Home / Support / Knowledge Base / Digi Remote Manager Firewall and Connectivity Requirements

Digi Remote Manager Firewall and Connectivity Requirements

 

Prerequisites

Before using this guide, ensure you have reviewed the configuration and troubleshooting documentation for your specific Digi device and verified that it is properly configured for Digi Remote Manager (Digi RM) connectivity.

Understanding Firewall Requirements

Firewalls protect networks from unauthorized access. Digi devices initiate an outbound TCP socket connection to Digi Remote Manager using the Easy Device Protocol (EDP). This connection creates a secure tunnel that allows device data to be pushed to Digi RM.

This article explains:

  • The IP addresses and ports used by Digi routers, gateways, and other EDP-capable devices when connecting to Digi Remote Manager.
  • How to identify the IP address behind Digi RM-related DNS names.

Recommendation: Always allow DNS resolution. If DNS cannot be used, devices must connect using IP addresses instead.

When Firewall Rules Are Likely Required

Outbound firewall rules may be required in tightly controlled network environments, including:

  • Government buildings and agencies
  • Schools and universities
  • Businesses with strict security or government contract requirements

Required Network Ports

EDP Communication

Port Protocol Purpose
3197 TCP Non-SSL EDP connection used by older devices or older firmware. Updating to newer firmware is recommended.
3199 TCP SSL EDP connection used by newer firmware. Required for all Linux-based (DAL OS) devices or SSL-only RM accounts.

Additional Required Services

Port Protocol Purpose
443 TCP HTTPS firmware downloads from firmware.devicecloud.com.
53 UDP DNS resolution for hostnames such as my.devicecloud.com and edp12.devicecloud.com.
123 UDP NTP time synchronization for all Linux-based Digi devices.

Device Time Requirements

Devices using SSL must maintain accurate date and time. Incorrect system time prevents certificate validation and will cause Digi RM connections to fail.

If a device appears in Digi RM but never shows Connected, verify that the device’s time is correct.

Which Digi RM Server Should You Use?

General Guidance

Do not manually configure a non-default Remote Manager hostname. Devices automatically select the correct server based on firmware capabilities.

If a custom hostname or IP was previously configured, remove it and allow the device to connect to:

  • my.devicecloud.com
  • edp12.devicecloud.com

Use edp12.devicecloud.com if the device:

  • Fully supports TLS 1.2
  • Should not fall back to older security protocols
  • Supports certificate negotiation
  • Runs DAL OS firmware 22.2.x or newer

Applicable devices include:

  • AcceleratedConcepts 5400-RM
  • AcceleratedConcepts 5401-RM
  • AcceleratedConcepts 6300-CX
  • AcceleratedConcepts 6310-DX
  • AcceleratedConcepts 6330-MX
  • AcceleratedConcepts 6335-MX
  • AcceleratedConcepts 6350-SR
  • AcceleratedConcepts 6355-SR
  • Digi AnywhereUSB 2 Plus (all variants)
  • Digi AnywhereUSB 8 Plus (all variants)
  • Digi AnywhereUSB 24 Plus (all variants)
  • Digi Connect EZ-Mini / EZ2 / EZ4
  • Digi ConnectIT-Mini / ConnectIT4 / ConnectIT16 / ConnectIT48
  • Digi EX12 / EX12‑PR
  • Digi EX15 / EX15‑PR / EX15W / EX15W‑PR
  • Digi EX50
  • Digi IX10 / IX14 / IX15
  • Digi IX20 (all variants)
  • Digi IX30 (all variants)
  • Digi LR54 / LR54W
  • Digi TX54 (all variants)
  • Digi TX64 (all variants)

Use my.devicecloud.com for:

Any device not listed above, or devices lacking the enhanced security support required for edp12.devicecloud.com.

Firmware Downloads: firmware.devicecloud.com

DAL devices use this server when performing device‑initiated firmware downloads. Firmware updates initiated from Digi RM instead use TCP port 3199 (EDP).

Deprecated and Removed DNS Hostnames

Deprecated (do not use):

  • devicecloud.digi.com
  • devicecloud-uk.digi.com

Removed (must not be used):

  • *.idigi.com (example: my.idigi.com, app.idigi.com)
  • *.etherios.* (example: login.etherios.com)

Determining IP Addresses for Firewall Rules

Use nslookup to determine the current IP address for a Digi Remote Manager hostname. IP addresses may change, so always verify before configuring firewall rules.

Example (Windows 10 CMD):

nslookup my.devicecloud.com
nslookup edp12.devicecloud.com
nslookup firmware.devicecloud.com

Example results (from 1/15/2026):

my.devicecloud.com        → 52.73.23.137
edp12.devicecloud.com     → 52.73.118.175
firmware.devicecloud.com  → 52.73.109.182

Time Server Information

Primary NTP Ring

time.devicecloud.com → 35.164.164.69, 52.2.40.158

Pool Servers

0.time.devicecloud.com → 52.2.40.158
1.time.devicecloud.com → 35.164.164.69

Deprecated Time Servers

  • time.digi.com
  • time.etherios.com
  • time.etherios.co.uk
  • 0.idigi.pool.ntp.org
  • 1.idigi.pool.ntp.org
  • 2.idigi.pool.ntp.org

Creating Firewall Rules

To ensure connectivity:

  1. Use nslookup to confirm the current IP address of each required server.
  2. Allow outbound access for:
    • TCP 3197 or 3199 (EDP, depending on firmware)
    • TCP 443 (firmware downloads)
    • UDP 53 (DNS)
    • UDP 123 (NTP)

If a device uses deprecated *.idigi.com or *.etherios.com hostnames, reconfigure it to:

  • my.devicecloud.com
  • edp12.devicecloud.com (if the device supports TLS 1.2)
Last updated: Jan 15, 2026

Recently Viewed

No recently viewed articles

Did you find this article helpful?