Edison Watch
IT & Security

Network Requirements

Connectivity and port mappings for Edison Watch.

Edison Watch acts as a security gateway. Ensure the following connectivity.

Port Mappings

PortProtocolSourcePurpose
3000TCPUser DevicesMCP Gateway (AI tool traffic)
3001TCPUser DevicesAPI Server (Dashboard & Config)
443TCPInternetCloud API/Dashboard access

Connectivity Rules

Inbound (to Edison Server)

  • Allow traffic from User Devices to ports 3000 and 3001.
  • If using a reverse proxy, expose 443 and route internally to 3001.

Outbound (from Edison Server)

  • To MCP Servers: Access to external APIs (e.g., GitHub, Slack) on 443.
  • To SIEM: Access to your SIEM endpoint (e.g., 8088 for Splunk).
  • To Database: Port 5432 if using a remote PostgreSQL instance.

Proxy Configuration

Edison Watch respects standard proxy environment variables:

HTTP_PROXY=http://proxy.internal:8080
HTTPS_PROXY=http://proxy.internal:8080
NO_PROXY=localhost,127.0.0.1,.internal.company.com

SSL/TLS Requirements

  • Minimum: TLS 1.2 or higher.
  • Certificates: Supports Let's Encrypt, commercial, or internal CA certificates.
  • Internal CAs: If using an internal CA, provide the bundle via SSL_CERT_FILE.

Health Monitoring

Use these endpoints for load balancer health checks:

EndpointExpected Response
GET /health{"status":"healthy"}
GET /health/ready{"ready":true}

Important: MCP traffic relies on WebSockets. Ensure your reverse proxy (Nginx/Caddy) is configured to handle WebSocket upgrades on the /mcp/ path.

Previous

SIEM Integration

On this page