8. Opening ports on a firewall¶
ShimmerCat accelerator is “Software As A Service” (SaaS), and its logic runs at our central cloud. Therefore, communication is needed between the ShimmerCat edge servers and the central cloud service. If your edges are running behind a firewall, you need to make sure that the edges can communicate with the following endpoints:
220.127.116.11 ("amqp.staging.c.shimmercat.com"), TCP . These ports handle TLS-encrypted “push” operations from the cloud service. Ports
18.104.22.168 ("accelerator.shimmercat.com"), TCP. This is the API endpoint. Normal HTTPS traffic, port
22.214.171.124 ("logs-ingress.shimmercat.com"), UDP, port
7881. This is where we collect logs. The traffic only needs to be allowed from the edges to the server, at the moment there is no traffic in this port on the opposite direction.
In all cases, it should be enough to open the firewall with ordinary network address translation (NAT) rules, using standard IP session tracking to map incoming traffic from outside to nodes inside the firewall. For the services above, there is no need of reverse port forwarding to the edges, since our core cloud service doesn’t connect to the edges, it happens the other way around.