1. Home
  2. Getting Started
  3. Firewall Requirements for OmniCenter
  1. Home
  2. Administrator Reference
  3. Firewall Requirements for OmniCenter

Firewall Requirements for OmniCenter

OmniCenter can operate without Internet access, however, licensing, software updates, and remote support are greatly simplified with some basic Internet access.

Here are the firewall configuration requirements to get OmniCenter’s online components working correctly.

For remote technical support

OmniCenter’s “Remote Support VPN” functionality allows it to connect to a secure network that allows our support engineers to get remote access to the OmniCenter appliance.

Allow:

Destination charon.netreo.net

  • Port UDP/1194 -or-
  • Port TCP/443

Application-aware firewalls will need to configure this as SSL/TLS and OpenVPN.

For automatic license updates

OmniCenter can automatically update its license over the Internet, so manually renewing a license is not required.

This access is required for customers using a monthly service agreement.

Allow:

  • Destination activation.netreo.com:443

Application-aware firewalls will need to configure this as SSL/TLS or HTTPS.

For software updates

OmniCenter allows you to perform online software updates to receive the latest patches and fixes.

Allow:

  • Destination updates.netreo.com:443

For mobile and cloud features

These features include use of the OmniCenter Mobile application as well as the ability to initiate cloud-based remote web performance monitoring.

Netreo uses a variety of dynamic technologies to route and assign users to the best or closest cloud-hosted server, so it is not possible to restrict access to a specific group of IP addresses.

To make full use of cloud features, Netreo recommends allowing outbound access to OmniCenter for all SSL/TLS or HTTPS on port 443.

If your firewall allows you to restrict access by domain name, you can use the following destinations:

  • Destination rr.api.netreo.com:443 – for any communication to or from an OmniCenter for remote WebART, or to or from a reflector in the cloud.
  • Destination rr.netreo.com:443 – for any communication to or from an OmniCenter for remote WebART, or to or from a reflector in the cloud.
  • Destination *.rr.netreo.com:443 – for any communication to or from an OmniCenter for remote WebART, or to or from a reflector in the cloud.
  • Destination incident.api.netreo.com:443 – for all communication from OmniCenter to the cloud for publishing incidents.
  • Destination heartbeat.api.netreo.com:443 – for all heartbeat messages from OmniCenter to the cloud.
  • Destination *.api.netreo.com:443 – for accessing the Netreo cloud libraries.
  • Destination mobile.api.netreo.com:443 – for primary communication to or from a mobile device.
  • Destination vpn.api.netreo.com:443 – for providing live data to mobile devices. (Application-aware firewalls must specifically be opened for “OpenVPN”—which is not SSL-only traffic, but does use port 443.)

For high availability cluster communication

Only required if using an OmniCenter HA cluster.

  • Port: TCP/443
  • Port: TCP/4567
  • Port: TCP/4568
  • Port: TCP/4444
  • Port: TCP/48100

For geocoding and time zone information

Used by the OmniCenter site and geographic map features.

  • api.geonames.org – time zone
  • dev.virtualearth.net – geocoding

To send email alerts

OmniCenter is generally configured to send alerts via email. Our best practice recommendation is to allow OmniCenter to communicate outbound to the Internet on port TCP/25—as this allows direct connections to smartphone gateways that you want to receive alerts.

If that access is not possible, you can relay SMTP mail through an internal server, however this creates a single point of failure for alerts if that relay host stops responding, so we recommend this configuration only as a last resort or for testing purposes.

Updated on September 26, 2019

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support

Leave a Reply