KB_42: FAQ: Does the MicroAgent work with a proxy or firewall? What IP addresses does the MicroAgent need open for outbound communication?

Question:  Does the MicroAgent work with a proxy or firewall? What IP addresses does the MicroAgent need open for outbound communication?

Answer:  Yes, our service works with most proxy servers and firewalls. The current exceptions are SOCKS proxy and authenticated ISA proxy. The following list identifies the required IPs and Ports for our service to work with those proxy servers. You can create just one proxy rule with few exceptions if you define ranges, or one rule with each IP/port combination.

Small Exception Rule:
IP Range for TriActive MA, Help Desk, Remote, CSC, Manager:
Network Address: 66.45.78.64 /26 (range covers x.x.x.64-128)
Network Mask: 255.255.255.192
Open ports 80 and 443 (HTTP/HTTPS)
For Monitoring Customers:
IP address 216.105.97.250 port 443
IP address 216.105.97.252 port 443
For Patch Management Customers: URL exception to Microsoft - *.windowsupdate.com

If you want to exclusively define each IP and port combination, below is a comprehensive list for all traffic for each component or solution (when we add new servers, you will have to go back and add the new IP addresses):



MA Traffic:

Description	Transport Protocol	Host Name/ IP Address	Port
MicroAgent Data Collection	TCP/IP HTTPS (SSL)	66.45.78.93	443
MicroAgent Registration	TCP/IP HTTP(S)	66.45.78.81	443/80
File Server (same as MA Reg)	TCP/IP HTTP(S)	66.45.78.81	443/80
Real-time Management Server	TCP/IP HTTPS (SSL)	66.45.78.89	443
Systems Manager	HTTPS	manager.systemsmanagementondemand.com	443
Customer Service Center	HTTPS	go.systemsmanagementondemand.com	443
Network Monitor UI	HTTPS	netmon.systemsmanagementondemand.com	443
Web-based Remote Control	TCP/IP HTTP(S)	66.45.78.113	443/80
Web-based Remote Control	TCP/IP HTTP(S)	66.45.78.118	443/80
Microsoft Bulletins download	TCP/IP HTTP	*.windowsupdate.com	80
Monitor Collector/Poller Agents	TCP/IP HTTPS (SSL)	216.105.97.252	443

Note: see also KB 41