Advanced Network Connectivity & Troubleshooting Guide

At Skykit, we recognize that every enterprise network is a unique and highly secure environment. While our devices are designed to follow standard networking protocols, the "handshake" between a device and a local network can sometimes be affected by specific security rules, power-saving features, or firewall configurations unique to your site.

If your devices are experiencing intermittent connectivity or content sync issues, this guide is designed to help your IT team identify the specific "rules of the road" in your environment so we can ensure a stable, persistent connection.

How IT Can Help: Diagnostic Steps

Because our team does not have direct visibility into your internal switch configurations or security logs, we rely on your IT expertise to help us see what is happening at the network level. We recommend the following diagnostic steps:

• Monitor Live Firewall Logs: Please monitor the firewall logs specifically for the internal IP of the Skykit device while it is running. The logs will often explicitly state if a connection is being reset by a specific module, such as DPI (Deep Packet Inspection), IPS, Session Timeout, or a Web Filter.

• Check Port Power Settings (Green Ethernet): In many high-security environments, switch ports are configured with IEEE 802.3az (Energy-Efficient Ethernet). This can cause the port to "sleep" during periods of low traffic, which may inadvertently break the device's network handshake. Disabling this on the specific ports used by Skykit players often resolves intermittent drops.

• Verify DHCP & DNS Stability: To reduce the frequency of network re-negotiations, we recommend using DHCP Reservations or Static IPs. Additionally, please ensure the device is not being affected by DNS rate-limiting, which can lead to "Unknown Host" errors in the device logs.

Common Enterprise Firewall Considerations

Enterprise-grade security is essential, but it can sometimes interpret the specialized way our devices communicate as a security risk.

• MQTT over HTTPS (Port 443): Skykit uses the MQTT protocol securely tunneled within HTTPS. Some firewalls with Deep Packet Inspection (DPI) may flag this as non-standard web traffic and kill the session. Creating an "Application Override" or bypassing DPI for Skykit endpoints ensures these real-time updates are permitted.

• SSL/TLS Inspection: Our secure MQTT tunnel uses internal certificates that may fail if your network performs Man-in-the-Middle decryption. We recommend adding *.skykit.app and *.cloudfunctions.net to your SSL Inspection Bypass ("Do Not Decrypt") list.

• TCP Session Timeouts: MQTT relies on long-lived connections. If the firewall's "idle timeout" is very short, it may silently drop the connection state. Increasing the TCP session timeout for Skykit endpoints will help maintain a persistent "heartbeat."

• Layer 7 & Content Filtering: Rules designed to block "Streaming Media" or "YouTube" can occasionally catch firebasestorage.googleapis.com. Since this domain is critical for downloading menu content and updates, please ensure it is explicitly whitelisted.

• Multi-WAN Load Balancing: If your site uses multiple internet connections, "Sticky Routing" should be implemented for Skykit devices. This ensures the connection isn't broken by a sudden change in the public IP address during a session.

• Rate Limiting / Threat Prevention. If a device goes offline and comes back, it may attempt to bulk-upload logs or download large media files simultaneously. An aggressive IPS might interpret this sudden burst of traffic as a botnet or data exfiltration and temporarily blacklist the device's IP.

Technical Requirement Summary

We Are Here to Help

If your team identifies a specific "session end" reason in your logs (such as tcp-rst-from-server or threat-blocked), please share that information with us. Identifying which specific module is triggering the reset allows us to provide more in-depth, tailored instructions for your unique environment.