Skip to main content

Network Security

Cloud Services

  • Deployed behind load balancers with HTTPS termination
  • Rate limiting on all public endpoints
  • CORS policies configured per service

On-Premise (Tailscale Model)

  • WireGuard-based mesh VPN
  • Zero-trust networking — no open inbound ports
  • End-to-end encryption between IoT Adapter and ZenEdge
  • MagicDNS for secure service discovery

Firewall Requirements

DirectionProtocolPortPurpose
OutboundUDP41641Tailscale direct connections
OutboundHTTPS443API and relay fallback