The IXrouter uses an outgoing port to establish a secure connection to our IXON Cloud. This means there is no need to open any incoming ports in your firewall.
Below is an overview of the outgoing ports and protocols that the IXrouter utilizes.
|443, 8443(1)||TCP||HTTPS, MQTT (TLS), OpenVPN(3)|
|53(2)||TCP & UDP||DNS|
(1) Port 8443 is only used when stealth mode is activated for connectivity via a censored internet connection (i.e. when located in China).
(2) DNS requests are often handled by local DNS servers. In those cases the listed DNS port can be ignored.
(3) The very first package may be considered unencrypted as the OpenVPN handshake takes place prior to the TLS handshake. For this reason an exception may be required on firewall rules that block non-SSL traffic over SSL-ports.
Servers and DNS requests
Via these outgoing ports the IXrouter connects to different IXON servers: REST API, MQTT, and OpenVPN servers. The IP addresses of these servers, as well as the amount of servers, may change over time and are thus not pre-defined. What is pre-defined is the domain of these servers. This domain will always end with ".ixon.net" (e.g. am01.ixon.net) or ".ayayot.com" (phonetic IIoT). The IXrouter attempts to resolve these addresses by doing DNS requests. If it can't perform DNS requests, it can't connect to our servers.
MAC or IP address filter
The local IT department may choose to only grant specific devices internet access, based on the MAC address or IP address of the device. The MAC address can be obtained from the label on the side of the IXrouter. The IP address can be set to a static IP address. However, by default the IP address is set to be assigned dynamically via DHCP.