Reply
Emerging Member
Posts: 43
Registered: ‎09-06-2017

Cloud Key -- Ubiquiti IPs / Domains Used for Updates, etc ???

Does anyone know or can a Ubiquiti employee comment on what domains are access by the Cloud Key for updates and whatever else it needs/uses? This is so I can whitelist these on our firewall.

 

So far I see:

  • dl.ui.com
  • Something at ubnt.com (hosted on Amazon)
  • Something at Google
  • NTP to public IPs that are not what I defined
  • http and https traffic

I can try and reverse engineer this.. but I'd rather just see an article from Ubiquiti on the matter.

 

Established Member
Posts: 1,190
Registered: ‎04-07-2013
Kudos: 550
Solutions: 47

Re: Cloud Key -- Ubiquiti IPs / Domains Used for Updates, etc ???

You filter egress traffic? For certain situations egress filtering is fine...this isn't one of them.

When you receive a solution to your question/issue, don't forget to mark your thread as solved and to give kudo's to the people who have helped you out!
New Member
Posts: 36
Registered: ‎02-14-2014
Kudos: 21
Solutions: 2

Re: Cloud Key -- Ubiquiti IPs / Domains Used for Updates, etc ???

Thanks, oh enlightened one............

Highlighted
Established Member
Posts: 2,005
Registered: ‎10-26-2013
Kudos: 442
Solutions: 87

Re: Cloud Key -- Ubiquiti IPs / Domains Used for Updates, etc ???


@vbman213 wrote:

You filter egress traffic? For certain situations egress filtering is fine...this isn't one of them.


Anyone interested in real security does egress filtering. For my CK, I don't particularly care where it goes, but I only allow it out on 80, 123, 443, and 8883.

I could watch my WatchGuard firewall's live traffic while doing an update...if I were that bored...and then only allow it outbound to the specific places. In fact, I think I used to have the domains/IPs in my target list, but now it's just Any-External.

Gregg

Reply