Tulip is designed to have minimal IT requirements. The most simple description is: If you can access the web, you can access Tulip. The rest of this article is meant for individuals with a background in Information Technology (IT) and addresses the specific firewall settings required to access Tulip.

If this is your first time hearing about Tulip, it may be helpful to watch our 2 minute introduction video.

Admin Interface

  • The Tulip admin interface (https://your-account.tulip.co) can be accessed from your web browser just like any other website. The admin interface currently only supports the Google Chrome browser and requires HTTPS over port 443.
  • Note that Tulip makes extensive use of websockets, a type of long-lived connection, to enable our real-time updates. These websockets use SSL-encryption over port 443 just as noted above, however, some proxies do not support these connections and some network monitors may need to whitelist these connections. You can check your connection compatibility at: https://your-account.tulip.co/networkCheck.

Tulip Player

Tulip Gateway - Normal Operation

  • The Gateway must make outgoing requests to https://your-account.tulip.co using TCP on port 443.
  • The Gateway must resolve https://your-account.tulip.co with a DNS. This is usually done using TCP on port 53, but may be done through a proxy.
  • The Gateway must make outgoing requests to a variety of NTP time servers using UDP on port 123 in order to synchronize its clock. There is a detailed list of NTP servers at the bottom of this document.
  • The Tulip Gateway does support HTTP proxies and custom SSL certificates. This is configured in the Gateway Portal.
  • Note that Tulip makes extensive use of websockets, a type of long-lived connection, to enable our real-time updates. These websockets use SSL-encryption over port 443 just as noted above, however, some proxies do not support these connections and some network monitors may need to whitelist these connections. You can check your connection compatibility at: https://your-account.tulip.co/networkCheck.

Tulip Gateway - Over-the-air Updates

Tulip Connector Host

  • In order for a Cloud Connector Host to connect to an external system, incoming connections will need to be allowed from Tulip’s Cloud. This means that all resources (such as an internal API or Database) need a publicly-resolvable DNS record or IP address. Many of our customers use port forwarding to limit the number of DNS records or IP addresses to provision and firewall whitelisting to block requests that do not come from Tulip.  See the section below for particular source IP addresses to whitelist.
  • If you will be running a Connector Host on-site, please refer to our Connector Host Requirements article.

Bandwidth Requirements

Tulip is a very versatile tool that can be used for all types of different use cases. As such, the exact bandwidth requirements will vary depending on your use.

In general, Tulip does not require more bandwidth than a typical computer that is browsing the web. Deployments with Machine Monitoring that are processing 1000s of events per second may require additional bandwidth, but this is easily scaled and monitored during a phased deployment.

More important than the bandwidth, however, is the stability of the connection. If the connection to the internet is intermittent (dropping off and reconnecting every few seconds for example), it will take substantially longer for a message to be passed from your computer to Tulip's servers.

A simple utility is available at https://<your-account>.tulip.co/networkCheck to help you test your network connection.

Tulip IP Address Ranges

This section includes the ranges of IP addresses for particular regions. All requests from Tulip will originate from within these IP ranges. Furthermore, clients must have access to these IP address ranges to function properly.

To load assets such as images and videos, your clients will need outgoing access to our AWS S3 resources.

Contact Tulip for details if you are not sure which region applies to you.

North America - Tulip Standard (AWS) Cloud

  • 3.208.72.192/26

North America - Tulip Azure Cloud

  • 3.208.72.192/26
  • 23.96.58.54
  • 52.170.251.156
  • 52.224.191.152/30

North America - US GovCloud West

  • 3.208.72.192/26
  • 52.61.162.10
  • 52.222.21.191
  • 52.222.47.65
  • 52.222.55.193
  • 96.127.64.206
  • 96.127.114.157

Europe - Central

  • 3.121.68.52
  • 3.126.157.29
  • 3.127.99.196
  • 3.208.72.192/26
  • 18.185.231.254
  • 18.197.252.122
  • 35.157.130.74
  • 35.158.235.163
  • 52.28.75.198
  • 52.28.199.118
  • 52.59.10.173

DMG Mori EU

  • 3.208.72.192/26
  • 51.105.126.240
  • 51.124.87.41

DMG Mori Japan

  • 3.208.72.192/26
  • 20.48.15.3

CSV Import

In order to be able to import a CSV into a Tulip Table, outgoing access to the following IPs must be allowed:

  • 76.223.22.92
  • 13.248.159.14

The hostnames are api.importcsv.tulip.co and portal.importcsv.tulip.co.

Gateway NTP Server Requirements

Access to the following NTP servers should be allowed via UDP traffic on port 123.

  • 0.north-america.pool.ntp.org
  • 1.north-america.pool.ntp.org
  • 2.north-america.pool.ntp.org
  • 3.north-america.pool.ntp.org
  • time.apple.com
  • time1.google.com
  • time2.google.com
  • time3.google.com
  • time4.google.com
Did this answer your question?