The internet connection to the Trackman Range system will need wired internet connection plugged in our network management device - Ubiquity Dream Machine Pro.

As for the IP address we have the following options to work with (see specs)

You must provide a Public IP address (best)

Alternatively, you must provide a static IP address and make sure that this remains the same to allow Trackman Support to remotely access the system. If this changes, we will lose connection to the system.

Because some of our service are behind load-balancers, with dynamically changing IP addresses, we can’t provide a list of IPs to use. IPs and DNS addresses are only listed to give an idea of what services are used by TrackMan.

Enable outgoing traffic to these ports/protocols to any IP address:

• 80/tcp, 443/tcp - HTTP(S)
• 123/tcp, 123/udp - NTP
• 22/tcp - SSH tunnel
• 53/tcp, 53/udp, 853/tcp - DNS
• 3478/udp - Tailscale remote management
• 5671/tcp, 5672/tcp - AMQP / Azure ServiceBus
• 5938/tcp, 5938/udp - TeamViewer
• 9243/tcp, 9200/tcp - Elasticsearch
• 9978/tcp - SSH tunnel (relay)
• ICMP - ping / network testing

Enable outgoing traffic from these ports/protocols to any IP address:

• 41641/udp, 41642/udp - Tailscale remote management

Some of the services we use. It might be missing some items:

• trackmangolf.com,
• trackmanrange.com,
• azure services (apis, cdn, blob storage)
• SSH Tunnels for Salt management and AD auth of servers
• Ubuntu and CentOS mirrors under Azure
• Monitoring cluster, Vault and other devops services under *.devops.trackman.com
• secomea.com - Remote management for our systems
• docker.io, Azure container registry - Containers
• ui.com - Used by Unifi devices, daily backups, remote management
• ntp.org, time.google.com servers - Used for NTP Sync
• ElasticSearch behind AWS network
• cloud.humio.com

If your firewall is blocking VPN connections, add an exception for Tailscale and WireGuard traffic.