# Network Requirements [![image.png](https://docs.nexuscare.co.uk/uploads/images/gallery/2025-12/scaled-1680-/9SObLeLHNV0gkpdB-image.png)](https://docs.nexuscare.co.uk/uploads/images/gallery/2025-12/9SObLeLHNV0gkpdB-image.png) It’s essential to configure your collector device properly for seamless communication within your LAN and beyond. Let’s break down the network requirements for the collector device: 1. **Collector Deployment Considerations**: - The collector device must have a **local/internal** **static IP address**, **local subnet & local gateway** which ensures consistent communication to the local IT network and a host device for the mobile application. - **Outbound WAN Rules (Collector Connecting to the Internet)**: - In general we recommend allowing all traffic outbound for the collector, however the following ports at minimum must be opened for outbound communication: - Port **51820 (TCP/UDP)**: Used by WireGuard VPN. - Port **53**: DNS - Port **80**: API calls to our platform - Port **443**: API calls to our platform. - Port **5050**: Downloading Docker updates 2. **Inbound WAN Rules (Internet sources connecting to the collector)** - We **do not** require any inbound rules or communication to the unit, it should **not** be internet accessible. Instead, our unit opens a wireguard tunnel outbound to us and we do all communication over this tunnel. 3. **Internal LAN Rules (Handsets Accessing the Collector)**: - Handsets using the mobile app should have unrestricted access via the LAN to the collector on the following ports: - Port **80 (TCP)**: HTTP for local communication. - Port **5557 (TCP)**: Local app socket communication - Port **5559 (TCP)**: Local app socket communication - Port **8083 (TCP)**: Local app socket communication There are some ranges used for internal communication within the collector, and for communication to the Wireguard network we operate. **You** **must avoid using the following ranges:** 1. **Onsite Config Network**: - Network Range: **192.168.150.0/24** - Purpose: Used for onsite local configuration & initial set-up. (Engineer Use Only) - Ensure that other devices or networks do not overlap with this range. 2. **Wireguard VPN Network**: Creates a tunnel between the cloud site and local collector. - Network Range: **10.8.0.0/22** - Purpose: Used for Wireguard VPN connections via the local collector to the cloud servers, transports all nurse call data to cloud servers and allows management to the local collector and assists with OTA upgrades & system patching. - Prevent any IP address conflicts with this range. 3. **Docker Network**: - Network Range: **172.17.0.0/16** - Purpose: Used by Docker containers. Simplifies deployment and OTA upgrades. - Be cautious not to use IP addresses within this range elsewhere. By default all traffic that is not destined for the local network of the collector is routed via the wireguard tunnel. This means **if you operate your handsets on a different network range** or if you operate multiple ranges you will see some handsets fail to communicate with the collector. In this instance **please provide the following information** to our support team and we will be able to add the necessary routes to our collector - IP Range - Subnet Mask - Gateway IP (**must be within the local subnet the collector communicates using**)