The following information is provided to support organizations that have specific restrictions and controls in place within their IT infrastructure.
All communication between uniFLOW Online and company network components is sent encrypted via HTTPS (port 443 outbound). However, if you have restricted access out of your network, general access to the URLs and IP addresses below must be granted to reach uniFLOW Online.
uniFLOW Online email servers are used for various functionality like ‘Scan to Email’, user notifications, user registration etc. Email communication may also be blocked or subject to your company email filtering rules and policies. To ensure email traffic is not blocked we have listed our global uniFLOW Online email servers below which should be added to an ‘Allow List’.
Global hosted services
NT-ware global web services are required to provide uniFLOW Online installations, help material and resources. Please ensure you allow these sites if you are restricting traffic from and or to your organization. ALL IP and URL exclusions are required if restrictions are in place. These provide local and regional resilience and redundancy.
If you have configured uniFLOW Online to use your own email provider, it is not necessary to add these IP addresses.
 Due to some legacy device support the download for MEAP applets takes place via HTTP at present.  For creating tenants and onboarding devices via the Canon imageRUNNER ADVANCE device user interface. It will also need to resolve and access 'device02.c-cdsknn.net', 'a02.c-cdsknn.net', and 'device.c-cdsknn.net'.  NT-ware OAuth Identification Service.  IoT Hub is a managed service, hosted in the cloud, which acts as a central message hub for bi-directional communication between the uniFLOW SmartClient and the devices it manages. IOT Hub has a temporary "static" address, which is subject to change over time, so there is no IP address that can be documented here. Microsoft suggests following best practices, described in this article https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-understand-ip-address .  The Data Collection Agent (DCA) will enable the device discovery and capture device information. It will discover new devices, take meter readings and monitor all devices' device status, independent of their brand or model.  This URL is required for the uniFLOW SmartClient and MEAP devices to perform a check on Microsoft Azure functionality if a tenant or deployment is manually forced into Emergency Mode. Note that the URL has a temporary "static" IP address, which is subject to change over time so that no IP address can be documented. Microsoft suggests following the best practices described in this article.  The uniFLOW SmartClient utilizes IoT standard protocols like MQTT (via WebSocket) for real-time communication with uniFLOW Online. If SSL inspection is configured within the proxy/firewall application MQTT (via WebSocket) must be supported. In case this is not supported, the Azure IoT Hub must be bypassed for SSL inspection.