Support Portal

Full list of outbound connectivity requirements

In addition to the more minimal connectivity requirements for initial installation detailed here, there is a more complete list of connectivity requirements during normal operation, depending on optional product features that are selected. If certain connectivity is not enabled outbound, the failure will be graceful and only affect that particular service, option or monitoring check. Many organisations will choose to satisfy all of the requirements below by simply enabling TCP port 80 and 443 outbound from the WAN IP of the server.

 

Public DNS (if using a public forwarder)

  • TCP 53 and UDP 53 to public DNS Server IPs (eg. 8.8.8.8 and 8.8.4.4)

Gateway Control Console

  • TCP 80, 443 and 22 to updates.untangle.com (52.55.27.152) (core updates and license activation)
  • TCP 80 and 443 to cmd.untangle.com (remote updates)
  • TCP 443 to ids.untangle.com (Snort IDS rules)
  • TCP 80 to bd.untangle.com (BitDefender rules)
  • TCP 80 to www.sanesecurity.net, rsync.sanesecurity.net, www.malwarepatrol.net, database.clamav.net and clamav.securiteinfo.com (ClamAV virus definitions)

Cloud Backup (Azure)

  • TCP 443 to Azure storage IPs in the same region as the server (see here)

Cloud Backup (Amazon)

  • TCP 443 to Amazon S3 IPs in the same region as the server (see here)

Windows License Activation

  • TCP 80 and 443 to Microsoft Windows Activation Service IPs (see here)

Windows Update

  • TCP 80 and 443 to Microsoft Windows Update IPs (see here)

WAN and Public IP Monitoring

  • TCP 80 to bbc.co.uk, google.com, microsoft.com or yahoo.com
  • TCP 80 to checkip.dyndns.org

Gateway Antivirus Monitoring Check

  • TCP 80 to eicar.org

 

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request