Our environment is hosted in the Azure regions of Western Europe (primary) and Northern Europe (backup). The IQ2 needs the following network configuration in order to be connected to the cloud, synchronising access control and receiving updates:
Outgoing connection to port 20 and 21 and the range 49152 to 65535.
Outgoing connection to ports 40000 and 40001
Outgoing connection to ports 80 and 443
IQ needs to be able to reach a DNS server (port 53)
Public internet connectivity
No network inactivity timeouts applied - IQs require persistent streaming connections, which are designed to be as data efficient as possible. Depending on your usage there may be prolonged periods of data transfer inactivity from an IQ.
Please note that it is the client’s responsibility to ensure stable IQ connectivity to all services that it needs. IQs that cannot update may be deemed a security risk and blocked out of the system or may fail to migrate from legacy systems and therefore be sunsetted along with those legacy systems.
IQ Network Configuration options
Please note, IQ network configuration options are exposed via the KS mobile application only. This requires physical access to your IQ to enable BLE configuration mode (pressing and releasing the reset button briefly), and physical proximity (10m/30ft) when configuring over BLE from your phone.
The IQ supports DHCP and static IP configuration options.
The IQ supports a SOCKS5 Proxy authenticated with an username and password.
The IQ currently supports setting network interface priorities. The highest priority available and internet connected interface will be used to connect to the cloud. The default priority is Ethernet → WiFi (if fitted) → M2M (if fitted).
Other notes
Network authentication via 802.1x is not supported, but please let us know if that is required.
WiFi IQs support WEP, WPA/WPA2-PSK authentication.
IQ2xx2xx reference WiFi IQs support 802.11 bgn on 2.4GHz only
IQ2xx8xx reference WiFi IQs support 802.11 ac on 2.4GHz and 5GHz
PoE IQs are 802.3 af compliant and can be used on 802.3 af and 802.3 at networks. Please note that the IQs need to be provided with the maximum power for 802.3 af (15.4W) to ensure they are stable in all scenarios.
IQ bandwidth consumption depends mainly on the access control size and number of changes applied. We have tried to minimise data usage as much as practical, however, we do not recommend using high usageIQs over metered connections. If you would like to use IQs over metered connections, please contact support for more details.
M2M IQs ship with regional and 3GPP standards compliant dongles. We have roaming agreements with multiple operations per region in most regions of the world, however, depending on your local mobile network coverage, we cannot always guarantee stable connectivity.
A non-definitive list of FQDN’s (and protocols used to them) that IQs will connect to is available below, please note that this list might change with no customer notice, so we do not advise any allowlisting based on this information:
*.my-clay.com
sentry.io/*
global.azure-devices-provisioning.net/*
*azure-devices.net
Whitelisting IP addresses - Network architecture
Please check here: https://claysolutions.freshdesk.com/support/solutions/articles/101000412415-whitelisting-ip-addresses-network-architecture
How to troubleshoot if the IQ is offline
If the IQ is connected over ethernet or Wifi, most of the time the local network should be checked, and the following steps can be performed:
1. Connect the IQ in question to a network which is approved to be working (worked with other IQs)
2. Connect the IQ to a M2M stick
And the LED sequence from the IQ should be observed:
1. Blink red, it means the IQ is offline, which is expected, please improve the local network, and then try again.
2. Permanent purple, please report the act code from the IQ to Clay support
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article