# Network Configuration

For Lumi AI to effectively respond to requests in Chat or Boards, it requires access to the source system connections defined within each Knowledge Base. Depending on the mode/type of connection, different considerations apply.

## Direct Connections

A direct connection is the simplest connection type, providing a means for communication directly between Lumi AI's servers and the target system. Each system has different requirements for connection properties (see [Source System Integrations](/product-features/source-system-integrations.md) for more details).

With a direct connection, Lumi AI's servers initiate outbound TCP connections to your database host on its configured port (e.g. 5432 for PostgreSQL, 1433 for SQL Server, 3306 for MySQL). Your database host must have a publicly reachable IP address and accept inbound TCP connections from Lumi AI's IP addresses on that port.

For added security, you can restrict access via IP Whitelisting ([see below](#ip-whitelisting)).

## Data Gateway

A more advanced connection method, where the direct method is insufficient or not applicable, involves the use of Lumi AI's Data Gateway -- a lightweight application for mediating connections between a system in your client network and Lumi AI's backend.

This approach requires downloading, configuring, and running an instance of the Data Gateway somewhere on the network with internet access that can still communicate freely with the source system. To learn more see here [Data Gateway](/product-features/data-gateway.md).

Data Gateways require no inbound internet access. All communication is outbound-initiated HTTPS (port 443) from the gateway host to Lumi AI. IP whitelisting is generally not required, but can be applied without conflict.

### Enterprise and Firewall Considerations

**Protocol and port:** The Data Gateway communicates exclusively over HTTPS (TLS 1.2+) on port 443. No other ports or protocols are used.

**Hostname-based and SNI filtering:** If your network performs hostname or SNI-based filtering (common in DPI appliances), the following FQDNs must be explicitly allowed:

* `api.lumi-ai.com`
* `broker.lumi-ai.com`

**TLS/SSL inspection:** If your network performs SSL/TLS inspection (sometimes called SSL decryption or MITM interception), the gateway host must be configured to either exclude the above FQDNs from inspection, or trust your organization's inspection CA certificate at the OS level — the gateway uses the system certificate store. Failure to do one of the above will produce certificate validation errors and prevent the gateway from connecting.

**Firewall idle timeout:** The Data Gateway holds HTTPS connections open for up to 60 seconds while polling for work. Firewalls or DPI appliances configured with idle TCP timeouts shorter than this will drop connections prematurely. Set a minimum idle timeout of 90 seconds for connections to Lumi AI endpoints. The gateway handles reconnection automatically, but aggressive timeouts cause unnecessary connection churn.

**HTTP/HTTPS proxy:** The Data Gateway does not currently support routing through a corporate HTTP or HTTPS proxy. The gateway host requires direct outbound HTTPS access to Lumi AI endpoints. If your environment mandates proxy traversal for all outbound traffic, contact support to discuss options.

{% hint style="info" %}
Note that Data Gateways are only available for the Enterprise license tier. Direct connections are available on any tier.
{% endhint %}

## IP Whitelisting

Lumi AI uses several IP addresses for traffic inbound and outbound globally.

<table><thead><tr><th width="136.93359375">IP</th><th width="147.92578125">Region</th><th>Notes</th></tr></thead><tbody><tr><td>15.197.73.100</td><td>Global (anycast)</td><td>Data Gateway destination; <code>api.lumi-ai.com + broker.lumi-ai.com</code></td></tr><tr><td>15.197.95.231</td><td>Global (anycast)</td><td>Data Gateway destination; <code>api.lumi-ai.com + broker.lumi-ai.com</code></td></tr><tr><td>3.22.158.185</td><td>US-East</td><td>Lumi AI server egress (direct connections)</td></tr><tr><td>18.190.93.61</td><td>US-East</td><td>Lumi AI server egress (direct connections)</td></tr><tr><td>18.224.164.162</td><td>US-East</td><td>Lumi AI server egress (direct connections)</td></tr></tbody></table>

When whitelisting, all IP's should be whitelisted (not just regional or global).

For environments using hostname-based filtering, allowlist `api.lumi-ai.com` and `broker.lumi-ai.com` in addition to or in place of the IP addresses above.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lumi-ai.com/using-lumi/network-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.