Prognosis UC Assessor needs the following ports open for the different scenarios for UC Assessor:
Prognosis agent DNS & Outbound HTTPS - Port 443
Prognosis agent needs external DNS resolution and HTTPS over port 443 to connect to the Prognosis cloud, it uses the Web sockets protocol to allow bi-directional communication. This is needed for any assessment administration and for uploading assessment results to the UC Assessor cloud portal.
The Prognosis agent should be able to communicate through standard transparent HTTPS proxies.
To enable communication for explicit forward proxies, you may either configure the Prognosis agent to use the proxy (https://gethelp.prognosis.com/hc/en-us/articles/333757045796), or configure your firewall rules to allow outbound access. The following guide can be used to configure Firewall rules to allow outbound access:
The most up to date IP address list is available in the following location, you would need to include any subnet from the us-west-2 region which is where UC Assessor Cloud service is hosted:
The easiest Firewall rule to implement is based on source IP address of the Prognosis agent and the destination port of 443. You should disable any system proxy settings in IE to allow direct Firewall access to be made.
Site to cloud assessments ICMP
ICMP is needed to communicate to the Skype for Business online and Microsoft teams destinations.
To allow Firewall rules the following protocols and destinations need to be configured:
Site to site assessments UDP
UDP uses a default port range of 50,000-50,050 is needed for site to site assessments. A maximum of 50 tests can be run on a site to site agent, due to each assessment test allocating a unique port.
ICMP is used to be able to get traceroute information between the two servers, you will need this enabled between the two Prognosis agents if you want hop by hop visibility.