Just wondering if there are others out here that have internet access disabled for servers and are having trouble getting windows updates allowed. We are struggling with this and notice an inconsistent Automox experience because of this.
We have allowed almost every known URL of windows updates and the packages URL of Automox but just wondering how you are handling this.
Page 1 / 1
That is a great question. I’ve been gathering some tips/best practices. Take a look through these resources, and let me know if you have additional questions. I would love your feedback so I can improve the list. (Apologies for the formatting).
Agent Functionality and Communications
Environmental Considerations
EPP Application Control - Globally Trust-listing Automox
Tip: All managed systems will require access (and potential defined routing) to https://api.automox.com/* port 443
Tip: IP addresses for the API change often and dynamically. If an IP list is required by your organization, the following article provides a suggestion on how to identify the current IP list. Please ensure to keep firewall exceptions up to date:
Hey @Maikel, that is a good point. I think some of these links are delving into Windows 10 connection points in addition to Windows Updates. If that is the case, do these links help complete your list?
and for Office 365
i have used those articles but also dns sniffing tools to get to this set of url’s still it’s tricky if your firewall is not really application aware.
I totally agree. I once worked for a large enterprise in the physical security sector. They had hundreds of firewall segregations with their own policy sets. At that time, each policy change required its own change request. When we rolled out Office 365, the firewall rule implementation was a nightmare. Microsoft was changing the endpoints very often at that point as well… That still makes me shiver, haha.
In the end we allowed the following url’s to allow updating to work properly for Microsoft systems but also adobe updates.