Skip to content

Firewall requirements

Dataplicity Agent requires only device-originated HTTPS connections. In most cases, if your device has unrestricted secure web access, Dataplicity will work without firewall changes.

This outbound-only model is what allows devices to connect from behind customer NAT and firewalls without port forwarding.

Required HTTPS URLs

In highly restricted networks where outbound HTTPS is filtered, allow the following URLs:

  • api.dataplicity.com on TCP port 443
  • m2m.dataplicity.com on TCP port 443

These are sufficient for normal agent operation. During agent reinstall, you may also need:

The service hosts are allow-list targets, not public landing pages. An HTTP request to / can return an error even when DNS, TLS, and the required agent endpoint are reachable.

Use NTP for devices without a real-time clock

The Dataplicity Agent uses HTTPS certificates that will fail if the system clock is out of range.

Many embedded Linux devices do not have an onboard RTC. After boot, the system clock can be wildly inaccurate, causing agent connections to fail.

Many Linux device boards and embedded devices do not have an onboard RTC. If you have no other way to keep the clock accurate, NTP is strongly recommended.

NTP requires UDP port 123 (UDP, not TCP).

See Security model for how outbound connections fit into the overall security design.