Network requirements for Evolo Gateway

Network and security requirements for Evolo Gateway

Written By Aleksander Bless

Last updated 14 days ago

For the Evolo Gateway to communicate with the Evolo platform and receive updates, the following ports and domains must be open for outbound traffic.

Standard installations (cloud)

Domain	Protocol	Port	Purpose
*.balena-cloud.com	TCP	443	VPN tunnel, updates, terminal access
hub.evolo.no	TCP	443	Communication with the Evolo platform
app.evolo.no	TCP	443	Access to the application
—	UDP	123	NTP (time synchronization). Not required if local NTP is used via DHCP
—	UDP	53	DNS. Not required if local DNS is provided via DHCP

On-Premise installations (closed networks)

For local installations without full internet access, the following domains must be open so that we can update Evolo. Alternatively, we can transfer updates manually via file/FTP systems.

Domain	Protocol	Port	Purpose
registry-1.docker.io	TCP	443	Docker registry
auth.docker.com	TCP	443	Docker authentication
download.docker.com	TCP	443	Downloading Docker packages
hub.docker.com	TCP	443	Docker Hub
production.cloudflare.docker.com	TCP	443	Docker Content Delivery

Summary

Always open TCP port 443 to the necessary domains for communication and updates.
Open UDP 123 and UDP 53 if the gateway does not receive NTP/DNS via DHCP.
On-premises installations require access to Docker’s official domains for updates.