I am writing to you regarding a connectivity issue we are experiencing with our device currently connected to Balena Cloud. The technical details are as follows:
Host operating system version: balenaOS 4.0.23
Firewall ports have been opened outbound for the following ports:
53 UDP
123 UDP
443 TCP
The following destination IP addresses have been allowed:
api.balena-cloud.com
registry.balena-cloud.com
vpn.balena-cloud.com and cloudlink.balena-cloud.com
s3.balena-cloud.com
The device is currently online according to its status (“STATUS Online (Heartbeat only)”) and the log console is functioning. However, all other functionalities are not accessible.
We would like to know if there are any other ports to be opened or other IP addresses to authorize to ensure full connectivity of our device with Balena Cloud.
We have traffic analysis from another device on a different network where everything is working. It seems that many destinations are being used. Currently, I’m encountering an issue with my device displaying a “Heartbeat only” status. Can someone assist me with this? You can find more information about it in this article: Sunsetting vpn.balena-cloud.com and Introducing Cloudlink - balena Blog"
It would be possible today to perform a network capture of regular traffic in your device’s networks, which would produce a list of the endpoints that your devices are using today, but we do not guarantee that this will remain static as your device’s consumption of features and the platform itself shift and change over time. For this reason, we provide a list of a few specific domains, and the wildcard *.balena-cloud.com. Some customers solve these problems by placing balena devices in a DMZ, exempting their DHCP range from certain types of firewalling, or installing the root certificate for a MITM proxy within balenaOS to allow for traffic sniffing before it leaves the network, instead of FQDN access listing. BalenaOS also supports RedSocks for proxy configuration.