Skip to main content

Required Firewall Settings for the Huntress agents (port exclusion/allow list)

Alan Bishop
  • Updated

Team: Huntress EDR
Product: Your sites firewall, router, DNS, and/or content filtering platforms
Environment: Huntress Management Portal
Summary: Any firewall that restricts port 443 outbound will need to add these URL's to their exclusion / allow list in order for the Huntress agents to communicate securely with the Huntress.io portal. These are not static IP addresses or FQDNs but are set by AWS and should be added to your DNS and content filter tools. 

 

What are the IP addresses/ranges that should be allowed hosts to communicate with huntress.io?

We utilize a fully scalable infrastructure within the Amazon Web Services (AWS) platform paired with Cloudflare storage. In order to maintain redundant connectivity and allow for failover, there are no static IP addresses or FQDNs

If you restrict outbound traffic, you will need to allow outbound communication to the following over port 443:

  • *.huntress.io
  • *.huntresscdn.com
  • huntress-installers.s3.amazonaws.com
  • huntress-updates.s3.amazonaws.com
  • huntress-uploads.s3.us-west-2.amazonaws.com
  • huntress-user-uploads.s3.amazonaws.com
  • huntress-rio.s3.amazonaws.com
  • huntress-survey-results.s3.amazonaws.com
  • huntress-*.s3.amazonaws.com
  • notify.bugsnag.com (this is for our bug reporting software if an Agent has an issue communicating) (you may see it point to something like 6.205.186.35.bc.googleusercontent.com)

 

Normally covered by the wildcards above, but in the case where wildcards are not available you'll need:

  • update.huntress.io
  • huntress.io
  • eetee.huntress.io
  • eetee.huntresscdn.com
  • huntresscdn.com

 

It's quite rare but occasionally you might run into issues where Huntress is "taking" ownership of a listening port which might interfere with another program (usually a hosting/dev app like Visual Studio/IIS/etc). These high numerical-value port's are randomized, temporary, and uncontrollable.

Windows: You can verify which ports Huntress is currently using by running this PoSh cmd:

Get-NetTcpConnection | Select Local*,Remote*,State,@{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}} | Where-Object{$_.Process -eq "HuntressAgent"}

mceclip0.png

macOS: You can verify which ports Huntress is currently using by running this terminal cmd:

sudo lsof -i -P | grep "Huntress"

mceclip1.png

Comments

0 comments

Please sign in to leave a comment.

Related articles