This is a guide on how the Cobalt robots can connect to your corporate network
The Cobalt robot requires a good wifi connection to be able to operate and notify your security team of any security anomalies. The robot does have a cellular backup for emergencies (e.g. a power outage), but it is not designed for primary use.
Network Requirements
The robot routes all traffic from itself through a Wireguard VPN tunnel. The VPN tunnel terminates in our AWS VPC at our VPN gateway. Wireguard runs over UDP on ports 51820 and 51821. In addition, the robot also establishes a TCP connection on port 80 with the Google Time and DNS servers.
- DNS resolution to our VPN gateways at vpn.cobaltrobotics.com and vpn2.cobaltrobotics.com
- This requires unblocked TCP traffic on port 80 to and from 8.8.8.8 and 8.8.4.4 (Google's DNS servers)
- Ensure that pinging 8.8.8.8 replies successfully
- Unblocked UDP traffic on ports 51820, 51821 to and from vpn.cobaltrobotics.com and vpn2.cobaltrobotics.com
- Note: the IPs of these servers may change, but the domain names will not
- Unblocked TCP traffic on port 80 to and from 216.239.35.0 (Google's time-server, used as a self-test host for networking)
- No "Captive Portal" e.g. an airport style page that must be clicked through before connecting.
- Note: Cobalt can provide the robot's MAC address to whitelist it from any firewalls that might conflict with the above requirements.
- Minimum 16 Mbps upload and download speed.
- Minimum wifi signal strength of -60dBm in any areas that will be patrolled.
- Authentication: WPA, WPA-2, WPA-Enterprise, or open.
How to connect the robot to your network
All direct configuration of the robot is done by your Cobalt technician, who will need the following information from your IT contact:
- If your WiFi network is configured with WPA / WPA2:
- SSID
- Password (if applicable)
- If your WiFi network is configured with WPA-Enterprise
- Identity (if applicable)
- Anonymous Identity (if applicable)
- Phase 1 Authentication Parameter (if applicable)
- Phase 2 Authentication Parameter (if applicable)
- We will provide the robot's MAC address, in case your IT team needs to whitelist the robot to bypass any firewall rules that might conflict with our Network Requirements.
- If needed, we can also configure the robot to use a static IP address of your IT team's choice, rather than doing DHCP.
- We recommend having a representative from IT available during the first 1-2 days of a deployment to help troubleshoot any network connection issues we encounter.