Datto Networking firewall requirements

Topic

This article describes network infrastructure and configuration requirements for the Datto Networking Appliance, Datto Access Points, Datto Switches, and Datto Managed Power devices.

Environment

Datto Networking Appliance (DNA)
Datto Access Points
Datto Switches
Datto Managed Power

Description

Datto Networking Portal

Access points and Managed Power devices

Access points and Managed Power devices must have access to the following host via HTTPS (port 443) for cloud management:

cloud_ap.cloudtrax.com

Switches must reach the following host via HTTPS (port 443) for cloud management.

cloud-switch.cloudtrax.com

D200 Routers must reach the following host via HTTPS (port 443) for cloud management:

router.cloudtrax.com

Managed Power devices must reach the following host via HTTPS (port 443) for cloud management:

powerstrip.cloudtrax.com

NG7 Access Points

NG7 Access Points must have access as above. Additionally, the latest firmware uses the following for check-in and tech support access:

Ports 80, 443, and 2200-2250
events-receiver.cloudtrax.com
ap-files-mirror.cloudtrax.com
device.cloudtrax.com
52.13.65.115
162.244.87.0/24
North America: 206.201.136.0/23
EMEA: 185.217.57.0/24
Asia Pacific:
- 103.109.129.0/24
- 203.22.186.0/24
- 27.111.249.0/24

Datto Networking Appliance (DNA)

The DNA must be able to reach the following host and IP addresses:

hb.dna.datto.com
8.8.8.8
8.8.4.4
162.244.87.115
208.67.222.222
208.67.222.220

Access point fallback

Access Points must reach the following host and IP address if the primary check-in server is unavailable.

checkin-fallback.cloudtrax.com
54.245.251.231

Switch fallback

Switches must reach the following host and IP address if the primary check-in server is unavailable.

54.245.115.10

Managed power fallback

Managed Power must reach the following host and IP address if the primary check-in server is unavailable.

34.210.223.70
54.212.250.242
https://iot.cloudtrax.com

Router fallback

Routers must have access to the following host and IP address if the primary check-in server is unavailable.

54.68.39.120

Datto Connection Keeper

For a keepalive connection that transmits expedited reconfiguration events, devices must reach the following hosts:

connkeeper.cloudtrax.com
35.165.84.99
35.163.125.115
35.162.249.62

We recommend that you set TCP and HTTP timeout settings on the firewall to at least 10 minutes for stable Connection Keeper performance. To connect to Connection Keeper, Calyptix brand firewalls may require that MP10 devices be allowlisted by IP.

Network Time Protocol

Access points and switches must reach the following hosts to synchronize time:

pool.ntp.org
0.openwrt.pool.ntp.org
ntp.cloudtrax.com

The listed NTP servers must be accessible over port 123

Firmware updates

All Datto Networking devices must reach the following file servers via both HTTP (port 80) and HTTPS (port 443) for firmware updates:

dev.cloudtrax.com
files-mirror.cloudtrax.com

Advanced troubleshooting

All Datto Networking devices must reach the following host via TCP port 18991 for remote troubleshooting access and support intervention:

vpn.cloudtrax.com

For troubleshooting via RLY, devices should have access to IP range 206.201.136.0/23 over TCP ports 80,2200 and 443

Cisco router issues

Cisco router models RV350/RV345/RV345P/RV340W running firmware release 1.0.01.17 or older are unable to access all Datto Networking servers due to an issue with their content filtering system. Update to firmware release 1.0.01.1702 or newer to resolve this issue.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.