Home / Bretford Connect Docs / Configuring Your Network

Configuring Your Network

Networking & Bretford Connect

Proper network communication of the TechGuard Connect locker with the Bretford Connect service requires proper security and handling of communications ports within your network. Every network is different and the following information can help you prepare for proper configuration and troubleshooting any potential network issues you might run into during setup.

TechGuard Connect Gateway

Each TechGuard Connect locker includes a gateway that provides connectivity to the Bretford Connect service. The front of each gateway provides a series of three (3) indicator lights. These lights provide feedback on the status of the locker and its connection with Bretford Connect, and can be helpful when diagnosing connectivity difficulties

  LED-1
Gateway Power
LED-2
Network Connection
LED-3
IoT Status
Color Green Green Blue
No LED Power Off No IP address N/A
Blinking LED Power On Requesting DHCP address Connecting to IoT service
Solid LED N/A Received DHCP address and Current Time Connected to IoT service
Dynamic Network Addressing

The TechGuard Connect lockers must be able to obtain an IP address automatically from a DHCP server on the local area network. The TechGuard Connect Lockers do not accept incoming connections, but will respond to ICMP requests (ping). This can be helpful when attempting to verify IP address assignment on a local area network.

Network Time Protocol (NTP)

To properly tag and log activities for each TechGuard Connect locker within Bretford Connect, the TechGuard Connect lockers must be able to communicate with an NTP server. When configuring firewalls, network port 123 (UDP) must be set to allow communications. The default time provider is pool.ntp.org. If an alternate NTP server is preferred, traffic redirection via DNS is the recommended approach.

Security & Firewall Port Handling

All connections and bi-directional communications between the TechGuard Connect Lockers and the Bretford Connect IoT Service are initiated using TLS V1.2 mutual authentication with the cipher suite ECDHE-ECDSA-AES128-GCM-SHA256.

When connecting behind a corporate firewall, additional configuration is typically required to achieve connectivity. The following ports must be configured to allow traffic for any subnet where the lockers will be connected:

Destination Port Number TCP/UDP Inbound/Outbound Destination(s) Description
123 UDP Outbound
  • pool.ntp.org
Network Time Protocol
443 TCP Outbound
  • a1lntmlpc1erco-ats.iot.us-east-1.amazonaws.com
  • a1lntmlpc1erco.iot.us-east-1.amazonaws.com
IoT Service
8883 TCP Outbound
  • a1lntmlpc1erco-ats.iot.us-east-1.amazonaws.com
  • a1lntmlpc1erco.iot.us-east-1.amazonaws.com
IoT Service
(Firmware <V2.1.4)
80 TCP Outbound
  • ota-prd.bretford.io
  • ota.bretford.io
Over-the-air updates

Please note: Bretford Connect is a cloud-native web service that utilizes different technologies to distribute traffic across multiple servers based on geographic load. As such, the IP addresses resolved from the fully-qualified domain names in the table above are subject to change frequently and without notice. If you experience difficulties connecting your TechGuard Connect Locker, we recommend whitelisting all destinations for the ports mentioned above.

IP Whitelisting

We understand that customers need confidence that their lockers are only communicating with Bretford Connect in a secure environment. IP whitelisting is one of the most effective methods of ensuring this so we provide a downloadable CSV listing of Bretford Connect IP addresses below for our customers to reference when establishing and maintaining their corporate network. This list is subject to change over time.

Questions?

We're always happy to help with any questions you may have! If you need assistance, please contact support or our sales team.