Network communications requirements
This article describes the network communications requirements for Take Control.
These requirements apply to both technician and end-user devices.
IP addresses are dynamic and change frequently, which make static lists unreliable. Gateway IP addresses used during remote sessions are negotiated at session setup and are determined by the geographic location of both the session host and the session recipient, and on current network conditions.
Ports
macOS uses TCP Mode only.
- TCP 443: Outbound. Required for HTTPS connectivity.
- TCP 3377: Outbound. Fail-over port when 443 is not accessible.
Domains
Ensure no SSL inspection is enabled on TCP 443 traffic to these domains.
*.beanywhere.com*.mspa.n-able.com*.swi-rc.com*.swi-tc.com(mandatory for using Password Secrets Vaults and accessing the Admin Area)swi-rc.cdn-sw.net(necessary for update downloads)
Firewalls/Proxies
Take Control validates the HTTPS certificates when it communicates with N-able web servers.
A firewall or proxy using a transparent proxy to intercept this traffic and re-encrypt it with its own certificate causes the connection to fail. You must add exceptions for Take Control’s domains to prevent this failure.
Some firewalls interpret non-HTTPS traffic on port 443 as malicious. Protocol fingerprinting should be excluded for the following domains:
*.beanywhere.com*.mspa.n-able.com*.swi-tc.com
Where TCP port forwarding is enabled, the port must be open at the device's firewall and be accessible by the Remote viewer.
N-central on-premise server
When using Take Control with N-able N-central on-premise server, the server must be able to resolve the following domain names:
*.mspa.n-able.comsis.n-able.com
Related articles