Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Unified Engineering - Spectrum

TABLE OF CONTENTS

Firewall

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedSep 03, 2025
  • 1 minute read

To fully secure the Edge Connector it is recommended that you install a firewall. You must configure the firewall to allow the required traffic detailed below.

Inbound Traffic

To configure the firewall, use the Claims Service and Page Service the following way.

Purpose

Direction

Local Port

Protocol

Action

Inbound gRPC for page service

Inbound

5005

TCP

Allow

Inbound gRPC for claims service

Inbound

5006

TCP

Allow

Note: You can configure the port numbers during installation. If you chose a different port during installation, you need to add the port to the allow-list instead.

The Edge Connector also contain a file share. You can access by AVEVA Unified Engineering using the SMB protocol over port 445.

Outbound Traffic

Most of the outbound traffic requires port 443 to communicate with the cloud service through https. If you use a least privileged mechanism on a locked down network, then they need to enable the following URLs (as well as URLs in CONNECT):

Spectrum

  • spectrum.connect.aveva.com

  • central-claims-iothub-prod.azure-devices.net

  • storeblobprod0a01211a.blob.core.windows.net

  • instalblobprod1ee8451e.blob.core.windows.net

There are a few URLs for validating certificates which use http over port 80. This is standard industry practice as the certificates are required for the https communication. For more information, refer to Manage firewall allowlist for CONNECT - CONNECT.

In This Topic
Related Links
TitleResults for “How to create a CRG?”Also Available in