Avoiding Firewall Issues in Nx Witness VMS (and other Powered-by-Nx Products)
Nx Witness VMS (and other Powered-by-Nx products) will generate Internet traffic if/when any Server in a System is connected to the Internet.
To guarantee connectivity to Nx cloud-based services you may need to add Nx Witness-related endpoints to your Firewall Pass List.
To learn more about the types of Internet traffic Nx Witness will generate check out the article What Internet traffic will Nx Witness System generate?
Below are the settings we recommend for your Firewall Pass List to avoid any interruptions in Internet-based services associated with Nx Witness VMS.
At the bottom of this article, you will find a python script we created to help diagnose connection issues with Nx services. Run them on the affected devices to see which services your firewall is blocking.
Firewall Pass List
Note: When configuring your Firewall make sure to use FQDN format in order to add specific services to the pass list as some of the endpoints do not resolve to static IP addresses.
For Nx Cloud Portal and Cloud DB:
Required to connect/disconnect Systems from Nx Cloud and maintain connections.
your-cloud-address.com (e.g. https://nxvms.com)
TCP - ports: 80, 443
For Nx Cloud Connect (NAT Traversal, Data Proxy services)
Required to connect to Systems via Nx Cloud remotely.
Option 1 (Recommended): Non-Region Specific
For Time Synchronization (TCP Port : 37, 443)
*.rfc868server.com
For Other Components (TCP Ports : 80, 443)
*.networkoptix.com
*.vmsproxy.com
Option 2: Region- and Component-Specific
IMPORTANT! All below FQDNs and IP addresses must be added to the pass list (not only your region-specific-ones). To learn more about various Cloud components refer to this article.
For Relay (TCP Ports : 80, 443; UDP Port: 3345)
Main
relay.vmsproxy.com
Americas
New York
relay-ny.vmsproxy.com (185.59.223.85)
New York (backup)
relay-ny2.vmsproxy.com (89.187.177.166)
Los Angeles, CA
relay-la.vmsproxy.com (185.152.67.150)
Сhicago, IL
relay-chi.vmsproxy.com (89.187.181.221)
Miami, FL
relay-mia.vmsproxy.com (212.102.60.89)
Dallas, TX
relay-dal.vmsproxy.com (89.187.175.87)
Europe
Frankfurt, Germany
relay-fr.vmsproxy.com (195.181.174.35)
Amsterdam, Netherlands
relay-ams.vmsproxy.com (89.187.174.241)
Australia
Sydney
relay-sy.vmsproxy.com (207.148.86.247)
China / APAC
China (used for China users only, excluding Hong Kong)
cn-north-1.relay.vmsproxy.cn (52.81.101.172)
Singapore
relay-si.vmsproxy.com (139.180.221.39)
For Connection Mediator (TCP Ports : 80, 443, UDP Port: 3345)
Americas
us-east-1.mediator.vmsproxy.com (52.7.195.88) us-west-1.mediator.vmsproxy.com (54.153.53.233)
APAC
ap-southeast-2.mediator.vmsproxy.com (3.25.68.173)
Europe
eu-central-1.mediator.vmsproxy.com (52.58.51.230)
For Speed Testing (TCP Port : 80)
speedtest.vmsproxy.com
It resolves to the following IPs based on the client location:
- 18.196.46.87
- 54.193.97.109
- 54.255.218.20
- 13.211.129.121
For Time Synchronization (TCP Port : 37, 443)
Required to synchronize Server times with Nx time servers.
time.rfc868server.com us-west.rfc868server.com frankfurt.rfc868server.com singapore.rfc868server.com
For License Activation / Deactivation (TCP Port : 80, 443)
Required to activate and manage licenses online.
licensing.networkoptix.com
or
licensing.vmsproxy.com
For Update Notifications (TCP Ports: 80, 443)
updates.networkoptix.com beta.networkoptix.com
and / or
updates.vmsproxy.com beta.vmsproxy.com
For Anonymous Reporting (TCP Ports: 80, 443)
Required to send anonymous usage statistics.
stats.networkoptix.com stats2.networkoptix.com
and / or
stats.vmsproxy.com stats2.vmsproxy.com
For Fetching Public IP (TCP Port: 80, 443)
Required to allow Servers to fetch a public IP for use in directing System traffic.
tools.vmsproxy.com tools-eu.vmsproxy.com
Questions
If you have any questions related to this topic or you want to share your experience with other community members or our team, please visit and engage in our support community or reach out to your local reseller.
Comments
0 comments
Article is closed for comments.