We have recently bought 5 Draytek 2862ln router's to test with the idea that if the ACS2 portal does what we need it to, it will become our default solution for our other 40+ sites.

We have installed the software on an AWS Unbuntu instance and have been told by Draytek that we need to add the following firewall rules:
Firewall Rules
For installations of VigorACS behind a firewall, please review firewall settings below

Outbound
1. Licence Registration: TCP 80 & 443 to auth.draytek.com
2. Licence Registration: TCP 80 & 443 to myvigoreu.draytek.com
3. Licence Registration: TCP 80 & 443 to myvigor.draytek.com
4. DNS: UDP 53
5. CPE Polling: TCP 8069 (Source port TCP any, Destination port TCP 8069)
6. STUN Communication: UDP Any (Source port UDP 3478, Destination port any)

Inbound
1. Access to Management portal and CPE Communication to VigorACS: TCP http/https port (eg TCP 80,443)
2. STUN Communication: UDP 3478

When we try to add the first 3 in AWS we are given the error 'The destination needs to be a Prefix List ID, CIDR block or a Security Group ID.'

We have other problems activating the licence but we believe these are tied to this core problem.

In the AWS security groups I dont think you can set a destination hostname so the easiest is to allow all outbound

For inbound the following should be ok, support will be able to belp in more detail though

UDP 3478 0.0.0.0
TCP 80 0.0.0.0
TCP 443 0.0.0.0

Hi Admin2,

Thanks for the help we have now got this working based of what you suggested!