Network Requirements

It’s essential to configure your collector device properly for seamless communication within your LAN and beyond. Let’s break down the network requirements for Nexus Care:

1. Collector Deployment Considerations:

   • The collector device shouldmust have a static IP address, which ensures consistent communication.
   • You’ll need to configure the subnet and gateway appropriately to allow traffic flow.

2. Collector Functionality:

   • The collector reads, decodes, and processes data within the care home.
   • All routing logic occurs within the collector, and it uses a local socket connection to relay alerts to mobile devices.

3. Over-the-Air Updates and Remote Access:

   • To maintain an ever-evolving product and provide efficient support, over-the-air updates are pushed to the collector device.
   • Our technical team requires secure full remote access to manage and troubleshoot the collector.

4. Outbound Rules (Collector Connecting to the Internet):

   • In general we recommend allowing all traffic outbound for the collector, however the following ports at minimum must be opened for outbound communication:
     • Port 51820 (TCP/UDP): Used by WireGuard VPN.
     • Port 53: DNS
     • Port 80: API calls to our platform
       
     • Port 443: API calls to our platform.
     • Port 5050: Downloading Docker updates

5. Internal LAN Rules (Handsets Accessing the Collector):

   • Handsets using the mobile app should have unrestricted access via the LAN to the collector on the following ports:
     • Port 80 (TCP): HTTP for local communication.
     • Port 5557 (TCP): Custom port (ensure it’s not blocked).
     • Port 5559 (TCP): Another custom port (verify accessibility).
     • Port 8083 (TCP): Yet another custom port (check availability).

It’s crucial to avoid conflicts and ensure smooth communication within your collector’s virtual interfaces and networks. Let’s summarize the network ranges to avoid:

1. Onsite Config Network:

   • Network Range: 192.168.150.0/24
   • Purpose: Used for onsite configuration.
   • Ensure that other devices or networks do not overlap with this range.

2. Wireguard VPN Network:

   • Network Range: 10.8.0.0/22
   • Purpose: Used for Wireguard VPN connections.
   • Prevent any IP address conflicts with this range.

3. Docker Network:

   • Network Range: 172.0.17.0/16
   • Purpose: Used by Docker containers.
   • Be cautious not to use IP addresses within this range elsewhere.

To enable communication between mobile devices on different subnets and your collector, you’ll need to set up proper routing. Here are the steps to achieve this:

• In the Home Manage page of the cloud platform, navigate to the routing configuration.
• Add an entry for the mobile subnet (the one where your mobile devices reside).
• Specify the appropriate gateway IP address for the mobile subnet.
• Ensure that the routing configuration allows traffic between the mobile subnet and the collector’s subnet.

Business Grade Router & Enterprise Firewalls play a critical role in securing network traffic and controlling communication between different segments. Let’s delve into some differences below:

1. Enterprise Firewalls:

   • Enterprise-grade firewalls are more sophisticated than basic business routers. They offer advanced features such as stateful packet inspection, intrusion detection/prevention, and application-layer filtering.
   • These firewalls allow granular control over inbound and outbound traffic, ensuring security and compliance with organizational policies.

2. Complexity and Customization:

   • Enterprise firewalls can be complex due to their extensive configuration options. Network administrators tailor them to meet specific security requirements.
   • Custom rules, VPN tunnels, and access control lists (ACLs) are common components of enterprise firewall setups.

3. Business Grade Router vs. Firewalls:

   • Business grade routers often have a default configuration that allows outbound traffic by default. They focus on NAT (Network Address Translation) and basic port forwarding.
   • However, they may lack the robust security features needed for enterprise environments.
   • In contrast, firewalls are designed to protect against external threats and enforce security policies.

4. Responsibility and Due Diligence:

   • As pointed out, it is crucial for network administrators to verify and validate the configuration before deploying any network device.
   • Before deploying your collector onsite, ensure that:
     • Firewall rules align with the organization’s security policies.
     • Routing tables facilitate communication between subnets.
     • IP address ranges do not conflict.
     • Mobile devices can access the collector as intended.

Remember, a well-configured network ensures smooth operations, security, and efficient communication

Remember to configure your firewall rules and network settings accordingly to ensure smooth operation of your system!