Your organization has a tight security policy that mandates a firewall which blocks any external traffic, including that from your SoftNAS deployments to/from the outer world. This is preventing receipt of necessary updates.
The purpose of this document is to outline the steps required to maintain access to the required IPs for SoftNAS updates without compromising the tight security requirements of organizational policy. More details on our latest releases for SoftNAS can be found in the Buurst® SoftNAS 5 Release Notes.
Note:Buurst recommends a reboot of your system be performed prior to performing a system upgrade. This ensures that the upgrade is performed on a stable system.
Warning: If putting only one node into maintenance mode, synchronization need not occur. If both HA nodes need to be placed into maintenance, a forced synchronization will need to occur.
Our goal here, as mentioned, is to translate the mirroring system to a fixed URL or set of URLs that we can use when configuring any firewall. If you have already installed SoftNAS, in a secure VPC and are unable to open HTTP traffic to the outside world to proceed with the following steps
Please whitelist port 443 for the following domains/IP addresses:
Only outgoing access to the above domain names/IP addresses to port 443 is required. For example, to allow access on a level of AWS and/or Azure Network Security Group, only 2 outgoing ALLOW rules are required, while no new inbound rules are required.
Please whitelist outgoing TCP for the following domain/IP address:
# my.nalpeiron.com IP: 126.96.36.199/32 Please note that the IP addresses might change over time. For example, the previous version of this document had a different IP address formirror.softnas.com. At the same time, we are committed to using the same domain namessoftnas.com and mirror.softnas.com and as such whitelisting of the domain names instead of IP addresses is preferable.
Next, you can test the above changes by running the commands below and if your firewall is properly configured you should be able to get some feedback as the screenshot below: