Refer to this document for a list of addresses to optimize Automox agent functionality as well as addresses needed to patch Microsoft OS versions from Windows update.
Regarding Ad Blockers - We recommended disabling ad blockers (such as uBlock Origin) for the Automox Console, as ad blockers can adversely impact the functionality of the product.
Network and firewall requirements for running the Automox agent
If your organization has egress filtering on the firewall, you will need to allow access to the following hostnames / IP addresses for the Automox agent to communicate with the cloud platform. All agent communications take place over port 443 (https).
Agent access to content uploaded for use with Worklets and Required Software Policies:
automox-policy-files.s3.us-west-2.amazonaws.com
Note: The platform-IP addresses are subject to change. Add the hostnames to your list of trusted sites, if possible, or regularly check for the latest IPs assigned to the platform.
Recommended approach using URL
Domain |
Protocol(s) |
Direction |
Ports |
---|---|---|---|
*.automox.com |
TCP |
Outbound |
443 |
*.digicert.com |
TCP |
Outbound |
80 |
*.digicertcdn.com |
TCP |
Outbound |
80 |
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
Additional recommendations for Automox Remote Control
Domain |
Protocol(s) |
Direction |
Ports |
---|---|---|---|
TCP, UDP |
Outbound |
80 |
|
*.rc.automox.net |
TCP, UDP |
Outbound |
7844 |
TCP, UDP |
Outbound |
7844 |
|
TCP, UDP |
Outbound |
7844 |
|
TCP, UDP |
Outbound |
7844 |
|
TCP, UDP |
Outbound |
7844 |
|
TCP, UDP |
Outbound |
7844 |
|
TCP, UDP |
Outbound |
443 |
|
TCP, UDP |
Outbound |
443 |
|
TCP, UDP |
Outbound |
443 |
-
Alternative approach using IP addresses:
Check for current IP addresses by running the following command:
nslookup api.automox.com
Recommended Approach Using Specific URLs
In addition to the URLs shown above, the following URLs should be added to your allowlist, particularly if your firewall does not support the use of wildcards:
Domain |
Protocol(s) |
Direction |
Ports |
---|---|---|---|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP, UDP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
|
TCP |
Outbound |
443 |
Proxy and Firewall Considerations
Windows
See Windows Update troubleshooting: Issues related to HTTP/Proxy
You might choose to apply a rule to permit HTTP RANGE requests for the following URLs:
*.download.windowsupdate.com
*.dl.delivery.mp.microsoft.com
*.delivery.mp.microsoft.com
Firewall
See Windows Update troubleshooting: Device cannot access update files
Protocol |
Endpoint URL |
---|---|
TLS 1.2 |
|
HTTP |
|
HTTP |
|
HTTP |
|
HTTPS |
|
TLS 1.2 |
|
TLS 1.2 |
|
Note: Make sure to not use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail.
Note: When leveraging split-tunneling with a VPN, make sure to include these endpoints in your list of sites with direct access to the internet.
The Automox Agent Notifier must be added to the Windows Defender Firewall Allowed Applications.
Microsoft Windows 10 Connection Points
Microsoft provides a complete list of connection points per Windows 10 feature version. Here is a link to the connection point document for Windows 10 version 20H2 (refer to the links on the left for other feature versions).
https://docs.microsoft.com/en-us/windows/privacy/manage-windows-20h2-endpoints