Take Control Port Access requirements
The ports identified below must be accessible for Take Control remote control connections and all Agents must have internet access.
If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the viewer.
macOS uses TCP Mode only.
- HTTP (TCP 80)
- HTTPS (TCP 443)
No SSL inspection on TCP 443 for traffic regarding the necessary domains.
Take Control validates the HTTPS certificates when communicating with our web servers. If the firewall/proxy intercepts this traffic through a transparent proxy and encrypts it again with the firewall/proxy's certificate, it will fail and an exception for our domains is required.
- .swi-tc.com - mandatory for using Password Secrets Vaults and accessing the Admin Area
- swi-rc.cdn-sw.net (necessary for update downloads)
Additional notes for Firewalls/Proxies
All Agents require internet access.
Take Control validates HTTPS certificates when communicating with web servers. If the firewall/proxy's certificate fails, create an exception for the domain: *.mspa.n-able.com.
Some firewalls will interpret non-HTTPS traffic on 443 as malicious, as a result any protocol fingerprinting should be excluded for the following domains:
- Add components to AV exclusion list (only necessary if being actively blocked by AV)
- Applet: BASupApp.exe and BASupSrvc.exe
- Agent: BASupSrvcCnfg.exe and BASupTSHelper.exe
If you are unable to access devices on the Technician Side of the remote connection, you also should exclude:
If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the Viewer.
When using Take Control, the N-able N-central server must be able to resolve the following domain names:
These ports are valid for the technician and also for the end user receiving support.
What do you want to do?