Document Overview
This document outlines the network firewall configuration requirements for the Factbird DUO Industrial IoT device. These requirements ensure proper connectivity between the Factbird DUO device and AWS cloud services for data collection, processing, and management.
Device Information
Product Name: Factbird DUO
Technology: Bare-metal AWS IoT Device
Region: EU-West-1 (Ireland)
Required Outbound Firewall Rules
1. Secure MQTT Traffic (TCP Port 8883)
Port: TCP 8883 (TLS MQTT)
Direction: Outbound only
Destination: *.amazonaws.com
Purpose: Secure communication with AWS cloud services for:
- IoT Core (
*.iot.eu-west-1.amazonaws.com) - Device management and MQTT messaging
Security Note: All communication uses TLS encryption to ensure data confidentiality and integrity.
2. DNS Resolution (UDP Port 53)
Port: UDP 53
Direction: Outbound only
Destination: As configured via DHCP
Purpose: Domain Name System (DNS) resolution to translate AWS service domain names to IP addresses. This is typically handled automatically through your network's DHCP-configured DNS servers.
3. Time Synchronization (UDP Port 123)
Port: UDP 123 (NTP)
Direction: Outbound only
Destination:
pool.ntp.org*.pool.ntp.org
Purpose: Network Time Protocol (NTP) synchronization to maintain accurate system time. Precise time synchronization is critical for:
- Accurate data timestamps
- Security certificate validation
- Coordinated data collection across multiple devices
4. ICMP Connectivity Checks
Protocol: ICMP (Echo Request / Echo Reply)
Direction: Outbound only
Destination: *.iot.eu-west-1.amazonaws.com
Purpose: Internet Control Message Protocol (ICMP) echo traffic is used by the Factbird DUO device to verify network reachability and diagnose connectivity issues to upstream services. The following host must be reachable via ICMP:
- IoT Core endpoint (
*.iot.eu-west-1.amazonaws.com) - Confirms reachability to the AWS IoT Core endpoint
Security Note: ICMP echo traffic carries no application data and is used solely for connectivity diagnostics.
Summary Table
| Protocol | Port | Direction | Destination | Purpose |
|---|---|---|---|---|
| TCP | 8883 | Outbound | *.amazonaws.com | AWS cloud services communication |
| UDP | 53 | Outbound | DHCP-configured DNS | Domain name resolution |
| UDP | 123 | Outbound | pool.ntp.org, *.pool.ntp.org | Time synchronization |
| ICMP | — | Outbound | *.iot.eu-west-1.amazonaws.com | IoT Core reachability check |
Important Notes
1. No Inbound Connections Required: The Factbird DUO device does not require any inbound firewall rules. All connections are initiated from the device outward.
2. Static IP Not Required: The device can operate with DHCP-assigned IP addresses.
3. Proxy Support: The device does not currently support proxy configuration for outbound HTTPS traffic.
Security Considerations
- All data transmission occurs over encrypted channels (TLS 1.2+)
- The device only establishes outbound connections - no listening ports are opened
- AWS IoT certificates provide mutual authentication between device and cloud
- Regular security updates are delivered through the secure update channel