Agent Firewall Allowlisting Rules

Refer to this document for a list of addresses to optimize Automox agent functionality as well as addresses needed to patch Microsoft OS versions from Windows update.

Regarding Ad Blockers - We recommended disabling ad blockers (such as uBlock Origin) for the Automox Console, as ad blockers can adversely impact the functionality of the product.

Network and firewall requirements for running the Automox agent

If your organization has egress filtering on the firewall, you will need to allow access to the following hostnames / IP addresses for the Automox agent to communicate with the cloud platform. All agent communications take place over port 443 (https).

Agent access to content uploaded for use with Worklets and Required Software Policies:

  • automox-policy-files.s3.us-west-2.amazonaws.com

Note: The platform-IP addresses are subject to change. Add the hostnames to your list of trusted sites, if possible, or regularly check for the latest IPs assigned to the platform.

Recommended approach using URL

Domain

Protocol(s)

Direction

Ports

*.automox.com

TCP

Outbound

443

*.digicert.com

TCP

Outbound

80

*.digicertcdn.com

TCP

Outbound

80

http://app.launchdarkly.com

TCP

Outbound

443

clientstream.launchdarkly.com

TCP

Outbound

443

events.launchdarkly.com

TCP

Outbound

443

Additional recommendations for Automox Remote Control

Domain

Protocol(s)

Direction

Ports

http://d1ovafk2iqpmhd.cloudfront.net/

TCP, UDP

Outbound

80

*.rc.automox.net

TCP, UDP

Outbound

7844

region1.v2.argotunnel.com

TCP, UDP

Outbound

7844

region2.v2.argotunnel.com

TCP, UDP

Outbound

7844

cftunnel.com

TCP, UDP

Outbound

7844

h2.cftunnel.com

TCP, UDP

Outbound

7844

quic.cftunnel.com

TCP, UDP

Outbound

7844

http://api.cloudflare.com

TCP, UDP

Outbound

443

update.cloudflare.com

TCP, UDP

Outbound

443

http://pqtunnels.cloudflareresearch.com

TCP, UDP

Outbound

443

  • Alternative approach using IP addresses:

    • Check for current IP addresses by running the following command: nslookup api.automox.com

Recommended Approach Using Specific URLs

In addition to the URLs shown above, the following URLs should be added to your allowlist, particularly if your firewall does not support the use of wildcards:

Domain

Protocol(s)

Direction

Ports

api.automox.com

TCP

Outbound

443

console.automox.com

TCP

Outbound

443

ct.automox.com

TCP

Outbound

443

rc.automox.com

TCP, UDP

Outbound

443

storage-cdn.prod.automox.com

TCP

Outbound

443

worklet-signing.prod.automox.com

TCP

Outbound

443

installation-reporting-service.prod.automox.com

TCP

Outbound

443

llm.automox.com

TCP

Outbound

443

downloadexport.automox.com

TCP

Outbound

443

policyreport.automox.com

TCP

Outbound

443

download-export-cdn.prod.automox.com

TCP

Outbound

443

Proxy and Firewall Considerations

Windows

See Windows Update troubleshooting: Issues related to HTTP/Proxy

You might choose to apply a rule to permit HTTP RANGE requests for the following URLs:

*.download.windowsupdate.com

*.dl.delivery.mp.microsoft.com

*.delivery.mp.microsoft.com

Firewall

See Windows Update troubleshooting: Device cannot access update files

Protocol

Endpoint URL

TLS 1.2

*.prod.do.dsp.mp.microsoft.com

HTTP

emdl.ws.microsoft.com

HTTP

*.dl.delivery.mp.microsoft.com

HTTP

*.windowsupdate.com

HTTPS

*.delivery.mp.microsoft.com

TLS 1.2

*.update.microsoft.com

TLS 1.2

tsfe.trafficshaping.dsp.mp.microsoft.com

 

Note: Make sure to not use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.

Note: When leveraging split-tunneling with a VPN, make sure to include these endpoints in your list of sites with direct access to the internet.

The Automox Agent Notifier must be added to the Windows Defender Firewall Allowed Applications.

Microsoft Windows 10 Connection Points

Microsoft provides a complete list of connection points per Windows 10 feature version. Here is a link to the connection point document for Windows 10 version 20H2 (refer to the links on the left for other feature versions).

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints

macOS

See Use Apple products on enterprise networks.

Was this article helpful?
0 out of 0 found this helpful