Peer Knowledge Base

What firewall settings are needed for PeerIQ updates and uploads?

Question

What firewall settings are required for PeerIQ to upload log files, diagnostics data and to check for and download software updates?

Answer

To support uploads of log files, diagnostics data, and to check for and download PeerIQ software and system updates, specific outbound firewall rules must be configured. The required settings vary depending on the function and underlying operating system.

Uploads of PeerIQ logs and analytics data

PeerIQ uploads log files and analytics data to a Peer Software-managed Amazon S3 object store.

  • Ensure that PeerIQ can traverse any network address translation (NAT) policies.

  • Allow outbound HTTPS (TCP port 443) access to: s3.amazonaws.com

Download of PeerIQ software updates

PeerIQ software updates and container images are hosted by Peer Software.

  • Allow outbound TCP port 443 (HTTPS) to the following domains:

    • https://downloads.peersoftware.com/

    • https://peerdownloads.blob.core.windows.net/ (service endpoint only)

    • https://peersoftware.azurecr.io (container registry endpoint)

These endpoints cover both the update package downloads and container registry access required by PeerIQ.

Download of system updates and containers

Because PeerIQ is installed on a Linux-based system, outbound access to the update servers for the supported Linux distribution is required. Outbound communication with these update servers must be allowed over TCP 443 (HTTPS).

Allow outbound HTTPS (TCP port 443) access to the appropriate update servers:

  • Ubuntu-based virtual appliance:

    • Allow HTTPS access to: https://*.ubuntu.com

  • Red Hat Enterprise Linux (RHEL):

    • Allow HTTPS access to:

      • https://cdn.redhat.com

      • https://subscription.rhsm.redhat.com

  • Rocky Linux:

    • Allow HTTPS access to: https://*.rockylinux.org