Firewall Considerations for Support Link (formerly Telos Connect)

Updated by Bryan Jones

Scope

This article covers firewall considerations that can affect Support Link (previously Telos Connect in some products). This does not cover any firewall in particular but describes the requirements.


Description

Support Link, if enabled, allows secure, encrypted access to logs and config files on several Telos products.

Support Link is OFF by default on all products. You must enable it for our support team to be able to assist you with troubleshooting or configuration remotely.


Requirements

As of this writing, Support LInk uses one of three geographically located servers for redundancy and load balancing as required. Of particular note is the location of the servers.

The servers used are;

  • zip.telos-systems.com - US Virginia data center
  • zip2.telos-systems.com - Amsterdam data center
  • zip3.telos-systems.com - Singapore data center
The currently active data center is the Amsterdam data center. This could change, but there are no plans at the moment. This would be important if your Firewall is doing any geo-blocking.

Telos Connect also needs access to secure.telos-systems.com


Ports used

The outbound connection uses HTTPS on port 443.

Support Link will attempt to send an outbound UDP message on port 31000. It also uses HTTPS / TCP connections on port 443.

If both of those are blocked, Support Link will not work.


Connections

All connections are established outbound. Telos will never attempt to connect to your device.

All connections will be from one of those servers. No additional IP addresses or hostnames need to be accounted for.


Let us know how we can help

If you have further questions on this topic or have ideas about improving this document, please contact us.


How did we do?