Skip to main content

What network connections does the InteliGateway require?

  • Updated

Physical Connections

The Inteligateway (IG-302) requires a wired ethernet connection to a local LAN port.  Beyond this, the Inteligateway can be configured with a static IP address and network parameters, or receive network configuration through DHCP (static addressing may be preferred for troubleshooting).  

Via a third-party WiFi-to-Ethernet adapter, the Inteligateway can easily be connected to a WiFi network if wired ethernet is not available in the installation location.  

 

Firewall and Security Configuration

The Inteligateway is not a "router" and does not route TCP/IP traffic from sensors and sockets.  It communicates with Intelisockets and Intelisensors over a proprietary Zigbee radio mesh network, and then sends data and retrieves commands from the Ibis.io cloud service via HTTPS (HTTP over SSL).  

At installation, the Inteligateway is configured to connect to one address:  api.ibis.io via HTTPS on port 443, and optionally sets its clock via the Network Time Protocol by connecting to pool.ntp.org, using UDP traffic on port 123 in both directions.  

The inteligateway does not need any ports opened on the firewall for incoming traffic, other than allowing NTP for setting the clock.  If you cannot allow NTP for setting the gateway's clock, the gateway will set its clock via queries to the Ibis.io cloud service, which will result in fairly accurate time, but not the precision of NTP.  

The Inteligateway communicates with Ibis.io over HTTPS using the strongest SSL cipher it can negotiate, depending upon gateway firmware version this may be RSA SHA-256 with 2048 bit keys, through a range of updated ciphers.  The Inteligateway connection to Intelisockets over Zigbee is encrypted using AES-128, with no keys passed over the air.  

If your firewall controls outbound traffic, you may need to whitelist the following:

  • api.ibis.io
  • pool.ntp.org

Both of these addresses may return variable IP addresses upon resolution, given their global nature as distributed services, so you must whitelist the DNS names, not individual IP addresses.  Attempting to whitelist specific IP addresses you are given at a point in time may result in interruption of communication as IP addresses on cloud services are rotated, or as NTP servers in the public NTP server pool change.  

 

 

Related articles

Powered by Zendesk