Firewall Configuration
Inbound and Outbound Connections Explained
The Action1 agent is designed to establish connections exclusively to the Action1 cloud servers – it’s always the agent that initiates contact, never the other way around. As a result, you only need to set up outbound firewall rules. Despite this one-way initiation, data transfer can and does occur in both directions: from the agent to the server and back again.
When a connection is established, the agent simply waits for instructions from the server. These directions might be to execute a policy or gather data for a report. The server sends these instructions either when prompted by the user via the Action1 Console or according to a preset schedule. Think of it like an orchestra: the conductor (the server) gives instructions, and the musicians (the agents) wait for and follow these instructions. The musicians are always attentive to the conductor’s directions, not the other way around.
There is one exception to the outbound-only rule: when Action1 agents on the same local network want to exchange software package parts via peer-to-peer (P2P) sharing. In these cases, the agents will accept inbound connections from their peers. Although it’s not mandatory, we recommend setting up inbound LAN-only firewall rules to facilitate this type of exchange.
Firewall Rule Reference
Refer to this section for a complete description of ports and protocols that should be configured in your system. Create firewall rules to allow access to the following resources:
Region: North America
Resource
- 54.210.188.13
- 54.227.102.112
- 3.210.54.212
- 3.213.90.174
- 34.203.184.16
- 52.205.66.134
- 52.200.246.160
- 3.229.22.34
- 44.212.254.73
- 54.144.130.130
- 18.135.32.225
- 18.169.144.48
- 3.10.103.241
- 13.41.182.195
- 18.171.0.33
- 35.179.20.122
- 43.204.118.97
- 43.204.185.8
- 13.202.109.124
- 43.205.156.38
- 13.215.147.78
- 54.169.182.56
- 3.0.4.167
- 13.213.228.50
- 13.211.73.202
- 54.79.23.166
- 3.104.236.56
- 54.79.198.20
- 13.244.155.212
- 13.244.175.69
- 13.245.225.6
- 13.247.34.181
- 15.229.170.56
- 18.230.233.136
- 18.231.231.56
- 54.207.116.27
(LAN only)
- us.remote.app.action1.com
- af.remote.app.action1.com
- au.remote.app.action1.com
- ea.remote.app.action1.com
- eu.remote.app.action1.com
- me.remote.app.action1.com
- sa.remote.app.action1.com
Type
Port & Protocol
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
TLS 1.2 over TCP
6771 UDP
Required for
Components
Region: Europe
Resource
- 18.159.245.29
- 18.195.232.183
- 3.69.247.61
- 52.29.164.59
- 18.185.175.163
- 3.71.193.26
- 3.74.109.234
- 35.159.135.52
(LAN only)
- remote.eu.action1.com
Type
Port & Protocol
TLS 1.2 over TCP
TLS 1.2 over TCP
6771 UDP
Required for
Components
Region: Australia
Resource
- 13.238.191.59
- 13.55.204.40
- 3.104.0.1
- 3.105.163.243
- 13.238.126.63
- 3.105.27.166
- 52.63.120.112
- 54.253.145.16
(LAN only)
- remote.au.action1.com
Type
Port & Protocol
TLS 1.2 over TCP
TLS 1.2 over TCP
6771 UDP
Required for
Components
Note: * (asterisk sign) in DNS names means including all child subdomains, with multi-level nesting. For example, *.example.com would include example.com, child.example.com, grand.child.example.com, and all other possible subdomains.