Firewall/Proxy rules for MindSphere

MindConnect Element require open HTTPS and DNS ports for communication with MindSphere. You can open port 443 to enable this.

MindConnect Element will connect to the following DNS names:

<region>.mindsphere.io

For <region> enter the area that was defined in your contract, example "*.eu1".

Mindsphere uses modern cloud principles (such as content delivery networks) to achieve high availability/scalability. The above mentioned DNS names can be resolved to a large range of IP addresses based on the context of the caller and the state of the backend.

If you are trying to login from the firewall backend, you need *.eu1.mindsphere.io and in addition a MindSphere Interactive Login Page URL is required, example "diswlogin.siemens.com". The below given links are the examples for interactive logins in the browser for agents or application starting with *.eu1.mindsphere.io:

  • https://*.industrysoftware.automation.siemens.com

  • https://identity.industrysoftware.automation.siemens.com 

  • https://www2.industrysoftware.automation.siemens.com

  • https://content.industrysoftware.automation.siemens.com 

  • https://identityapi.industrysoftware.automation.siemens.com

  • https://ws-apip.industrysoftware.automation.siemens.com

  • https://cdn.auth0.com 

  • https://diswlogin.siemens.com 

  • https://static.mentor-cdn.com

To communicate agent only, you will only need the “southgate.eu1.mindsphere.io.

Port exceptions

For region eu2, please add the following port exception to enable the online firmware download:

  • https://mdspedgeprodstorageact.blob.core.windows.net