cancel
Showing results for 
Search instead for 
Did you mean: 

Prognosis UC Assessor Firewall requirements

Community Manager

Prognosis UC Assessor Firewall requirements

Prognosis UC Assessor needs the following ports open for the different scenarios for UC Assessor:

 

Prognosis agent                                      DNS & Outbound HTTPS - Port 443

Prognosis agent needs external DNS resolution and HTTPS over port 443 to connect to the Prognosis cloud, it uses the Web sockets protocol to allow bi-directional communication. This is needed for any assessment administration and for uploading assessment results to the UC Assessor cloud portal.

 

The Prognosis agent should be able to communicate through standard transparent HTTPS proxies.

 

To enable communication for explicit forward proxies, you may either configure the Prognosis agent to use the proxy (https://gethelp.prognosis.com/hc/en-us/articles/333757045796), or configure your firewall rules to allow outbound access.  The following guide can be used to configure Firewall rules to allow outbound access:

http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html

 

The most up to date IP address list is available in the following location, you would need to include any subnet from the us-west-2 region which is where UC Assessor Cloud service is hosted:

https://ip-ranges.amazonaws.com/ip-ranges.json

 

The easiest Firewall rule to implement is based on source IP address of the Prognosis agent and the destination port of 443. You should disable any system proxy settings in IE to allow direct Firewall access to be made.

 

Site to cloud assessments                                                               ICMP

ICMP is needed to communicate to the Skype for Business online and Microsoft teams destinations.

To allow Firewall rules the following protocols and destinations need to be configured:

  • Skype for Business online - ICMP with the destination AnyCast IP address of 13.107.8.2
  • Microsoft teams - ICMP with destination AnyCast IP address of 13.107.8.22

 

Site to site assessments                                                                   UDP

UDP uses a default port range of 50,000-50,050 is needed for site to site assessments. A maximum of 50 tests can be run on a site to site agent, due to each assessment test allocating a unique port.

ICMP is used to be able to get traceroute information between the two servers, you will need this enabled between the two Prognosis agents if you want hop by hop visibility.

Blog: Path Insight key 11.5 release highlights

The latest version of Path Insight is now available together as part of the Prognosis 11.5 release, and contains a lot of exciting updates that can be used for deeper dive network troubleshooting. In this blog post we cover some of the key highlights in the latest version of Path Insight.

Read blog
Top Liked Members