# Firewall / Security At TilliT, we place the highest importance on security and employ the latest and most advanced technologies to keep your confidential information safe. We take security seriously and employ industry-recommended measures such as encrypted data storage and secure authentication methods to protect your data. With TilliT, you can feel confident knowing your information is secure and protected. {% hint style="warning" %} The endpoints listed below are intended for production use. If you wish to set up for your staging account, please contact us to request the appropriate endpoints. {% endhint %} ## Web App Access to the following domains is required for the TilliT web application to work on a client PC/Tablet or Phone. All connections are outbound, where the client initiates a connection to the domain provided. | Domain | Traffic | Port | | ------------------------------------------------- | ------- | ---- | | tillit.cloud | HTTPS | 443 | | \.tillit.cloud | HTTPS | 443 | | cognito-idp.ap-southeast-2.amazonaws.com **\*\*** | HTTPS | 443 | | o131673.ingest.sentry.io | HTTPS | 443 | **\*\*** For Australia & New Zealand. If using North America, use **us-east-2**. If using Europe, use **eu-central-1** Access to the following domains are only required if the associated feature is enabled. | Feature | Domain | Traffic/Port | | ---------------------- | ---------------- | ------------ | | GS1 Barcode Scanning | cdn.jsdelivr.net | HTTPS/443 | | SSO / Active Directory | Your Auth URL | HTTPS/443 | ## TilliT Edge The Following outbound firewall rules need to be in place for proper connectivity. You may use a wildcard (e.g., \*.amazonaws.com) at your own risk. #### Australia & New Zealand
Domain NameProtocolPorts
logs.ap-southeast-2.amazonaws.comTCP (HTTPS)443
production-tillit-edge-au.s3.ap-southeast-2.amazonaws.comTCP (HTTPS)443
c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.comTCP (HTTPS)443
acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.comTCP (MQTT)443
greengrass-ats.iot.ap-southeast-2.amazonaws.comTCP (HTTPS)443
evergreencomponentmanageme-artifactbucket7410c9ef-b7nmxghuaqsx.s3.ap-southeast-2.amazonaws.comTCP (HTTPS)443
#### Americas
Domain NameProtocolPorts
logs.us-east-2.amazonaws.comTCP (HTTPS)443
production-tillit-edge-us.s3.us-east-2.amazonaws.comTCP (HTTPS)443
c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.comTCP (HTTPS)443
acgtk2he491xh-ats.iot.us-east-2.amazonaws.comTCP (MQTT)443
greengrass-ats.iot.us-east-2.amazonaws.comTCP (HTTPS)443
evergreencomponentmanageme-artifactbucket7410c9ef-m8ax4z2bcf3q.s3.us-east-2.amazonaws.comTCP (HTTPS)443
#### Proxy Exceptions TilliT Edge, powered by AWS IoT Greengrass, utilises mutual TLS (mTLS) to establish secure connectivity to the cloud. Any proxy software that performs decryption of a TLS connection will break this connectivity. Please add the following endpoints as exceptions to your proxy software. #### Australia & New Zealand
Domain NamePorts
c3q1ipr2u5vdmn.credentials.iot.ap-southeast-2.amazonaws.com443
acgtk2he491xh-ats.iot.ap-southeast-2.amazonaws.com443
#### Americas
Domain NamePorts
c3q1ipr2u5vdmn.credentials.iot.us-east-2.amazonaws.com443
acgtk2he491xh-ats.iot.us-east-2.amazonaws.com443
### Special Considerations for Edge Devices Our Edge Devices require a connection to an NTP and DNS server to operate correctly. If your IT network requires specific NTP or DNS endpoints to be set, then engage with our support team to load these details onto the device. Otherwise, the devices will require the provided firewall access. | Domain Name | Protocol | Ports | | --------------------------------------------------------------------------------------- | -------- | ----- | |

0.au.pool.ntp.org
1.au.pool.ntp.org
2.au.pool.ntp.org
3.au.pool.ntp.org

| UDP | 123 | | 8.8.8.8 | TCP/UDP | 53 | System Updates for the OS are device dependant. Please see below for each device | Device Type | Domain | Protocol | Port | | ------------- | --------------------------------------- | -------- | ---- | | Revolution Pi | repo.raspbian.org | HTTP | 80 | | MSI NUC | security.ubuntu.org, archive.ubuntu.org | HTTP | 80 | ## Ignition {% content-ref url="/pages/OaTrC8rRvVF4KhAVWfLs" %} [Network Security](/tillit/tools/ignition-module/network-security.md) {% endcontent-ref %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.tillit.cloud/tillit/infrastructure/firewall-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.