Skip to main content

Whitelisting URLs and Ports

To facilitate communication between the edge device and the cloud services, it's necessary to whitelist specific URLs and ports on your network or firewall. The following URLs and ports need to be whitelisted:

ServiceFQDNProtocols (Port)DirectionExplanation
Container registry (Microsoft)mcr.microsoft.comHTTPS (443)OutboundAccess to Microsoft's container registry for storing and deploying container images.
Container registry (Facts)facts.azurecr.ioHTTPS (443)OutboundAccess to the PA Facts container registry for storing and deploying container images.
Container registry (Custom)<custom-environment>.azurecr.ioHTTPS (443)OutboundAccess to any custom container registry for storing and deploying customer specific container images.
IoT Hubazure-device.netHTTPS (443), AMQP (5671), MQTT (8883)OutboundAccess to the IoT Hub service to allow the Facts edge device to communicate securely and reliably with cloud-based resources.
DPSazure-device-provisioning.netHTTPS (443)OutboundAccess to the Azure Device Provisioning Service (DPS).
DPS Globalglobal.azure-devices-provisioning.netHTTPS (443)OutboundAccess to the global Azure Device Provisioning Service (DPS).
Dockerhub.docker.comHTTPS (443)OutboundAccess to the Docker registry for storing and deploying container images.
Microsoft Linux Packagespackages.microsoft.comHTTPS (443)OutboundDownloading necessary Linux packages provided by Microsoft such as moby and iot-edge.
Configuration and Scriptsgithub.com/AzureHTTPS (443)OutboundDownloading necessary configuration and script files.
IoT Centralazureiotcentral.comHTTPS (443), AMQP (5671), MQTT (8883)OutboundAccess to the IoT Central service to allow the Facts edge device to communicate securely and reliably with cloud-based resources.
important

Given that IoT Hub and DPS services are dynamically created by the Facts on Demand system, it's critical to whitelist azure-device.net and azure-device-provisioning.net, along with their respective subdomains, to ensure smooth communication and operation.

note

If you're using the Enterprise Version with custom modules, you'll need to permit access to your custom container registry, in addition to the default Microsoft and Facts container registries. Your custom container registry will typically have a URL in the format of <custom-environment>.azurecr.io.

note

If you require support to unblock these URLs and ports, please consult with your network administrator or IT department. They can assist you in configuring your network or firewall to permit outbound traffic on these URLs and ports.