Skip to main content

Authorizing base station flows to and from ThingPark core network for self-hosted ThingPark Enterprise

If using self-hosted ThingPark Enterprise, this topic describes the required flows to authorize in your base station deployment environment, such as proxies, firewalls... These flows allow base stations to exchange traffic with ThingPark core network, as well as external time-synchronization servers.

LRR flows when IPsec is used

#From (system)From (application)TypeProtocolDest. PortTo (system)To (application)DescriptionSTANDALONEHIGH AVAILABILITY
i1BASE STATIONstrongswan (client)BidirectionalIKE v2 (secure) MOBIKE v2 (secure)UDP/500 UDP/4500TPEstrongswanIPsec IKE (UDP) / MOBIKE (UDP) ike=aes128-sha256-ecp256,aes128-sha384-ecp384,aes256-sha512-ecp521MUSTMUST
i2BASE STATIONstrongswan (client)BidirectionalESP (secure)-TPEstrongswanESP (protocol 50) ike=aes128-sha256-ecp256,aes128-sha384-ecp384,aes256-sha512-ecp521 esp=aes128gcm128,aes256gcm128MUSTMUST
i3BASE STATIONOSUnidirectionalICMP-TPEOSPing (TPE)MUSTMUST
i4BASE STATIONKey installer (client)UnidirectionalSFTPTCP/22TPEKey installer (server)SFTP protocolMUSTMUST
i5BASE STATIONOSUnidirectionalSSH v2 (secure)TCP/22TPEOSLRR admin (Reverse SSH)MUSTMUST
i38BASE STATIONOSUnidirectionalTLSTCP/3001TPEserverCheck certificate validity on server side (only applicable to LRR version >= 2.8)MUSTMUST
i39BASE STATIONOSUnidirectionalTLSTCP/3002TPEserverCheck certificate validity on server side (only applicable to LRR version >= 2.8)MUSTMUST
i40BASE STATIONOSUnidirectionalTLSTCP/3003TPEOSCheck certificate validity on server side (only applicable to LRR version >= 2.8)MUSTMUST
n1BASE STATIONOSUnidirectionalNTPUDP/123NTP serviceserviceNTP requests when TPE is not used for NTPOPTIONALOPTIONAL
n2BASE STATIONOSUnidirectionalDNSUDP/53DNS serviceserviceDNS requestsOPTIONALOPTIONAL
n3BASE STATIONOSUnidirectionalNTPUDP/123TPENTP serviceNTP requests when TPE is used for NTPOPTIONALOPTIONAL
n4BASE STATIONOSUnidirectionalDHCP-DHCP serviceserviceDHCP requestOPTIONALOPTIONAL

LRR flows when TLS is used

#From (system)From (application)TypeProtocolDest. PortTo (system)To (application)DescriptionSTANDALONEHIGH AVAILABILITY
i3BASE STATIONOSUnidirectionalICMP-TPEOSPing (TPE)MUSTMUST
i4BASE STATIONKey installer (client)UnidirectionalSFTPTCP/22TPEKey installer (server)SFTP protocolMUSTMUST
i5BASE STATIONOSUnidirectionalSSH v2 (secure)TCP/22TPEOSLRR admin (Reverse SSH)MUSTMUST
i38BASE STATIONOSUnidirectionalIEC 104 over TLS (secure)TCP/3001TPEserverLRR IEC 104 link: LRR commands and LoRa uplink/donwlink data and metadata exchange.MUSTMUST
i39BASE STATIONOSUnidirectionalSFTP over TLS (secure)TCP/3002TPEserverLRR sofware download LRR sofware configuration downloadMUSTMUST
i40BASE STATIONOSUnidirectionalSFTP over TLS (secure)TCP/3003TPEOSLRR rf scan upload LRR software configuration uploadMUSTMUST
n1BASE STATIONOSUnidirectionalNTPUDP/123NTP serviceserviceNTP requests when TPE is not used for NTPOPTIONALOPTIONAL
n2BASE STATIONOSUnidirectionalDNSUDP/53DNS serviceserviceDNS requestsOPTIONALOPTIONAL
n3BASE STATIONOSUnidirectionalNTPUDP/123TPENTP serviceNTP requests when TPE is used for NTPOPTIONALOPTIONAL
n4BASE STATIONOSUnidirectionalDHCP-DHCP serviceserviceDHCP requestOPTIONALOPTIONAL

LRR flows when neither IPsec nor TLS is used

#From (system)From (application)TypeProtocolDest. PortTo (system)To (application)DescriptionSTANDALONEHIGH AVAILABILITY
i3BASE STATIONOSUnidirectionalICMP-TPEOSPing (TPE)MUSTMUST
i5BASE STATIONOSUnidirectionalSSH v2 (secure)TCP/22TPEOSLRR admin (Reverse SSH)MUSTMUST
i6BASE STATIONOSUnidirectionalIEC 104TCP/2404TPEserverLRR IEC 104 link: LRR commands and LoRa uplink/donwlink data and metadata exchange.MUSTMUST
i7BASE STATIONOSUnidirectionalFTPTCP/21TPEserverLRR sofware download LRR sofware configuration download.MUSTMUST
i8BASE STATIONOSUnidirectionalFTPTCP/21TPEOSLRR rf scan upload LRR software configuration uploadMUSTMUST
n1BASE STATIONOSUnidirectionalNTPUDP/123NTP serviceserviceNTP requests when TPE is not used for NTPOPTIONALOPTIONAL
n2BASE STATIONOSUnidirectionalDNSUDP/53DNS serviceserviceDNS requestsOPTIONALOPTIONAL
n3BASE STATIONOSUnidirectionalNTPUDP/123TPENTP serviceNTP requests when TPE is used for NTPOPTIONALOPTIONAL
n4BASE STATIONOSUnidirectionalDHCP-DHCP serviceserviceDHCP requestOPTIONALOPTIONAL

Basics™ Station flows (always with TLS)

#From (system)From (application)TypeProtocolDest. PortTo (system)To (application)DescriptionSTANDALONEHIGH AVAILABILITY
i42BASE STATIONSemtech Basics StationUnidirectionalHTTPS/WSSTCP/4443TPEhaproxyLNS interfaceMUSTMUST
i43BASE STATIONSemtech Basics StationUnidirectionalHTTP+TLS v1.2 (secure)TCP/443TPERCACUPS interfaceMUSTMUST
n1BASE STATIONOSUnidirectionalNTPUDP/123NTP serviceserviceNTP requests when TPE is not used for NTPOPTIONALOPTIONAL
n2BASE STATIONOSUnidirectionalDNSUDP/53DNS serviceserviceDNS requestsOPTIONALOPTIONAL
n3BASE STATIONOSUnidirectionalNTPUDP/123TPENTP serviceNTP requests when TPE is used for NTPOPTIONALOPTIONAL
n4BASE STATIONOSUnidirectionalDHCP-DHCP serviceserviceDHCP requestOPTIONALOPTIONAL
Copyright © 2023 Actility
On this page