Control Computer Firewall

The firewall protects the control computer by filtering incoming traffic to remove potential threats. The firewall is enabled by default to block all inbound connections. Keep the firewall enabled and allow outbound connections.

Endpoints depend on your region and instrument type and are categorized as required, recommended, or optional. You cannot connect to Illumina cloud platforms without the required endpoints. If you block recommended endpoints, delays when logging in or increased upload times can occur. Optional endpoints allow access to support materials from Illumina.

To get access to Illumina cloud-based offerings from the Universal Copy Service, do as follows.

1. Identify the endpoints for your region and instance that are required to connect to BaseSpace Sequence Hub and Illumina Proactive.

The following table shows the applicable endpoints for each instance in the Asia Pacific (Sydney) region.

Instance

Endpoint

Basic and Professional

api.aps2.sh.basespace.illumina.com

aps2.platform.illumina.com

aps2.sh.basespace.illumina.com

aps2-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

aps2-sh-prd-seq-hub-data-bucket.s3.ap-southeast-2.amazonaws.com

basespace.illumina.com

stratus-gds-aps2.s3.amazonaws.com

stratus-gds-aps2.s3.ap-southeast-2.amazonaws.com

instruments.sh.basespace.illumina.com

Enterprise

<domain>api.aps2.sh.basespace.illumina.com

aps2.platform.illumina.com

<domain>aps2.sh.basespace.illumina.com

aps2-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

aps2-sh-prd-seq-hub-data-bucket.s3.ap-southeast-2.amazonaws.com

basespace.illumina.com

stratus-gds-aps2.s3.amazonaws.com

stratus-gds-aps2.s3.ap-southeast-2.amazonaws.com

instruments.sh.basespace.illumina.com

instruments.sh.basespace.illumina.com

The following table shows the applicable endpoints for each instance in the Canada (Central) region.

Instance

Endpoint

Basic and Professional

api.cac1.sh.basespace.illumina.com

cac1.platform.illumina.com

cac1.sh.basespace.illumina.com

cac1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

cac1-sh-prd-seq-hub-data-bucket.s3.ca-central-1.amazonaws.com

stratus-gds-cac1.s3.amazonaws.com

stratus-gds-cac1.s3.ca-central-1.amazonaws.com

instruments.sh.basespace.illumina.com

Enterprise

<domain>.api.cac1.sh.basespace.illumina.com

cac1.platform.illumina.com

<domain>.cac1.sh.basespace.illumina.com

cac1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

cac1-sh-prd-seq-hub-data-bucket.s3.ca-central-1.amazonaws.com

stratus-gds-cac1.s3.amazonaws.com

stratus-gds-cac1.s3.ca-central-1.amazonaws.com

instruments.sh.basespace.illumina.com

The following table shows the applicable endpoints for each instance in the Europe (Frankfurt) region.

Instance

Endpoint

Basic and Professional

api.euc1.sh.basespace.illumina.com

euc1.platform.illumina.com

euc1.sh.basespace.illumina.com

euc1-prd-seq-hub-data-bucket.s3.amazonaws.com

euc1-prd-seq-hub-data-bucket.s3.eu-central-1.amazonaws.com

stratus-gds-euc1.s3.amazonaws.com

stratus-gds-euc1.s3.eu-central-1.amazonaws.com

instruments.sh.basespace.illumina.com

Enterprise

<domain>.api.euc1.sh.basespace.illumina.com

euc1.platform.illumina.com

<domain>.euc1.sh.basespace.illumina.com

euc1-prd-seq-hub-data-bucket.s3.amazonaws.com

euc1-prd-seq-hub-data-bucket.s3.eu-central-1.amazonaws.com

stratus-gds-euc1.s3.amazonaws.com

stratus-gds-euc1.s3.eu-central-1.amazonaws.com

instruments.sh.basespace.illumina.com

The following table shows the applicable endpoints for each instance in the Europe (London) region.

Instance

Address

Basic and Professional

api.euw2.sh.basespace.illumina.com

eu-sh-euw2-prod-seq-hub-data-bucket.s3.amazonaws.com

eu-sh-euw2-prod-seq-hub-data-bucket.s3.eu-west-2.amazonaws.com

euw2.platform.illumina.com

euw2.sh.basespace.illumina.com

stratus-gds-euw2.s3.amazonaws.com

stratus-gds-euw2.s3.eu-west-2.amazonaws.com

instruments.sh.basespace.illumina.com

Enterprise

<domain>.api.euw2.sh.basespace.illumina.com

eu-sh-euw2-prod-seq-hub-data-bucket.s3.amazonaws.com

eu-sh-euw2-prod-seq-hub-data-bucket.s3.eu-west-2.amazonaws.com

euw2.platform.illumina.com

<domain>.euw2.sh.basespace.illumina.com

stratus-gds-euw2.s3.amazonaws.com

stratus-gds-euw2.s3.eu-west-2.amazonaws.com

instruments.sh.basespace.illumina.com

The following table shows the applicable endpoints for each instance in the Japan (Tokyo) region.

Instance

Endpoint

Basic and Professional

api.apn1.sh.basespace.illumina.com

apn1.platform.illumina.com

apn1.sh.basespace.illumina.com

apn1-sh-hub-data-bucket.s3.amazonaws.com

apn1-sh-hub-data-bucket.s3.ap-northeast-1.amazonaws.com

apn1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

apn1-sh-prd-seq-hub-data-bucket.s3.ap-northeast-1.amazonaws.com

stratus-gds-apn1.s3.amazonaws.com

stratus-gds-apn1.s3.ap-northeast-1.amazonaws.com

instruments.sh.basespace.illumina.com

Enterprise

<domain>.api.apn.1.sh.basespace.illumina.com

apn1.platform.illumina.com

<domain>.apn1.sh.basespace.illumina.com

apn1-sh-hub-data-bucket.s3.amazonaws.com

apn1-sh-hub-data-bucket.s3.ap-northeast-1.amazonaws.com

apn1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com

apn1-sh-prd-seq-hub-data-bucket.s3.ap-northeast-1.amazonaws.com

stratus-gds-apn1.s3.amazonaws.com

stratus-gds-apn1.s3.ap-northeast-1.amazonaws.com

instruments.sh.basespace.illumina.com

The following table shows the applicable endpoints for each instance in the US East (N. Virginia) region.

Instance

Endpoint

Basic and Professional

api.basespace.illumina.com

basespace-data-east.s3.amazonaws.com

basespace-data-east.s3.us-east-1.amazonaws.com

basespace-data-east.s3-external-1.amazonaws.com

ica.illumina.com

instruments.sh.basespace.illumina.com

login.illumina.com

platform.login.illumina.com

stratus-gds-use1.s3.amazonaws.com

stratus-gds-use1.s3.us-east-1.amazonaws.com

use1.platform.illumina.com

Enterprise

<domain>.api.basespace.illumina.com

basespace-data-east.s3.amazonaws.com

basespace-data-east.s3.us-east-1.amazonaws.com

basespace-data-east.s3-external-1.amazonaws.com

<domain>.basespace.illumina.com

instruments.sh.basespace.illumina.com

login.illumina.com

platform.login.illumina.com

stratus-gds-use1.s3.amazonaws.com

stratus-gds-use1.s3.us-east-1.amazonaws.com

use1.platform.illumina.com

2. Identify the endpoints for your instrument.

Each instrument includes specific endpoints that are categorized as either required, recommended, or optional. These endpoints are used for the following purposes:

Authorizing certificates
Displaying fonts
Telemetry
Accessing Illumina support material
Sending IDAT files or data to ICA

The following table shows the applicable endpoints for the iScan.

Endpoint

Category

Purpose

ica.illumina.com

Required

Send IDAT files to ICA

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material

The following table shows the applicable endpoints for the iSeq.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material

The following table shows the applicable endpoints for the MiniSeq.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material

The following table shows the applicable endpoints for the MiSeq and MiSeqDx.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material

The following table shows the applicable endpoints for the NextSeq 550 and NextSeq 550Dx.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material

The following table shows the applicable endpoints for the NextSeq 1000/2000.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

cm.everesttech.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

The NovaSeq X Series instrument uses ica.illumina.com to send data to ICA. This endpoint is required.

The following table shows the applicable endpoints for the NovaSeq 6000.

Endpoint

Category

Purpose

o.ss2.us

Required

Certificate authorization

ocsp.digicert.com

Required

Certificate authorization

ocsp.pki.goog/gsr2

Required

Certificate authorization

ocsp.rootca1.amazontrust.com

Required

Certificate authorization

ocsp.rootg2.amazontrust.com

Required

Certificate authorization

ocsp.sca1b.amazontrust.com

Required

Certificate authorization

fonts.gstatic.com

Required

Display fonts

fonts.googleapis.com

Recommended

Display fonts

cdn.walkme.com

Recommended

Telemetry

cdn3.userzoom.com

Recommended

Telemetry

dpm.demdex.net

Recommended

Telemetry

illuminainc.demdex.net

Recommended

Telemetry

illuminainc.tt.omtrdc.net

Recommended

Telemetry

smetrics.illumina.com

Recommended

Telemetry

google.com

Recommended

Telemetry

google-analytics.com

Recommended

Telemetry

stats.g.doubleclick.net

Recommended

Telemetry

illumina.com

Optional

Access Illumina support material
3. Combine the regional cloud platform and instrument specific endpoints into the allow list for your firewall.