Action1 5 Documentation 5 Firewall Configuration

Inbound and Outbound Connections Explained

The Action1 agent is designed to establish connections exclusively to the Action1 cloud servers – it’s always the agent that initiates contact, never the other way around. As a result, you only need to set up outbound firewall rules. Despite this one-way initiation, data transfer can and does occur in both directions: from the agent to the server and back again.

When a connection is established, the agent simply waits for instructions from the server. These directions might be to execute a policy or gather data for a report. The server sends these instructions either when prompted by the user via the Action1 Console or according to a preset schedule. Think of it like an orchestra: the conductor (the server) gives instructions, and the musicians (the agents) wait for and follow these instructions. The musicians are always attentive to the conductor’s directions, not the other way around.

There is one exception to the outbound-only rule: when Action1 agents on the same local network want to exchange software package parts via peer-to-peer (P2P) sharing. In these cases, the agents will accept inbound connections from their peers. Although it’s not mandatory, we recommend setting up inbound LAN-only firewall rules to facilitate this type of exchange.

Firewall Rule Reference

Refer to this section for a complete description of ports and protocols that should be configured in your system. Create firewall rules to allow access to the following resources:

Resource

Action1 servers (server.action1.com):
  • 54.210.188.13
  • 54.227.102.112
  • 3.210.54.212
  • 3.213.90.174
Action1 servers in North America (Remote Desktop):
  • 34.203.184.16
  • 52.205.66.134
  • 52.200.246.160
Action1 servers in Europe (Remote Desktop):
  • 18.135.32.225
  • 18.169.144.48
  • 3.10.103.241
Action1 servers in Middle East (Remote Desktop):
  • 43.204.118.97
  • 43.204.185.8
Action1 servers in East Asia (Remote Desktop):
  • 13.215.147.78
  • 54.169.182.56
Action1 servers in Australia (Remote Desktop):
  • 13.211.73.202
  • 54.79.23.166
Action1 servers in Africa (Remote Desktop):
  • 13.244.155.212
  • 13.244.175.69
Managed endpoints
(LAN only)
a1-backend-packages.s3.amazonaws.com
*.windowsupdate.com
*.mp.microsoft.com
emdl.ws.microsoft.com
*.update.microsoft.com

Type

Outbound
Outbound
Outbound
Outbound
Outbound
Outbound
Outbound
Inbound
Outbound
Outbound
Outbound
Outbound
Outbound

Port & Protocol

22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22543 TCP,
TLS 1.2 over TCP
22551 TCP/UDP,
6771 UDP,
BT over TCP
443 HTTPS
TCP, proprietary by Microsoft
HTTPS/TLS 1.2
HTTP
HTTPS/TLS 1.2

Required for

(Required) Connection to Action1 Cloud.
(Required - only for North America) Connection to Action1 Cloud. For your convenience, these servers are located in the North America operational region and ensure faster routing and processing of your requests.
(Required - only for Europe) Connection to Action1 Cloud. For your convenience, these servers are located in the Europe operational region and ensure faster routing and processing of your requests.
(Required - only for Middle East) Connection to Action1 Cloud. For your convenience, these servers are located in the Middle East operational region and ensure faster routing and processing of your requests.
(Required - only for East Asia) Connection to Action1 Cloud. For your convenience, these servers are located in the East Asia operational region and ensure faster routing and processing of your requests.
(Required - only for Australia) Connection to Action1 Cloud. For your convenience, these servers are located in the Australia operational region and ensure faster routing and processing of your requests.
(Required - only for Africa) Connection to Action1 Cloud. For your convenience, these servers are located in the Africa operational region and ensure faster routing and processing of your requests.
(Recommended) Exchanging pieces of downloaded apps (P2P file sharing) that helps minimize the external bandwidth usage. The port should be open locally on managed endpoints to allow connections between agents in the local network. If the inbound communication between agents on the local network is not allowed, the agents will not be exchanging downloaded app pieces locally and always download in full from the cloud.
Deploying apps and 3rd party patch management.
Windows Update management.
Windows Update management.
Windows Update management.
Windows Update management.

Components

Agents, Deployer
Agents
Agents
Agents
Agents
Agents
Agents
Agents
Agents
Agents
Agents
Agents
Agents

Note: * (asterisk sign) in DNS names means including all child subdomains, with multi-level nesting. For example,  *.example.com would include example.com, child.example.com, grand.child.example.com, and all other possible subdomains.