Firewall / Security

At TilliT, we place the highest importance on security and employ the latest and most advanced technologies to keep your confidential information safe. We take security seriously and employ industry-recommended measures such as encrypted data storage and secure authentication methods to protect your data. With TilliT, you can feel confident knowing your information is secure and protected.

Web App

Access to the following domains is required for the TilliT web application to work on a client PC/Tablet or Phone. All connections are outbound, where the client initiates a connection to the domain provided.

Domain
Traffic
Port

tillit.cloud

HTTPS

443

<tenant>.tillit.cloud

HTTPS

443

cognito-idp.ap-southeast-2.amazonaws.com **

HTTPS

443

o131673.ingest.sentry.io

HTTPS

443

** For Australia & New Zealand. If using North America, use us-east-2. If using Europe, use eu-central-1

Access to the following domains are only required if the associated feature is enabled.

Feature
Domain
Traffic/Port

GS1 Barcode Scanning

cdn.jsdelivr.net

HTTPS/443

SSO / Active Directory

Your Auth URL

HTTPS/443

TilliT Edge

The Following outbound firewall rules need to be in place for proper connectivity. You may use a wildcard (e.g., *.amazonaws.com) at your own risk.

Australia & New Zealand

Domain Name
Protocol
Ports

tillit.cloud

TCP (HTTPS)

443

iot.tillit.cloud

TCP (MQTT)

8883

logs.ap-southeast-2.amazonaws.com

TCP (HTTPS)

443

production-tillit-edge-au.s3.ap-southeast-2.amazonaws.com

TCP (HTTPS)

443

c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.com

TCP (HTTPS)

443

acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.com

TCP (MQTT)

8883,443,8443

greengrass-ats.iot.ap-southeast-2.amazonaws.com

TCP (HTTPS)

443

evergreencomponentmanageme-artifactbucket7410c9ef-b7nmxghuaqsx.s3.ap-southeast-2.amazonaws.com

TCP (HTTPS)

443

Americas

Domain Name
Protocol
Ports

tillit.cloud

TCP (HTTPS)

443

iot-us.tillit.cloud

TCP (MQTT)

8883

logs.us-east-2.amazonaws.com

TCP (HTTPS)

443

production-tillit-edge-us.s3.us-east-2.amazonaws.com

TCP (HTTPS)

443

c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.com

TCP (HTTPS)

443

acgtk2he491xh-ats.iot.us-east-2.amazonaws.com

TCP (MQTT)

8883,443,8443

greengrass-ats.iot.us-east-2.amazonaws.com

TCP (HTTPS)

443

evergreencomponentmanageme-artifactbucket7410c9ef-m8ax4z2bcf3q.s3.us-east-2.amazonaws.com

TCP (HTTPS)

443

Proxy Exceptions

TilliT Edge, powered by AWS IoT Greengrass, utilises mutual TLS (mTLS) to establish secure connectivity to the cloud. Any proxy software that performs decryption of a TLS connection will break this connectivity. Please add the following endpoints as exceptions to your proxy software.

Australia & New Zealand

Domain Name
Ports

c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.com

443

acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.com

443

Americas

Domain Name
Ports

c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.com

443

acgtk2he491xh-ats.iot.us-east-2.amazonaws.com

443

Special Considerations for Edge Devices

Our Edge Devices require a connection to an NTP and DNS server to operate correctly. If your IT network requires specific NTP or DNS endpoints to be set, then engage with our support team to load these details onto the device. Otherwise, the devices will require the provided firewall access.

Domain Name
Protocol
Ports

0.au.pool.ntp.org 1.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.org

UDP

123

8.8.8.8

TCP/UDP

53

System Updates for the OS are device dependant. Please see below for each device

Device Type
Domain
Protocol
Port

Revolution Pi

repo.raspbian.org

HTTP

80

MSI NUC

security.ubuntu.org

HTTP

80

Last updated