Skip to main content

Network Requirements

It’s essential to configure your collector device properly for seamless communication within your LAN and beyond. Let’s break down the network requirements for the collector device:

  1. Collector Deployment Considerations:

    • The collector device must have a static IP address, which ensures consistent communication.
    • Provide the subnet and gateway also to allow traffic flow.

  2. Collector Functionality:

    • The collector reads, decodes, and processes data within the care home.
    • All routing logic occurs within the collector, and it uses a local socket connection to relay alerts to mobile devices.

  3. Over-the-Air Updates and Remote Access:

    • To maintain an ever-evolving product and provide efficient support, over-the-air updates are pushed to the collector device.
    • Our technical team requires secure full remote access to manage and troubleshoot the collector.

  4. Outbound Rules (Collector Connecting to the Internet):

    • In general we recommend allowing all traffic outbound for the collector, however the following ports at minimum must be opened for outbound communication:
      • Port 51820 (TCP/UDP): Used by WireGuard VPN.
      • Port 53: DNS
      • Port 80: API calls to our platform
      • Port 443: API calls to our platform.
      • Port 5050: Downloading Docker updates
  5. Inbound WAN Rules (Internet sources connecting to the collector)
    • We do not require any inbound rules or communication to the unit, it should not be internet accessible. Instead, our unit opens a wireguard tunnel outbound to us and we do all communication over this tunnel.

  6. Internal LAN Rules (Handsets Accessing the Collector):

    • Handsets using the mobile app should have unrestricted access via the LAN to the collector on the following ports:
      • Port 80 (TCP): HTTP for local communication.
      • Port 5557 (TCP): CustomLocal portapp (ensuresocket it’s not blocked).communication
      • Port 5559 (TCP): AnotherLocal customapp portsocket (verify accessibility).communication
      • Port 8083 (TCP): YetLocal anotherapp customsocket port (check availability).communication

It’s crucial to avoid conflicts and ensure smooth communication within your collector’s virtual interfaces and networks. Let’s summarize the network ranges to avoid:

  1. Onsite Config Network:

    • Network Range: 192.168.150.0/24
    • Purpose: Used for onsite configuration.
    • Ensure that other devices or networks do not overlap with this range.

  2. Wireguard VPN Network:

    • Network Range: 10.8.0.0/22
    • Purpose: Used for Wireguard VPN connections.
    • Prevent any IP address conflicts with this range.

  3. Docker Network:

    • Network Range: 172.17.0.0/16
    • Purpose: Used by Docker containers.
    • Be cautious not to use IP addresses within this range elsewhere.

ToBy enabledefault communicationall betweentraffic mobilethat devicesis not destined for the local network of the collector is routed via the wireguard tunnel. This means if you operate your handsets on a different subnetsnetwork range or if you operate multiple ranges you will see some handsets fail to communicate with the collector. In this instance please provide the following information to our support team and yourwe collector,will you’llbe needable to set up proper routing. Here areadd the stepsnecessary routes to achieveour this:collector

  • InIP theRange
    • Home
  • Subnet ManageMask
    • page
  • Gateway ofIP (must be within the cloudlocal platform, navigate tosubnet the routingcollector configuration.
    • communicates
  • Add an entry for the mobile subnet (the one where your mobile devices reside).
  • Specify the appropriate gateway IP address for the mobile subnet.
  • Ensure that the routing configuration allows traffic between the mobile subnet and the collector’s subnet.using)

Business Grade Router & Enterprise Firewalls play a critical role in securing network traffic and controlling communication between different segments. Let’s delve into some differences below:

  1. Enterprise Firewalls:

    • Enterprise-grade firewalls are more sophisticated than basic business routers. They offer advanced features such as stateful packet inspectionintrusion detection/prevention, and application-layer filtering.
    • These firewalls allow granular control over inbound and outbound traffic, ensuring security and compliance with organizational policies.

  2. Complexity and Customization:

    • Enterprise firewalls can be complex due to their extensive configuration options. Network administrators tailor them to meet specific security requirements.
    • Custom rules, VPN tunnels, and access control lists (ACLs) are common components of enterprise firewall setups.

  3. Business Grade Router vs. Firewalls:

    • Business grade routers often have a default configuration that allows outbound traffic by default. They focus on NAT (Network Address Translation) and basic port forwarding.
    • However, they may lack the robust security features needed for enterprise environments.
    • In contrast, firewalls are designed to protect against external threats and enforce security policies.

  4. Responsibility and Due Diligence:

    • As pointed out, it is crucial for network administrators to verify and validate the configuration before deploying any network device.
    • Before deploying your collector onsite, ensure that:
      • Firewall rules align with the organization’s security policies.
      • Routing tables facilitate communication between subnets.
      • IP address ranges do not conflict.
      • Mobile devices can access the collector as intended.
Back to top