# Network Security

If the Ignition instance is secure by a firewall, then the following rules need to be implemented and allow traffic to TilliT endpoints.

{% hint style="warning" %}
It is a requirement that your firewall and Ignition server connect to the same DNS. All TilliT endpoints auto-provision new IP's on a regular basis and your DNS records must be kept up to date with these changes. DNS records in one region of the world may be different to those elsewhere. Failure to properly manage DNS will result in connectivity issues.
{% endhint %}

#### Production

| Endpoint               | Protocol | Port/s |
| ---------------------- | -------- | ------ |
| \<tenant>.tillit.cloud | https    | 443    |
| iot.tillit.cloud       | mqtts    | 8883   |

#### Stage

| Endpoint                     | Protocol | Prort/s |
| ---------------------------- | -------- | ------- |
| \<tenant>.tillit-stage.cloud | https    | 443     |
| iot.tillit-stage.cloud       | mqtts    | 8883    |

#### Development

| Endpoint                              | Protocol | Port/s |
| ------------------------------------- | -------- | ------ |
| \<tenant>.development.tillt-dev.cloud | https    | 443    |
| iot.tillit-dev.cloud                  | mqtts    | 8883   |