Evocon devices only need one-way access to the Internet from inside the customer network. Detailed information about the connections and the data that is sent is available here.

Required URLs for Evocon IIoT Device 3.0

• iot.evocon.com (15.197.133.85), iot1.evocon.com (35.71.154.210)
  • HTTPS protocol with TLS on port 443
  • Resolve to static IP addresses simplifying firewall rule setup for Evocon devices without requiring DNS.
  • The devices first attempt to connect via iot.evocon.com and iot1.evocon.com; if unsuccessful, they will use the amazonaws endpoint, which does not need to be opened if the two primary endpoints are accessible.
• a3ed97ktfhc5dy-ats.iot.eu-west-1.amazonaws.com (Backup, not needed if iot.evocon.com is allowed)
  • MQTT protocol with TLS on port 443.
  • Main connection for sending signal data events.
  • While the amazonaws.com endpoint has dynamic IP address, the iot.evocon.com and iot1.evocon.com have static IP-s that provide a faster and more stable connection in some cases.
• devices.evocon.com (13.248.201.79), devices1.evocon.com (76.223.88.250)
  • HTTPS protocol on port 443 and HTTP on port 80
  • Updating time (HTTPS with optional HTTP fallback)
  • Receiving firmware updates (only HTTPS)
• pool.ntp.org (Backup, not needed if devices.evocon.com is allowed. Can be replaced with local NTP server)
  • UDP 123
  • Updating device time as a fallback if time sync via HTTPS or HTTP fails. Not required in most installations.
• 1.1.1.1 or 8.8.8.8 (Backup, needed only in case the static IPs above change)
  • Global default DNS servers. Can be replaced with local DNS servers.

<aside> 📘 Evocon devices also support Static IP configuration and using a proxy server. Local NTP and DNS addresses can also be configured. Reach out to Evocon support for further information.

</aside>

<aside> ⚠️

Evocon devices use mutual TLS with Amazon-issued server certificates. Any firewall or proxy that performs TLS decryption, TLS re-signing, or SSL inspection will break the connection. These devices cannot operate unless traffic to AWS IoT endpoints is excluded from TLS inspection.

</aside>