When the packagers and origin servers are located in different data centers, you should secure origin servers from external attacks. If the IP address and the origin server port are publicly accessible, protect the origin server with at least the following firewall settings:
Allow traffic only for the origin server's port as the destination.
Permit only white-listed or known packager IP addresses to send requests.