Platform Firewall Allowlisting Rules

Refer to this document for a list of addresses to optimize Automox platform functionality as well as addresses needed to patch Microsoft OS versions from Windows update.

Regarding Ad Blockers - We recommended disabling ad blockers (such as uBlock Origin) for the Automox Console, as ad blockers can adversely impact the functionality of the product.

Network and firewall requirements for running the Automox platform

If your organization has egress filtering on the firewall, you will need to allow access to the following hostnames / IP addresses for the Automox platform to communicate with the cloud platform. All platform communications take place over port 443 (https).

  • Note: The platform-IP addresses are subject to change. Add the hostnames to your list of trusted sites, if possible, or regularly check for the latest IPs assigned to the platform.
  • SSL Inspection / MiTM Bypass Required SSL inspection (also known as TLS interception or MiTM proxy analysis) must be bypassed for all agent traffic. These mechanisms break mutual TLS (mTLS) certificate authentication by replacing the agent's client certificate during the handshake, causing authentication failures. Ensure your firewall or proxy is configured to exempt endpoints running the Automox agent from SSL inspection policies.

ClosedRecommended approach using URL

ClosedAdditional Recommendations for Automox Remote Control with Splashtop

ClosedAdditional Recommendations for Analytics

  • Alternative approach using IP addresses:
    • Check for current IP addresses by running the following command: nslookup api.automox.com

ClosedRecommended Approach Using Specific URLs

In addition to the URLs shown above, the following URLs should be added to your allowlist, particularly if your firewall does not support the use of wildcards:

Automox Platform and Splashtop Static IP List

We offer static IPs for customers who need to allowlist according to specific IP addresses. As our platform IP addresses are subject to change, please refer to our Static IP List. This file is updated as needed.

Proxy and Firewall Considerations

Windows

See Windows Update troubleshooting: Issues related to HTTP/Proxy

You might choose to apply a rule to permit HTTP RANGE requests for the following URLs:

*.download.windowsupdate.com

*.dl.delivery.mp.microsoft.com

*.delivery.mp.microsoft.com

ClosedFirewall

See Windows Update troubleshooting: Device cannot access update files


Note:
  • Make sure to not use HTTPS for those endpoints that specify HTTP, and vice-versa. The connection will fail.
  • When leveraging split-tunneling with a VPN, make sure to include these endpoints in your list of sites with direct access to the internet.

The Automox Agent Notifier must be added to the Windows Defender Firewall Allowed Applications.

Microsoft Windows 11 Connection Points

Microsoft provides a complete list of connection points per Windows 11 feature version. Here is a link to the connection point document for Windows 11 Enterprise (refer to the links on the left for other feature versions).

Connection Endpoints for Windows 11 Enterprise - Windows Privacy

macOS

See Use Apple products on enterprise networks.