Firewall Considerations for Support Link (formerly Telos Connect)
This article covers firewall considerations that can affect Support Link (previously Telos Connect in some products). This does not cover any firewall in particular but describes the requirements.
Support Link, if enabled, allows secure, encrypted access to logs and config files on several Telos products.
As of this writing, Support LInk uses one of three geographically located servers for redundancy and load balancing as required. Of particular note is the location of the servers.
The servers used are;
- zip.telos-systems.com - US Virginia data center
- zip2.telos-systems.com - Amsterdam data center
- zip3.telos-systems.com - Singapore data center
Telos Connect also needs access to secure.telos-systems.com
The outbound connection uses HTTPS on port 443.
Support Link will attempt to send an outbound UDP message on port 31000. It also uses HTTPS / TCP connections on port 443.
If both of those are blocked, Support Link will not work.
All connections are established outbound. Telos will never attempt to connect to your device.
All connections will be from one of those servers. No additional IP addresses or hostnames need to be accounted for.
Let us know how we can help
If you have further questions on this topic or have ideas about improving this document, please contact us.