Firewall settings
Warning: To enable traffic inspection, ensure the CA certificate is publicly trusted.
Note: All the hosts/domains should be whitelisted/allowed in the outbound proxy.
Make sure to allow the following domains and HTTP(S) ports when you are using a firewall:
Domains | Port | Purpose |
---|---|---|
www.myshn.net | 443 | Updates the PoP status in Skyhigh CASB UI |
www.myshn.eu | 443 | Updates the PoP status in Skyhigh CASB UI |
index.docker.io | 443 | Docker hub container image library to pull an image and token authentication |
registry-1.docker.io | ||
auth.docker.io | ||
production.cloudflare.docker.com | ||
storage.googleapis.com | 443 | Storage that keeps information on the latest Kubernetes release |
k8s.gcr.io | 443 | Main Kubernetes image-serving system that stores images |
cdn.fwupd.org | Open-source daemon to manage the installation of firmware updates on the Linux systems | |
api.snapcraft.io | 443 | Snap daemon installation |
canonical-lgw01.cdn.snapcraftcontent.com | ||
canonical-bos01.cdn.snapcraftcontent.com | ||
security.ubuntu.com | 443 | Download and install packages on the host (Ubuntu) as a part of connector deployment |
azure.archive.ubuntu.com | ||
packages.microsoft.com | ||
changelogs.ubuntu.com | ||
motd.ubuntu.com | ||
iam.mcafee-cloud.com | 443 | Register token or get access for the user accounts from the IAM service |
us-east.pa-wgcs.skyhigh.cloud | 443 | Create an OpenVPN tunnel with the Private Access Gateway |
us-west.pa-wgcs.skyhigh.cloud | ||
de.pa-wgcs.skyhigh.cloud | ||
sg.pa-wgcs.skyhigh.cloud | ||
gb.pa-wgcs.skyhigh.cloud | ||
br.pa-wgcs.skyhigh.cloud | ||
jp.pa-wgcs.skyhigh.cloud | ||
hk.pa-wgcs.skyhigh.cloud | ||
fr.pa-wgcs.skyhigh.cloud | ||
se.pa-wgcs.skyhigh.cloud | ||
wgcs.skyhigh.cloud | ||
443, 8080 | Endpoint for registering connector | |
cloudfront.cdn.snapcraftcontent.com | 443 | |
skyhighlinux.org | 443 | Skyhigh Centos |
http://in.archive.ubuntu.com | 80 | On-prem Ubuntu |
http://us-east-1.ec2.archive.ubuntu.com | 80 | AWS Ubuntu |
https://dl.fedoraproject.org | 443 | On-prem RHEL |
https://mirrors.fedoraproject.org | 443 | On-prem RHEL |
iam.skyhigh.cloud | 443 |