Network requirements

Internet Connection

  • A wired Ethernet connection is recommended for reliable data transfer

  • Wi-Fi configuration is also available, but performance may depend on your environment

  • A minimum connection speed of 3 Mb/s upload and download per device is required

Networks with a firewall

Required Network Configuration

Essential Operation

  • Allow all outgoing TCP connections on port 443 (HTTPS) to any destination.

    • Necessary for backend connections, security updates, and remote troubleshooting.

  • Allow all outgoing UDP connections on port 53 (DNS queries).

  • Allow all outgoing TCP connections on port 53 (larger DNS queries or when UDP is unavailable).

Remote Troubleshooting

  • Allow outgoing UDP connections from local port 41641 to any remote address and port (*:41641 to *:*).

    • Used for direct WireGuard tunnels, with flexibility needed due to the dynamic nature of our provider's infrastructure.

  • Allow outgoing UDP connections to any destination on port 3478 (*:3478).

    • Used for the STUN protocol, enabling devices behind NAT to determine their public IP and port mappings.

Network setup

  • Enable DHCP for IP address assignment.

    • For custom configurations, please refer to specific instructions.

  • We also strongly recommend isolating the device (see below)

Note:

  • The device does not use a fixed set of outbound IP addresses, so broad rules are necessary to maintain connectivity. We apologize for any inconvenience and we are working to reduce this attack surface.

Isolation of device

  • Isolating the device on its own VLAN or similar port isolation is suggested

  • The device does not require internal connectivity within your network

  • *.reshapebiotech.com domain and subdomains must be reachable

    • This is for essential operation of the device. For updates, support and general maintenance we do not currently have an exhaustive outgoing list of adresses!

  • TLS/HTTPS interception is not supported

Custom configuration

This must be done before the device is shipped

  • If you require special network configuration, such as Wi-Fi, Static IP, DNS, or a proxy connection, contact us to communicate directly with your IT department.

  • It is currently not possible to self-manage the network configuration, unless using DHCP.

    • We are actively working on providing a way to self-configure network

  • We do not install arbtrary software on our devices

Additional information

  • Images are sent and securely stored on Amazon S3 servers and only accessible by your configured users

  • Device is a Linux-based machine running Debian

  • Automatic security updates are regularly applied

  • Ethernet socket connects directly to the machine

  • There is no USB port accessible on the device

  • Device does not have backup power

  • In case of a power outage, device will not automatically recover

Network block diagram can be found below:

PreviousConnecting to your networkNextImaging

Last updated