1 About
2 Prerequisites
3 Firewall Rules
- 3.1 MazeMap Access
- 3.2 MazeMap Indoor Positioning (LIPI)
  - 3.2.1 For Cloud Positioning (e.g., Cisco Spaces)
- 3.3 Mapbox Access
4 Steps to Configure Firewall
5 Contact Information

About

This guide is to help you configure firewall rules for accessing MazeMap services. It includes the necessary service URLs, ports, and regions, as well as additional steps for allowing the Mapbox APIs.

Prerequisites

Before you begin, ensure the following

Firewall Configuration Access: Ensure you have the necessary access to configure firewall rules or contact your IT department for assistance.

Firewall Rules

To ensure proper access to MazeMap services, configure your firewall with the following rules:

MazeMap Access

Configure your firewall to allow access to the following MazeMap services:

Service	URL	Port

Service	URL	Port
Maps	http://use.mazemap.com	443
Admin Tool	https://admin.mazemap.com/	443
Customer API	https://api.mazemap.com/	443
Kiosks	https://kiosk.mazemap.com/	443
Positioning	https://cloudpositioning.mazemap.com	443
Site Resolver	https://siteresolver.mazemap.com	443
Bookings	https://booking.mazemap.com	443
Tiles CDN	https://tiles.mazemap.com	443
FMS Updates	sftp-updates.mazemap.com	8022
Map Updates	updates.mazemap.com	443

MazeMap Indoor Positioning (LIPI)

The local network topology needs to be such that the source IP address of the packets received by the LIPI server corresponds with the local IP address of that users device in the positioning system.

That means there should be no NAT or proxy between the clients and the Proxy-LIPI server.

For On-Prem Positioning (e.g., Cisco Spaces)

Local network traffic -> port 443 -> LIPI -> port 443 -> on-prem positioning host.
Optional: Port 443 to MazeMap (allows for updates and sending heartbeats but is not required).

For Cloud Positioning (e.g., Cisco Spaces)

Local network traffic -> port 443 -> LIPI -> port 443 → cloudpositioning.mazemap.com.
This configuration will require external access.

Mapbox Access

MazeMap uses Mapbox APIs, which may require additional firewall configuration. If you encounter issues accessing Mapbox APIs behind a firewall, follow these steps:

Allow List Configuration: Add the domain api.mapbox.com to your allow list.
Handling Distributed Servers: Mapbox uses distributed and dynamically-allocated servers rather than a fixed set of IP addresses. Normally, adding mapbox.com to your allow list is sufficient.
Specific Domains Allow List: In some cases, you may also need to add the following specific domains to your allow list:
- *.mapbox.com

Steps to Configure Firewall

Access your firewall configuration settings.
Add the service URL use.mazemap.com with port 443 to the allow list for the specified regions.
Add api.mapbox.com to the allow list.
If needed, add *.mazemap.com and *.mapbox.com to the allow list to ensure all necessary subdomains are included.

Contact Information

For further assistance or if you encounter any issues, please contact your IT department or MazeMap Support or Log a MazeMap Support Ticket

MazeMap Customer Self Help

Working with Firewalls