Corporate WiFi Access for robots

This is a guide on how the Cobalt robots can connect to your corporate network

The Cobalt robot requires a good wifi connection to be able to operate and notify your security team of any security anomalies. The robot does have a cellular backup for emergencies (e.g. a power outage), but it is not designed for primary use.

Network Requirements

The robot routes all traffic from itself through Wireguard VPN tunnels. The VPN tunnels terminate in our AWS VPC at our VPN gateway. Wireguard runs over UDP on ports 51820 and 51821. In addition, the robot also performs periodic self tests of its connection using a TCP connection to port 80 on the Google's time-server and ping to one of Google's DNS servers. To facilitate required communication this traffic cannot be blocked.

  1. Allow TCP traffic on port 80 to and from (Google's time-server)
  2. Allow ICMP traffic to and from (Google's DNS servers)
  3. Allow UDP traffic on ports 51820, 51821 to and from
  4. Allow UDP traffic on ports 51820, 51821 to and from
  5. Allow UDP traffic on ports 51820, 51821 to and from
  6. No "Captive Portal", for example an airport style page that must be clicked through before connecting.
  7. Cobalt can provide the robot's MAC address for DHCP address reservation or firewall allowlisting.
  8. Minimum 16 Mbps upload and download speed. 
  9. Minimum wifi signal strength of -60dBm in any areas that will be patrolled.
  10. Authentication: WPA, WPA-2, WPA-Enterprise, or open.

How to connect the robot to your network

All direct configuration of the robot is done by your Cobalt technician, who will need the following information from your IT contact:

  1. If your WiFi network is configured with WPA / WPA2:
    1. SSID
    2. Password (if applicable)
  2.  If your WiFi network is configured with WPA-Enterprise
    1. Identity (if applicable)
    2. Anonymous Identity (if applicable)
    3. Phase 1 Authentication Parameter (if applicable)
    4. Phase 2 Authentication Parameter (if applicable)
  3. We will provide the robot's MAC address, in case your IT team needs to allowlist the robot to bypass any firewall rules that might conflict with our Network Requirements or to associate with DHCP address reservation.  We can also configure the robot to use a static IP address of your IT team's choice, rather than doing DHCP.
  4. We recommend having a representative from IT available during the first 1-2 days of a deployment to help troubleshoot any network connection issues we encounter.