This article comprises a list with the required Firewall settings for the AteraAgent and the integrated add on's including Acronis, Webroot, Splashtop etc.
Allow outbound traffic over port 443 (TCP) in the Anti-Virus, Firewall and Proxy server.
List of servers that the agent is communicating with:
Security Software Whitelisting:
- Anti-Virus - Add Atera's application into the Antivirus whitelist. C:\Program Files\Atera Networks
- Firewall - In some networks https traffic is blocked. Make sure to add a rule to allow https traffic from LAN to WAN (Atera address: agent-api.atera.com).
- Proxy - Proxy / Web-filtering is very common and can also be an obstacle to stable agent behavior. Make sure to permit outbound traffic (443) and file extensions; ZIP & EXE from our website (Atera address: agent-api.atera.com).
- Geo-blocking - As an example, SonicWall routers are well known for their Geo-Blocking features.
- Permit content traffic in addition to TCP (443 ) traffic
- Ensure these ports are open: 443 including non-ssl traffic, 6783, 6784, and 6785
- Splashtop uses Amazon Web Servers (AWS) so please allow the following Amazon Web Servers:
- *.api.splashtop.com (represents wildcard)
- *.relay.splashtop.com (represents wildcard)
For more information, click here.
Our cloud server has two sub-nets:
And cloud.atera.com. Also, ensure that you are allowing outbound communication via ports 5000 and 443.
- TCP ports 443 and 8443 for accessing the Cyber Protection console, registering the agents, downloading the certificates, user authorization, and downloading files from the cloud storage.
- TCP ports 5905, 7770...7800 for communication between components
- TCP port 9850 for command line (acrocmd, acropsh) commands
- TCP ports 445 and 25001 for remote installation
- TCP ports 443 and 902 to access the vCenter Server and ESX(i) hosts
- TCP port 44445 for data transfer during backup and recovery
- TCP ports 443, 44445, and 55556 for backup to cloud
- TCP port 6109 for Active Protection
Please open ports 443 and 80 for the below URLs:
Agent communication and updates
Management portal and support ticket logs upload
Agent file downloading and uploading
WSAWebFilteringPortal.elasticbeanstalk.com (elasticbeanstalk is an Amazon AWS domain)
NOTE: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com). In these cases, you will need to use *.p4.webrootcloudav.com or *.*.webrootcloudav.com.
- Allow Windows Management Instrumentation (WMI) service to operate through Windows
Firewall. You can use the following command:
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
- Allow ICMP (Internet Control Message Protocol) to operate through Windows Firewall. You can use this command:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
- Check that the following services are running and Startup Type is set to Automatic:
sc query RPCSS
sc query Winmgmt
sc query RemoteRegistry
sc query wuauserv
You can check more details on the optimal network settings here.
Port 443 TCP is required for the cloud instance. For on-premises installations, ports 8040 and 8041 need to be open:
|ScreenConnect Web Server||8040||TCP|
More details here.
In order for TeamViewer to work properly, access to all TeamViewer servers has to be possible. The easiest way to achieve this is to open port 5938 (TCP) for outbound connections to any IP address. You can also add *.teamviewer.com to the whitelist.
If TeamViewer can’t connect over port 5938 (primary port), it will next try to connect over TCP port 443 or TCP port 80.
More details can be found here.