Firewall settings

Last updated
Save as PDF

Warning: To enable traffic inspection, ensure the CA certificate is publicly trusted.

Note: All the hosts/domains should be whitelisted/allowed in the outbound proxy.

Make sure to allow the following domains and HTTP(S) ports when you are using a firewall:

Domains	Port	Purpose
www.myshn.net	443	Updates the PoP status in Skyhigh CASB UI
www.myshn.eu	443	Updates the PoP status in Skyhigh CASB UI
index.docker.io	443	Docker hub container image library to pull an image and token authentication
registry-1.docker.io
auth.docker.io
production.cloudflare.docker.com
storage.googleapis.com	443	Storage that keeps information on the latest Kubernetes release
k8s.gcr.io	443	Main Kubernetes image-serving system that stores images
cdn.fwupd.org		Open-source daemon to manage the installation of firmware updates on the Linux systems
api.snapcraft.io	443	Snap daemon installation
canonical-lgw01.cdn.snapcraftcontent.com
canonical-bos01.cdn.snapcraftcontent.com
security.ubuntu.com	443	Download and install packages on the host (Ubuntu) as a part of connector deployment
azure.archive.ubuntu.com
packages.microsoft.com
changelogs.ubuntu.com
motd.ubuntu.com
iam.mcafee-cloud.com	443	Register token or get access for the user accounts from the IAM service
us-east.pa-wgcs.skyhigh.cloud	443	Create an OpenVPN tunnel with the Private Access Gateway
us-west.pa-wgcs.skyhigh.cloud
de.pa-wgcs.skyhigh.cloud
sg.pa-wgcs.skyhigh.cloud
gb.pa-wgcs.skyhigh.cloud
br.pa-wgcs.skyhigh.cloud
jp.pa-wgcs.skyhigh.cloud
hk.pa-wgcs.skyhigh.cloud
hk.pa-wgcs.skyhigh.cloud
fr.pa-wgcs.skyhigh.cloud
se.pa-wgcs.skyhigh.cloud
wgcs.skyhigh.cloud
wgcs.skyhigh.cloud	443, 8080	Endpoint for registering connector
cloudfront.cdn.snapcraftcontent.com	443
skyhighlinux.org	443	Skyhigh Centos
http://in.archive.ubuntu.com	80	On-prem Ubuntu
http://us-east-1.ec2.archive.ubuntu.com	80	AWS Ubuntu
https://dl.fedoraproject.org	443	On-prem RHEL
https://mirrors.fedoraproject.org	443	On-prem RHEL
iam.skyhigh.cloud	443