Team: Huntress EDR
Product: Firewall, router, DNS, content filtering
Environment: Huntress Management Portal
Summary: Allowlist requirements need to be set on firewalls in order to access and communicate with the Huntress.IO portal. These are not static IP addresses/FQDNs but are set by AWS and should be added to your DNS and content filter tools.
What are the IP addresses/ranges that should be allowed hosts to communicate with huntress.io?
Starting in June of 2022 we've added a new domain to our list to support our infrastructure growth. In addition to the URLs below, please add *.huntresscdn.com to your DNS/Content filters
We utilize a fully scalable infrastructure within the Amazon Web Services (AWS) platform paired with Cloudflare storage. In order to maintain redundant connectivity and allow for failover, there are no static IP addresses/FQDNs.
If you restrict outbound traffic, you will need to allow outbound communication to the following over port 443:
- *.huntress.io
- *.huntresscdn.com
- huntress-installers.s3.amazonaws.com
- huntress-updates.s3.amazonaws.com
- huntress-uploads.s3.us-west-2.amazonaws.com
- huntress-user-uploads.s3.amazonaws.com
- huntress-rio.s3.amazonaws.com
- huntress-survey-results.s3.amazonaws.com
- huntress-*.s3.amazonaws.com
-
notify.bugsnag.com (this is for our bug reporting software if an Agent has an issue communicating) (you may see it point to something like
6.205.186.35.bc.googleusercontent.com
)
Normally covered by the wildcards above, but in the case where wildcards are not available you'll need:
- update.huntress.io
- huntress.io
- eetee.huntress.io
- eetee.huntresscdn.com
- huntresscdn.com
It's quite rare but occasionally you might run into issues where Huntress is "taking" ownership of a listening port which might interfere with another program (usually a hosting/dev app like Visual Studio/IIS/etc). These high numerical-value port's are randomized, temporary, and uncontrollable.
Windows: You can verify which ports Huntress is currently using by running this PoSh cmd:
Get-NetTcpConnection | Select Local*,Remote*,State,@{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}} | Where-Object{$_.Process -eq "HuntressAgent"}
macOS: You can verify which ports Huntress is currently using by running this terminal cmd:
sudo lsof -i -P | grep "Huntress"
Comments
0 comments
Please sign in to leave a comment.