Whitelisting URLs used for communication

We have a client who wants to whitelist URLs on the 31314, 993 & 80 ports. What URLs does the imp use in communicating?


It doesn’t use HTTP, so it doesn’t use URLs.

It uses TLS 1.2 to talk to port 31314, 993 or 443 (but it does not use IMAPS or HTTPS for those last two) on our imp servers.

Further, we don’t generally publish a list of server names or IP addresses, because that restricts our ability to scale sensibly.

…if the customer wants to see the traffic, they can use the HTTP CONNECT proxy feature to steer all the imp devices (with access credentials if required) through a single gateway.

Port 80 is used for upgrades, but recent OS builds will also try (eg) 31314 to fetch updates if they can’t get through on 80.

The general procedure is to try the imp-specific ports first (ie be obvious about what the device is doing) but if those fail, fall back to generic ports that tend to be open.

Even with scale one can stick to a single TLD and use subdomains for the server names. Is there a TLD defined through which devices connect to agents.

Errrm, how would that work?

Yes, all the servers are within the electricimp.com TLD. Firewalls don’t work on TLDs, though, they see IP addresses and there’s no reverse IP for our hosts as they’re in AWS.