Firewall rules for the CA
When on a private network, your product may have different security settings (e.g. firewall rules) than it would on a public ZipKey network. You can adjust the settings whenever you get a notification that the device has joined a new network. Look at the network type to see if it a ZipKey network or a private network and adjust your security settings accordingly. When on a ZipKey network, the CA only needs access to https://dev.cirrentsystems.com
Firewall rules to support SoftAP
If your product uses softAP for local onboarding, you need to configure your firewall rules to accept all inbound traffic on port 67 (bootp/DHCP) and port 80 (http) on the softAP interface while the SoftAP interface is up. To prevent unauthorized inbound traffic you should also set a firewall rule to drop all traffic on any other ports on the softAP interface.