Firewall and bandwidth requirements

Solution Overview

A network appliance or VM is installed on-prem named bcxmonitor.
External connectivity either inbound OR outbound is required from this appliance or VM to (
A unique 256-bit pre-shared key is established between the on-prem bcxmonitor and
This encryption key is customer unique and is pre-configured at installation.
The encryption key is only known by your on-prem bcxmonitor and, and is not transmitted over the wire at any time.
The on-prem bcxmonitor communicates with the local devices on your network using a combination of SNMPv1/SNMPv2/SNMPv3/IPMI/ICMP/Zabbix agent and scripts over HTTPS.
This data is then securely transmitted from your on-prem bcxmonitor to using Transport Layer Security (TLS) protocol v1.2 encrypted against the pre-shared key configured at installation.

Option 1 (Active)

The on-prem bcxmonitor is assigned a local static IP address eg:
The on-prem bcxmonitor connects outbound to on TCP port 10051

The on-prem bcxmonitor requires external access to ( on TCP port 10051 in this configuration.

Option 2 (Passive)

The on-prem bcxmonitor is assigned a local static IP address eg:
A customer owned external IP address eg: is configured on the customer firewall.
The external IP address eg: mapped through to the local static IP address eg: on TCP port 10051 only.
The external firewall is configured to only accept traffic from ( talks inbound to the bcxmonitor appliance in this configuration.