Firewall / Security
At TilliT, we place the highest importance on security and employ the latest and most advanced technologies to keep your confidential information safe. We take security seriously and employ industry-recommended measures such as encrypted data storage and secure authentication methods to protect your data. With TilliT, you can feel confident knowing your information is secure and protected.
The endpoints listed below are intended for production use. If you wish to set up for your staging account, please contact us to request the appropriate endpoints.
Web App
Access to the following domains is required for the TilliT web application to work on a client PC/Tablet or Phone. All connections are outbound, where the client initiates a connection to the domain provided.
tillit.cloud
HTTPS
443
<tenant>.tillit.cloud
HTTPS
443
cognito-idp.ap-southeast-2.amazonaws.com **
HTTPS
443
o131673.ingest.sentry.io
HTTPS
443
** For Australia & New Zealand. If using North America, use us-east-2. If using Europe, use eu-central-1
Access to the following domains are only required if the associated feature is enabled.
GS1 Barcode Scanning
cdn.jsdelivr.net
HTTPS/443
SSO / Active Directory
Your Auth URL
HTTPS/443
TilliT Edge
The Following outbound firewall rules need to be in place for proper connectivity. You may use a wildcard (e.g., *.amazonaws.com) at your own risk.
Australia & New Zealand
tillit.cloud
TCP (HTTPS)
443
iot.tillit.cloud
TCP (MQTT)
8883
logs.ap-southeast-2.amazonaws.com
TCP (HTTPS)
443
production-tillit-edge-au.s3.ap-southeast-2.amazonaws.com
TCP (HTTPS)
443
c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.com
TCP (HTTPS)
443
acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.com
TCP (MQTT)
8883,443,8443
greengrass-ats.iot.ap-southeast-2.amazonaws.com
TCP (HTTPS)
443
evergreencomponentmanageme-artifactbucket7410c9ef-b7nmxghuaqsx.s3.ap-southeast-2.amazonaws.com
TCP (HTTPS)
443
Americas
tillit.cloud
TCP (HTTPS)
443
iot-us.tillit.cloud
TCP (MQTT)
8883
logs.us-east-2.amazonaws.com
TCP (HTTPS)
443
production-tillit-edge-us.s3.us-east-2.amazonaws.com
TCP (HTTPS)
443
c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.com
TCP (HTTPS)
443
acgtk2he491xh-ats.iot.us-east-2.amazonaws.com
TCP (MQTT)
8883,443,8443
greengrass-ats.iot.us-east-2.amazonaws.com
TCP (HTTPS)
443
evergreencomponentmanageme-artifactbucket7410c9ef-m8ax4z2bcf3q.s3.us-east-2.amazonaws.com
TCP (HTTPS)
443
Proxy Exceptions
TilliT Edge, powered by AWS IoT Greengrass, utilises mutual TLS (mTLS) to establish secure connectivity to the cloud. Any proxy software that performs decryption of a TLS connection will break this connectivity. Please add the following endpoints as exceptions to your proxy software.
Australia & New Zealand
c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.com
443
acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.com
443
Americas
c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.com
443
acgtk2he491xh-ats.iot.us-east-2.amazonaws.com
443
Special Considerations for Edge Devices
Our Edge Devices require a connection to an NTP and DNS server to operate correctly. If your IT network requires specific NTP or DNS endpoints to be set, then engage with our support team to load these details onto the device. Otherwise, the devices will require the provided firewall access.
0.au.pool.ntp.org 1.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.org
UDP
123
8.8.8.8
TCP/UDP
53
System Updates for the OS are device dependant. Please see below for each device
Revolution Pi
repo.raspbian.org
HTTP
80
MSI NUC
security.ubuntu.org
HTTP
80
Last updated