Take Control Port Access requirements

The ports identified below must be accessible for Take Control remote control connections and all Agents must have internet access.

If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the viewer.

macOS uses TCP Mode only.

Ports

• HTTP (TCP 80) - Outbound - Required for HTTP connectivity
• HTTPS (TCP 443) - Outbound - Required for HTTP connectivity

• UDP 1234 - Bidirectional - Required for P2P connections
• UDP 1235 - Bidirectional - Required for P2P connections
• TCP 3377 - Outbound - Fail-over port when 443 is not accessible

No SSL inspection on TCP 443 for traffic regarding the necessary domains.

Take Control validates the HTTPS certificates when communicating with our web servers. If the firewall/proxy intercepts this traffic through a transparent proxy and encrypts it again with the firewall/proxy's certificate, it will fail and an exception for our domains is required.

Domains

• *.beanywhere.com
• *.mspa.n-able.com
• *.swi-rc.com
• *.swi-tc.com - mandatory for using Password Secrets Vaults and accessing the Admin Area
• swi-rc.cdn-sw.net (necessary for update downloads)

Additional notes for Firewalls/Proxies

All Agents require internet access.

Take Control validates HTTPS certificates when communicating with web servers. If the firewall/proxy's certificate fails, create an exception for the domain: *.mspa.n-able.com.

• Some firewalls will interpret non-HTTPS traffic on 443 as malicious, as a result any protocol fingerprinting should be excluded for the following domains:

  • *.mspa.n-able.com
  • *.beanywhere.com
  • *.swi-tc.com

• Add components to AV exclusion list (only necessary if being actively blocked by AV)
  • Applet: BASupApp.exe and BASupSrvc.exe
  • Agent: BASupSrvcCnfg.exe and BASupTSHelper.exe

• If you are unable to access devices on the Technician Side of the remote connection, you also should exclude:

  • BASEClient.exe

If the agent has a direct TCP port configured, the same port must be open at the agent's firewall and be accessible by the Viewer.

When using Take Control, the N-able N-central server must be able to resolve the following domain names:

• *.mspa.n-able.com
• sis.n-able.com

These ports are valid for the technician and also for the end user receiving support.

What do you want to do?

• Getting started with Take Control
• Provide assistance to your customers