Skip to main content

Required Allowlist and Firewall Settings for Huntress.io

Alan Bishop
  • Updated

Team: Huntress EDR
Product: Firewall, router, DNS, content filtering
Environment: Huntress Management Portal
Summary: Allowlist requirements need to be set on firewalls in order to access and communicate with the Huntress.IO portal. These are not static IP addresses/FQDNs but are set by AWS and should be added to your DNS and content filter tools. 

What are the IP addresses/ranges that should be allowed hosts to communicate with huntress.io?

 

Starting in June of 2022 we've added a new domain to our list to support our infrastructure growth. In addition to the URLs below, please add *.huntresscdn.com to your DNS/Content filters

We utilize a fully scalable infrastructure within the Amazon Web Services (AWS) platform paired with Cloudflare storage. In order to maintain redundant connectivity and allow for failover, there are no static IP addresses/FQDNs

If you restrict outbound traffic, you will need to allow outbound communication to the following over port 443:

  • *.huntress.io
  • *.huntresscdn.com
  • huntress-installers.s3.amazonaws.com
  • huntress-updates.s3.amazonaws.com
  • huntress-uploads.s3.us-west-2.amazonaws.com
  • huntress-user-uploads.s3.amazonaws.com
  • huntress-rio.s3.amazonaws.com
  • huntress-survey-results.s3.amazonaws.com
  • huntress-*.s3.amazonaws.com
  • notify.bugsnag.com (this is for our bug reporting software if an Agent has an issue communicating) (you may see it point to something like 6.205.186.35.bc.googleusercontent.com)

 

Normally covered by the wildcards above, but in the case where wildcards are not available you'll need:

  • update.huntress.io
  • huntress.io
  • eetee.huntress.io
  • eetee.huntresscdn.com
  • huntresscdn.com

 

It's quite rare but occasionally you might run into issues where Huntress is "taking" ownership of a listening port which might interfere with another program (usually a hosting/dev app like Visual Studio/IIS/etc). These high numerical-value port's are randomized, temporary, and uncontrollable.

Windows: You can verify which ports Huntress is currently using by running this PoSh cmd:

Get-NetTcpConnection | Select Local*,Remote*,State,@{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}} | Where-Object{$_.Process -eq "HuntressAgent"}

mceclip0.png

macOS: You can verify which ports Huntress is currently using by running this terminal cmd:

sudo lsof -i -P | grep "Huntress"

mceclip1.png

Comments

0 comments

Please sign in to leave a comment.

Related articles