cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prognosis UC Assessor Firewall requirements

TeamIR
Community Manager
Community Manager
‎01-29-2018 07:57 PM
‎01-29-2018 07:57 PM

Prognosis UC Assessor Firewall requirements

Prognosis UC Assessor needs the following ports open for the different scenarios for UC Assessor:

 

Prognosis agent                                      DNS & Outbound HTTPS - Port 443

Prognosis agent needs external DNS resolution and HTTPS over port 443 to connect to the Prognosis cloud, it uses the Web sockets protocol to allow bi-directional communication. This is needed for any assessment administration and for uploading assessment results to the UC Assessor cloud portal.

 

The Prognosis agent should be able to communicate through standard transparent HTTPS proxies.

 

To enable communication for explicit forward proxies, you may either configure the Prognosis agent to use the proxy (https://gethelp.prognosis.com/hc/en-us/articles/333757045796), or configure your firewall rules to allow outbound access.  The following guide can be used to configure Firewall rules to allow outbound access:

http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

 

The most up to date IP address list is available in the following location, you would need to include any subnet from the us-west-2 region which is where UC Assessor Cloud service is hosted:

https://ip-ranges.amazonaws.com/ip-ranges.json

 

The easiest Firewall rule to implement is based on source IP address of the Prognosis agent and the destination port of 443. You should disable any system proxy settings in IE to allow direct Firewall access to be made.

 

Site to cloud assessments                                                               ICMP

ICMP is needed to communicate to the Skype for Business online and Microsoft teams destinations.

To allow Firewall rules the following protocols and destinations need to be configured:

  • Skype for Business online - ICMP with the destination AnyCast IP address of 13.107.8.2
  • Microsoft teams - ICMP with destination AnyCast IP address of 13.107.8.22

 

Site to site assessments                                                                   UDP

UDP uses a default port range of 50,000-50,050 is needed for site to site assessments. A maximum of 50 tests can be run on a site to site agent, due to each assessment test allocating a unique port.

ICMP is used to be able to get traceroute information between the two servers, you will need this enabled between the two Prognosis agents if you want hop by hop visibility.

Tags (1)
0 Likes
Reply

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect