Network interfaces & requirements
The gateway has two independent network interfaces: The uplink network and the anchor network.
Here, the port for the uplink network is labeled LAN1 or UPLINK (depending on when you received your gateway), and the ports for the anchor network are labeled ANCHOR NETWORK (internally they’re all connected to each other).
If you would have a gateway mini having only two ports: LAN1 and LAN2. Then the port labeled LAN2 will be the uplink port and the LAN1 will be the anchor network port.
The uplink network is used to connect the gateway to your home or company network. Through this port, the gateway is expected to reach the internet. By default the gateway will request an IP address from the DHCP server running on this network, but it’s also possible to define a static IP address for the gateway.
The anchor network is used to connect the anchors to the gateway. It is strongly recommended that only anchors (and network switches) are connected to this network. Also from a security point of view we recommend the anchor network to be isolated either physically or by using VLANs. On the anchor network of the gateway, a DHCP server is configured which assigns IP addresses within the subnetwork 10.0.0.1/24. When a device is connected to the anchor network, it will receive an IP address from the gateway, and it will be able to access the gateway through the static IP address 10.0.0.254.
Sometimes, it may occur that the subnet 10.0.0.1/24 is already in use for a different application. This is fine and will work if the anchor network is physically separated from the other network. Although if this is not the case and switches are shared for different applications, VLANs need to be configured on the switches. This will give problems if the subnet or any overlapping subnet is used in another part of the network. In these situations we can configure a different subnet on the gateway for the anchor network, contact us on email@example.com.
If you are using the Pozyx system from the cloud, make sure that the correct IP addresses and ports are whitelisted in your firewall. The Gateway: Info page in the web application will highlight the required ports in green if they are accessible, or in red otherwise. A summary of the used ports and IP’s is given below:
Port 123 (NTP)
This port should be opened to all IP, unless a local NTP server is used. The NTP configuration of the gateway can be changed in the devices → Gateway:info page by clicking the “edit NTP configuration” button.
Port 53 (DNS)
This port should be opened for all IP in order to do domain name resolution, translating all the Pozyx FQDN’s and NTP domain names to an IP-address. A local DNS server can be used if this DNS server is advertised in the DHCP lease message from the DHCP server in the local network.
Port 1194 (OpenVPN)
This port should only be opened for IP 22.214.171.124 in order for Pozyx engineers to give remote support. If this port is closed, the positioning system will still work but the possibility of remote support is limited.
Port 443 (HTTPS and WSS)
This port has to be opened for 5 FQDN’s and their corresponding IP:
- static IP = 126.96.36.199
This IP is permanent for now but be aware that we are in the progress of migrating our Cloud services to managed EKS. Once the migration is done this IP will change one time to 3 new static addresses. These address will be:
HTTPS and WSS
Required for usage of the Pozyx web application in the cloud and OpenVPN (the gateway needs to authenticate itself to our cloud and request a VPN certificate before it can establish a VPN connection to our VPN server).
Enables optional network system time synchronization. NTP is only needed for time synchronization with an already existing network. Internal synchronization of our RTLS (= synchronization of the clocks in the Pozyx anchors) does not require this.
Required for remote support by Pozyx engineers.
Required for usage of the Pozyx web application in the cloud and OpenVPN.