N-able N-central/Take Control N-able Firewall Ports and Domain (Integrations in N-able N-central and N-able RMM)

Last Modified

Tue Feb 25 17:46 GMT 2020

Description

  • What are the Ports and Domain required for N-able N-central's Take Control and the N-able RMM Take Control Take Control to install and function without issues.

Environment

  • N-able N-central:
    • Take Control.
  • N-able RMM:
    • Take Control.

Solution

  • In order for the N-able RMM Take Control and N-able RMM Take Control Engine to work properly, Outbound protocols and ports must be configured as follows:
    • There are two options to do this, but only one should be applied:
      • Option 1:
        • TCP 80
        • TCP 443
      • Mandatory Domain Exclusion:
        • *.n-able.com
        • swi-rc.cdn-sw.net (Necessary for update downloads)
      • Option 2: TCP 3377, ensuring that there isn't any SSL inspection active for this same port
        • This is valid for the technician and also for the end user who receives the support.
  • Take Control also allows for optional UDP traffic, which is used to establish P2P connections between the Viewer and the Agent, this reaches out to hosts under the aforementioned domains but initially makes use of ports 1234 and 1235 (to test if a UDP connection is possible) and then, if possible, connects via a randomly available port.
  • This is valid for the technician and also for the end user who receives the support.
  • Additional notes for Firewalls/Proxies:
    • The Agents should be able to reach the internet.
    • No HTTPS snooping should be done on SSL (TCP 443 and 3377).
    • We validate the HTTPS certificates when communicating with our web servers.
    • If the firewall/proxy is intercepting this traffic through a transparent proxy and encrypting it again with the firewall/proxy's certificate it is going to fail:
      • Create an exception for our domain *.n-able.com.
      • Any protocol fingerprinting (some firewalls will interpret non-HTTPS traffic on 443 as malicious), should be excluded for our domain *.n-able.com.