Topics

Firewall Configuration

What you are going to learn:

Which ports must be opened in the firewall configurations
Why static IPs can't be whitelisted in the firewall
Why NTP synchronization is important

Inbound Firewall Configuration

If the Agent Mode is Private Server or Private Internet Server, the network performance monitoring packets (default port is 23999/UDP) and speed test packets (default port is 23999/TCP) must be forwarded from the firewall/router to the agent. A port forwarding rule is probably required on the firewall/router facing the agent.

Outbound Firewall Configuration

For the majority of customers, nothing is required to let the agent communicate with the Internet. However, for customers with strict outbound firewall rules, here is the list of ports and domains the agent needs to communicate with:

Port 53/UDP for DNS
Port 67/UDP for DHCP (Hardware & Virtual Appliance agents)
Port 80/TCP for HTTP
Port 123/UDP for NTP (Hardware & Virtual Appliance agents)
Port 161/UDP for SNMP (see Network Device Monitoring)
Port 443/TCP for HTTPS and OpenVPN
Port 23999/TCP for Speed Test
Port 23999/UDP for Network Performance Monitoring
ICMP (Echo & Time Exceeded) for Ping and Traceroute

Note: Port 23999 can be changed in the Advanced Parameters of the agents.

URL Filtering

If the firewall has URL filtering, the following domains must be allowed:

*.obkio.com (All agent types)
*.amazonaws.com (All agent types)
*.rollbar.com (All agent types)
*.balena-cloud.com (Hardware & Virtual Appliance agents)
*.docker.com (Hardware & Virtual Appliance agents)
*.docker.io (Hardware & Virtual Appliance agents)
*.debian.org (Hardware agents, Virtual Appliance agents and APM Web)

Fixed IPs to Authorize

All the Obkio Back-end systems are hosted at AWS and the IP addresses of our servers can change at any time. For that reason, it is not possible to publish a list of fixed IP to authorize by our customers.

Remote VPN Access

For the Hardware and Virtual Appliances, a remote VPN connection is established to let the Support Team access the appliances for troubleshooting and OS software upgrades. If the Support Team is not able to get access to the VPN, maybe the OpenVPN protocol is not enabled for port 443/TCP. This is the case when the firewall is configured to analyze the protocol and only let HTTPS traffic on port 443/TCP.

NTP Servers

If port 123/UDP is blocked, the date on the hardware and virtual appliances will draft over time. At some point, the agent might not be able to validate the SSL certificates used to communicate with the back-end systems. If the NTP port is blocked, the Support Team can change them on the appliances.

Features

Network Performance Monitoring

Network Monitoring Agent

Network Devices

Traceroutes

SD-WAN Monitoring

Internet Performance Monitoring

VoIP Monitoring

MPLS Monitoring

UC Monitoring

All Solutions

Packet Loss Monitoring

Latency Monitoring

Network Speed Monitoring

Mean Opinion Score Monitoring

Jitter Monitoring

Bandwidth Monitoring

Throughput Monitoring

QoS Monitoring

Network Audit

Continuous Monitoring

Network Troubleshooting

Obkio vs Other Solutions

Business

Educational

Personal

Testimonials

Case Studies

Managed Service Provider

Blog

Demo Video

White Papers

Videos

Screenshots

Documentation