Some users may have more advanced networks that may be blocking outbound access on their firewalls. In some cases, this may prevent Alta Labs devices from communicating with the cloud controller.

Note: These firewall changes are only necessary if you’re using the free cloud controller. If the Alta Control Appliance or self-hosted options are in use, these changes are not necessary.

Ports:

1. TCP Port 443; may also be referred to as HTTPS in some firewalls
2. UDP Port 123*; may also be referred to as NTP

3. UDP Port 53 for DNS

4. TCP port 443 for DNS-over-HTTPS

* - Required for time synchronization purposes via the Internet only.

Hostnames:

1. manage.alta.inc
2. ping.alta.inc
3. dl.alta.inc
4. For NTP only:
   1. 0.openwrt.pool.ntp.org
   2. 1.openwrt.pool.ntp.org
   3. 2.openwrt.pool.ntp.org
   4. 3.openwrt.pool.ntp.org

Protocols:

Please ensure you have ICMP enabled on the LAN side of your router. You can further narrow this down to a specific subnet and/or VLAN if desired. ICMP is not required nor recommended for the WAN side.

DHCP or statically assigned DNS servers will be used in parallel with hard-coded DNS-over-HTTP servers (CloudFlare, Google, and OpenDNS) for the AP/Switch/Route10

Devices connected to Alta Equipment will typically use their DHCP/statically-assigned DNS, and will only use the forwarding DNS server on the APs (which uses the same DNS servers as the AP’s internal DNS) if they are not authorized on the network (whether by schedule or hotspot authentication, etc.).