Firewall

Nattugla Supervision:

For backend communication and supervisory connection

Gate

Features

nest.nattugla.no

<your endpoint>
.nattugla.no

TCP: 443

Nest Service

stun-turn.nattugla.no

TCP: 443

TCP/UDP: 3478

STUN/TURN

Change log:

03/02/2023 :

time.android.com

- ip-api.com

23/03/2023 :

-mqtt.esper.cloud

Other services:

NTP time server

Gate

Features

2.android.pool.ntp.org

UDP/123

Server for clock synchronization

Google FCM:

Taken from Google's documentation here.
‍Traffic to these endpoints should also bypass SSL inspection. SSL intercepted traffic to Google services are often interpreted to be person-in-the-middle attacks and are blocked.

For supervisory control:

FQDN

Ports

mtalk.google.com

mtalk4.google.com

mtalk-staging.google.com

mtalk-dev.google.com

alt1-mtalk.google.com

alt2-mtalk.google.com

alt3-mtalk.google.com

alt4-mtalk.google.com

alt5-mtalk.google.com

alt6-mtalk.google.com

alt7-mtalk.google.com

alt8-mtalk.google.com

android.apis.google.com

device-provisioning.googleapis.com

firebaseinstallations.googleapis.com

fcm.googleapis.com

fcm-xmpp.googleapis.com

TCP: 5228-5230, 443

Esper (MDM system):

Esper is our management system for Nattugla.
‍If the firewall does not support wildcards, or you need static addresses: Firewall: Esper Static rules.
Esper has made some changes to the actual design and descriptions of the rules, so we have replaced the
old list with Esper's new.

FQDNs

Wildcard

Ports

Features

*.amazonaws.com

TCP: 443 (HTTPS),

TCP: 8883 (MQTT)

For provisioning, app management and device management
‍

mqtt.shoonyacloud.
com

TCP: 1883 (MQTT)

For MQTT communication with devices

services.
shoonyacloud.
com

*.shoonyacloud.com

TCP: 443 (HTTPS)

For Provisioning services and Remote Viewer APK

turn.shoonyacloud
.com

TCP/UDP: 3478 (SCTP)

TCP/UDP: 5349 (SCTP)

UDP: 49152 -65535

For Remote Viewer and Remote Control services

authn2.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

For Single Sign-on (SSO).

id.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

For Single Sign-on (SSO).

ping.esper.cloud

*.esper.cloud

Port: 443 (HTTPS)

Checks device's internet connectivity.

qhavr.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

Grants access to the Esper Console when operating under a network with a restricted outbound firewall.

qhavr-api.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

For communicating from the device to the Esper tenant. (example: device status events and command success/failure messages).

mqtt.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

For MQTT communication to devices for commands (with TLS).

downloads.esper.io

*.esper.cloud

TCP: 443 (HTTPS)

Need for standalone Esper Agent updates.

statserv.esper.cloud

*.esper.cloud

TCP: 443 (HTTPS)

Sends deployment stats and provisioning failures to Esper monitoring systems.

eea-sentry.esper.cloud

*.esper.cloud

TCP: 443

Sends telemetry data to Sentry.

dpcdownloads.esper
.cloud

*.esper.cloud

TCP: 443 (HTTPS)

For the Remote Viewer APK.

13.52.132.230

N/A

TCP: 40000-50000

For allowing secure remote ADB access to your devices and the Esper CLI.

shoonya-firebase.
firebaseio.com,
‍
*.crashlytics.com,
‍
crashlyticsreports-pa.
googleapis.com,
‍
firebasecrashlyti
cssymbols.
googleapis.com

*.firebaseio.com
*.crashlytics.com
*.googleapis.com

TCP: 443 (HTTPS)
TCP: 5228 (HTTPS)
TCP: 5229 (HTTPS)
TCP: 5230 (HTTPS)

Firebase/Crashlytics. Used to send crash reports.

https://8.8.8.8/
generate
_204

8.8.8.8

TCP: 443 (HTTPS)

Checks device's internet connectivity.

mqtt-telemetry-prod.esper.cloud

*.esper.cloud

TCP: 1883

MQTT communication to devices for commands (with TLS).

clients3.google.com/
generate_204

N/A

Port: 443 (HTTPS)

Checks device's internet connectivity.Note: Only required for devices running Esper Agent Version 7.8.7060 and below.

firebaseinstallations
.googleapis.com,
fcm.googleapis.com

*.googleapis.com

TCP: 443 (HTTPS)
TCP: 5228 (HTTPS)
TCP: 5229 (HTTPS)
TCP: 5230 (HTTPS)

Used to send commands and pings to wake up devices.

Static rule changes:

If you cannot use wildcards in the firewall, *.amazonaws.com can be replaced with this.

FQDN

Port

Notes

mqtt.esper
.cloud

TCP:8883 (MQTT over ssl)

This is an additional port on the existing entry

streamer.esper
.io

TCP: 443

Terminology:

Term

Definition

Communication Channels

Customers interact with their devices by sending commands using the Esper Console or APIs. In either case, all communication to their devices are routed via one of four communication channels that a device can use. These channels are:
‍
* AWS IOT Core
* FCM (Google Managed)
* MQTT
* HTTP

FQDN (Fully Qualified Domain Name)

A complete domain name that specifies the exact location of a resource in a hierarchical DNS (Domain Name System) structure.

HTTP (Hypertext Transfer Protocol)

A protocol used for transmitting and receiving hypertext documents on the World Wide Web. HTTP is the foundation of data communication on the internet and defines how web browsers and servers interact.

HTTPS

Hypertext Transfer Protocol Secure. A secure version of HTTP that uses encryption to protect the data transmitted between a web browser and a web server.

MQTT

Message Queuing Telemetry Transport. A lightweight publish-subscribe messaging protocol designed for low-bandwidth, high-latency, or unreliable networks. MQTT is commonly used in IoT (Internet of Things).

NTP

Network Time Protocol. A protocol used to synchronize the clocks of systems on a network. NTP ensures that all systems have accurate and synchronized time.

SCTP

Stream Control Transmission Protocol. A transport layer protocol that combines some of the features of both TCP and UDP. SCTP offers reliable, ordered, and multiplexed data transmission with congestion control and error detection.

SNTP

Simple Network Time Protocol. A simplified version of NTP that provides basic time synchronization capabilities. SNTP is often used in situations where high accuracy is not critical.

SSL

Secure Sockets Layer. A cryptographic protocol that is used to establish secure and encrypted connections between a client and a server.

Stack

A stack is a physically isolated infrastructure which can be used to create multiple customer Tenants. All customer Tenants in a stack share the same compute and storage resources.

TCP

Transmission Control Protocol. A connection-oriented communication protocol that provides reliable and ordered data delivery between two systems over a network.

UDP

User Datagram Protocol. A connectionless communication protocol that provides faster, but less reliable, data transmission compared to TCP.

Wildcard

An FQDN that can stand in for other FQDNs. It allows all variations of the subdomain. For example, the FQDN wildcard *.esper.cloud would allow dpcdownloads.esper.cloud, ping.esper.cloud, mqtt.esper.cloud, etc.

We are here for you

If you don't find the answer to your question, don't worry, we are here by your side.
Hepro : + 47 400 044 43
Easymeeting : +47 400 04 887

Firewall

Nattugla uses a wholly owned Norwegian company as its data supplier, with physical data centers in Oslo and Stavanger.
Log in to see more information about the firewall.

Please verify your email

Nattugla Supervision:

Change log:

Other services:

Google FCM:

For supervisory control:

Esper (MDM system):

Static rule changes:

Terminology:

We are here for you

Contact Details

Menu

Help

Firewall

Nattugla uses a wholly owned Norwegian company as its data supplier, with physical data centers in Oslo and Stavanger.Log in to see more information about the firewall.

Please verify your email

Nattugla Supervision:

Change log:

Other services:

Google FCM:

For supervisory control:

Esper (MDM system):

Static rule changes:

Terminology:

We are here for you

Contact Details

Menu

Help

Nattugla uses a wholly owned Norwegian company as its data supplier, with physical data centers in Oslo and Stavanger.
Log in to see more information about the firewall.