Corporate WiFi Access for robots

This is a guide on how the Cobalt robots can connect to your corporate network

The Cobalt robot requires a good wifi connection to be able to operate and notify your security team of any security anomalies. The robot does have a cellular backup for emergencies (e.g. a power outage), but it is not designed for primary use.

Network Requirements

The robot routes all traffic from itself through a Wireguard VPN tunnel. The VPN tunnel terminates in our AWS VPC at our VPN gateway. Wireguard runs over UDP on ports 51820 and 51821. In addition, the robot also establishes a TCP connection on port 80 with the Google Time and DNS servers.

  1. DNS resolution to our VPN gateways at vpn.cobaltrobotics.com and vpn2.cobaltrobotics.com
    1. This requires unblocked TCP traffic on port 80 to and from 8.8.8.8 and 8.8.4.4 (Google's DNS servers)
    2. Ensure that pinging 8.8.8.8 replies successfully
  2. Unblocked UDP traffic on ports 51820, 51821 to and from vpn.cobaltrobotics.com and vpn2.cobaltrobotics.com
    1. Note: the IPs of these servers may change, but the domain names will not
  3. Unblocked TCP traffic on port 80 to and from 216.239.35.0 (Google's time-server, used as a self-test host for networking)
  4. No "Captive Portal" e.g. an airport style page that must be clicked through before connecting.
    1. Note: Cobalt can provide the robot's MAC address to whitelist it from any firewalls that might conflict with the above requirements. 
  5. Minimum 16 Mbps upload and download speed. 
  6. Minimum wifi signal strength of -60dBm in any areas that will be patrolled.
  7. Authentication: WPA, WPA-2, WPA-Enterprise, or open.

How to connect the robot to your network

All direct configuration of the robot is done by your Cobalt technician, who will need the following information from your IT contact:

  1. If your WiFi network is configured with WPA / WPA2:
    1. SSID
    2. Password (if applicable)
  2.  If your WiFi network is configured with WPA-Enterprise
    1. Identity (if applicable)
    2. Anonymous Identity (if applicable)
    3. Phase 1 Authentication Parameter (if applicable)
    4. Phase 2 Authentication Parameter (if applicable)
  3. We will provide the robot's MAC address, in case your IT team needs to whitelist the robot to bypass any firewall rules that might conflict with our Network Requirements. 
    1. If needed, we can also configure the robot to use a static IP address of your IT team's choice, rather than doing DHCP.
  4. We recommend having a representative from IT available during the first 1-2 days of a deployment to help troubleshoot any network connection issues we encounter.