Take Control Port Access requirements

The ports identified below must be accessible for Take Control remote control connections and all Agents must have internet access.

If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the viewer.

macOS uses TCP Mode only.

Ports

  • HTTP (TCP 80)
  • HTTPS (TCP 443)

No SSL inspection on TCP 443 for traffic regarding the necessary domains.

Take Control validates the HTTPS certificates when communicating with our web servers. If the firewall/proxy intercepts this traffic through a transparent proxy and encrypts it again with the firewall/proxy's certificate, it will fail and an exception for our domains is required.

Domains

Additional notes for Firewalls/Proxies

All Agents require internet access.

Take Control validates HTTPS certificates when communicating with web servers. If the firewall/proxy's certificate fails, create an exception for the domain: *.mspa.n-able.com.

  • Some firewalls will interpret non-HTTPS traffic on 443 as malicious, as a result any protocol fingerprinting should be excluded for the following domains:

    • *.mspa.n-able.com
    • *.beanywhere.com
    • *.swi-tc.com
  • Add components to AV exclusion list (only necessary if being actively blocked by AV)
    • Applet: BASupApp.exe and BASupSrvc.exe
    • Agent: BASupSrvcCnfg.exe and BASupTSHelper.exe
  • If you are unable to access devices on the Technician Side of the remote connection, you also should exclude:

    • BASEClient.exe

If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the Viewer.

When using Take Control, the N-able N-central server must be able to resolve the following domain names:

  • *.mspa.n-able.com
  • sis.n-able.com

These ports are valid for the technician and also for the end user receiving support.

What do you want to do?