There are a number of connectivity requirements that must be met before you can use LoadMaster 360. These ensure that data can be collected and presented successfully from managed devices and that issues are reported when detected.

To use LoadMaster 360, you must deploy at least one Connector in your network to monitor your application delivery infrastructure. This Connector reports back network metrics to LoadMaster 360. To enable this, you must allow communication from the Connector to LoadMaster 360. This communication requires HTTPS traffic to be sent. Appropriate firewall rules should be present to enable this outbound communication.

Note: The LoadMaster 360 Connector runs internal K3s services that use the following network ranges:
  • 10.42.0.0/16
  • 10.43.0.0/16

Connector deployment is not supported in environments where the local network overlaps with either of these ranges. If an overlap exists, the Connector may fail to start core services and will not operate correctly. Deploy the Connector in a non-overlapping subnet. Customizing these K3s network ranges is not currently supported.

Once it is deployed, the Connector is responsible for monitoring and gathering metrics from managed LoadMasters. To enable this, the HTTPS RESTful API is used. This requires HTTPS communication from the Connector to the admin interface (typically on port 443) on the LoadMaster. In addition to this, the LoadMaster sends syslog messages to the Connector using UDP port 514.

Note: The Connector does not support the use of HTTP or HTTPS proxies. Any proxy-related options visible in the Web User Interface (UI) are part of the underlying LoadMaster Operating System (LMOS) platform and are not functional for LoadMaster 360. These settings should be disregarded, because enabling them will not provide proxy capability.

The table below outlines all of the communication requirements:
Source Destination Public IP Address Protocol Port
Connector LoadMaster 360 HTTP(s) 443
api-portal.kemp.ax 20.126.170.207 TCP
portal.kemp.ax 20.126.170.207 TCP
Connector NTP Pool These IP addresses are region-dependent NTP 123
pool.ntp.org** UDP
Connector LoadMaster HTTP(s) 443
TCP
LoadMaster Connector syslog 514
Connector connect.kemp.ax 20.103.161.175 TCP 443
Connector axfconnector.azurecr.io**

axfconnector.westeurope.data.azurecr.io**

axfconncector.eastus.data.azurecr.io**

 TCP 443
Connector data.kemp.ax 20.76.253.12 HTTPS 9200
Connector cdn.kemp.ax 20.76.253.12 HTTPS 443
Connector * git.rancher.io 34.208.213.149

52.36.54.134

 TCP 443

* The URLs in the rows with asterisks (*) next to Connector will be removed soon.

** In general, best practice is to configure firewall rules based on the domains listed in the previous table. Some IP addresses are dynamic (particularly the ones marked with double asterisks (**)) so it is best to use the domains in these cases.