in detail.

we would like to establish connection between thin edge installed in factory with firewall around factory network

to enable safe communication ,i would like to know the rules to be created in firewall for ports and service so that we can establish safe communication with Cumulocitz

To connect to Cumulocity IoT platform from Thin Edge device, do we need to open the following ports in your firewall:?

Port 443 (HTTPS): This port is used for secure communication between the Thin Edge device and the Cumulocity platform.
Port 1883 (MQTT): This port is used for communication between the Thin Edge device and the Cumulocity platform using the MQTT protocol.
Port 8883 (MQTT over SSL): This port is used for secure communication between the Thin Edge device and the Cumulocity platform using the MQTT protocol over SSL.
Port 5683 (CoAP): This port is used for communication between the Thin Edge device and the Cumulocity platform using the CoAP protocol.

Please provide DNS names also if applicable and other configuration
should it be DNS of our tenant on cumulocity?

please provide the reference to the documents for hybrid connectivity

If yes then we have two prospective name
1.subtenantname.tenantname.com
2.t166340278.emea.cumulocity.com

which one is valid as a valid DNS address

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed all the latest fixes for the products and systems you are using?

Murat_Bayram · March 22, 2023, 8:23am

Hi,

its not 100% clear what you need. Are you referring to thin-edge.io as agent from the device or Thick Edge as whole single node Cumulocity on e.g. industry pc?

Nevertheless the Ports 443, 1883 and 8883 are open on the public instances of Cumulocity. Thus you can connect via Rest (443) and/or via MQTT (1883/8883) through the public internet. There is no additional effort here to open anything.
The only thing that needs to be configured from within the local network is outbound of 443 and 8883/1883. No inbound needs to be opened.

You can find that e.g. here: LINK

Harshil_Gandhi · March 22, 2023, 9:09am

Hi

Thank you for the answer.
Our Edge has thin edge installed and until now it has been running through LTE

Now are are putting the machine to Factorynetwork,so we are making sure that communication is established seamlessly between Edge and Cloud.

Also wanted to make sure whether any additional settings has to be performed regarding
1.NAT
2.if there exists OT firewall.

Regards
Harshil

system · September 18, 2023, 9:09am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.