Running Cargosnap Behind an Outbound Firewall

Firewalls are a requirement in today's world. No doubt. They keep those malicious hackers and bots "out there"! Sometimes, it may even be desirable, from a security or other business reason, to block traffic originating from your own network to the Internet.

Should you prefer to run in such an (unsupported) environment, you may benefit from some of the information provided here. Note that this is information "as is" and does not constitute a suggestion that you should actually do this or that we support it. It's just not a good idea.

Let's call it an unsupported FAQ...

Unsupported FAQ​

Q: What internet addresses does Cargosnap require for the web-based app?

A: Cargosnap requires at least https access (never http) to the following domains for the web-based app:

• app.cargosnap.com
• api.cargosnap.com
• *.cargosnap.net
• cargosnapstorage.blob.core.windows.net
• *.sentry.io for error handling and logging
• *.intercom.io for support chat
• *.google-analytics.com for analysis
• https://clients3.google.com/generate_204 for uptime checks from the mobile app
• www.google.com for uptime checks from the mobile app

Q: What internet addresses does Cargosnap require for the mobile app?

A: The mobile app requires requires access to the following domains:

• app.cargosnap.com for access to our platform services
• api.cargosnap.com for ability to upload inspections
• *.sentry.io for error handling and logging
• *.intercom.io for support chat
• *.googleapis.com supporting updatable resources for our build-in scanners
• *.firebaseapp.com supporting updatable resources for our build-in scanners
• *.gstatic.com supporting updatable resources for our build-in scanners
• *.googleusercontent.com supporting updatable resources for our build-in scanners

The Android mobile app additionally requires access to the following domains:

• play.google.com
• android.com
• google-analytics.com
• *.gstatic.com
• *.gvt1.com
• *.ggpht.com
• dl.google.com
• dl-ssl.google.com
• android.clients.google.com
• *.gvt2.com
• *.gvt3.com

For iOS, our mobile app requires access to the following domains:

• *.apple.com
• *.icloud.com

Why We Cannot Provide Individual IP Addresses and Ports​

We cannot provide individual IP addresses and ports because Cargosnap is a rapidly growing solution. We are constantly adding new servers and IP addresses to accommodate our growth. Additionally, we operate in a cloud environment where IP addresses may change frequently. This makes it impractical to maintain and provide lists of specific IP addresses for our customers. Instead, we work on a host/domain level to ensure that our services remain accessible and functional.

Additional Considerations for Mobile Devices​

For mobile devices, there are some external sites that Cargosnap requires for logging and error handling in other tools. Specifically, mobile devices need to be able to access Google Play and Sentry. It is recommended to initially start Cargosnap, especially the barcode/seal/container code scanners, on a non-blocked network. This is because they occasionally fetch updated machine learning models, which are hosted on Google Play for Android devices, where you likely also installed the app.

Additional Considerations​

• SSL/TLS Inspection: If your firewall performs SSL/TLS inspection, ensure that it is configured to trust the Cargosnap SSL certificates. This will prevent any issues with encrypted traffic.
• Bandwidth Management: Ensure that your firewall is configured to handle the bandwidth requirements of Cargosnap, especially if you are dealing with large file uploads or downloads.
• Logging and Monitoring: Enable logging and monitoring on your firewall to track the traffic related to Cargosnap. This will help you identify and troubleshoot any potential issues.

Conclusion​

By following these steps, you can ensure that Cargosnap runs smoothly and securely from behind an outbound firewall. However, please remember that running Cargosnap in an unsupported environment is not recommended, and we cannot provide support for such configurations.