Articles in this section

See more

Firewall Pass List

Avatar
Nx Support
  • Updated
Follow

Avoiding Firewall Issues in Nx Witness VMS (and other Powered-by-Nx Products)

Nx Witness VMS (and other Powered-by-Nx products) will generate Internet traffic if/when any Server in a System is connected to the Internet.

To guarantee connectivity to Nx cloud-based services you may need to add Nx Witness-related endpoints to your Firewall Pass List. 

To learn more about the types of Internet traffic Nx Witness will generate check out the article What Internet traffic will Nx Witness System generate?

Below are the settings we recommend for your Firewall Pass List to avoid any interruptions in Internet-based services associated with Nx Witness VMS.

At the bottom of this article, you will find a python script we created to help diagnose connection issues with Nx services. Run them on the affected devices to see which services your firewall is blocking.

Also, a *.csv file is added to the bottom of this article, which can be used for your convenience to upload to your Firewall application.

Firewall Pass List

Note: When configuring your Firewall make sure to use FQDN format in order to add specific services to the pass list as some of the endpoints do not resolve to static IP addresses.

For Nx Cloud Portal and Cloud DB: 

Required to connect/disconnect Systems from Nx Cloud and maintain connections.

your-cloud-address.com (e.g. https://nxvms.com)
TCP - ports: 80, 443

For Nx Cloud Connect (NAT Traversal, Data Proxy services)

Required to connect to Systems via Nx Cloud remotely.

Option 1 (Recommended): Non-Region Specific

For Time Synchronization (TCP Port : 37, 443)

*.rfc868server.com

For Other Components (TCP Ports : 80, 443)

*.networkoptix.com
*.vmsproxy.com

Option 2: Region- and Component-Specific

IMPORTANT! All below FQDNs and IP addresses must be added to the pass list (not only your region-specific-ones). To learn more about various Cloud components refer to this article.

For Relay (TCP Ports : 80, 443; UDP Port: 3345)

Main

relay.vmsproxy.com

Americas

New York
relay-ny.vmsproxy.com (185.59.223.85)

New York (backup)
relay-ny2.vmsproxy.com (89.187.177.166)

Los Angeles, CA
relay-la.vmsproxy.com (185.152.67.150)

Сhicago, IL
relay-chi.vmsproxy.com (89.187.181.221)

Miami, FL
relay-mia.vmsproxy.com (212.102.60.89)

Dallas, TX
relay-dal.vmsproxy.com (89.187.175.87)

Europe

Frankfurt, Germany
relay-fr.vmsproxy.com (195.181.174.35)

Amsterdam, Netherlands
relay-ams.vmsproxy.com (89.187.174.241)

Australia

Sydney
relay-sy.vmsproxy.com (207.148.86.247)

China / APAC

China (used for China users only, excluding Hong Kong)
cn-north-1.relay.vmsproxy.cn (52.81.101.172)

Singapore
relay-si.vmsproxy.com (139.180.221.39)

For Connection Mediator (TCP Ports : 80, 443, UDP Port: 3345)

Americas

us-east-1.mediator.vmsproxy.com (52.7.195.88)
us-west-1.mediator.vmsproxy.com (54.153.53.233)

APAC

ap-southeast-2.mediator.vmsproxy.com (3.25.68.173)

Europe

eu-central-1.mediator.vmsproxy.com (52.58.51.230)

For Speed Testing (TCP Port : 80)

speedtest.vmsproxy.com

It resolves to the following IPs based on the client location:

  • 18.196.46.87
  • 54.193.97.109
  • 54.255.218.20
  • 13.211.129.121

For Time Synchronization (TCP Port : 37, 443)

Required to synchronize Server times with Nx time servers.

time.rfc868server.com
us-west.rfc868server.com
frankfurt.rfc868server.com
singapore.rfc868server.com

It resolves to the following IPs based on the client location:

  • 54.67.89.126
  • 35.157.161.236
  • 54.254.212.230

For License Activation / Deactivation (TCP Port : 80, 443)

Required to activate and manage licenses online.

licensing.networkoptix.com

or

licensing.vmsproxy.com

For Update Notifications (TCP Ports: 80, 443)

updates.networkoptix.com
beta.networkoptix.com

and / or

updates.vmsproxy.com
beta.vmsproxy.com

For Anonymous Reporting (TCP Ports: 80, 443)

Required to send anonymous usage statistics.

stats.networkoptix.com
stats2.networkoptix.com

and / or

stats.vmsproxy.com
stats2.vmsproxy.com

For Fetching Public IP (TCP Port: 80, 443)

Required to allow Servers to fetch a public IP for use in directing System traffic.

tools.vmsproxy.com
tools-eu.vmsproxy.com

Questions

If you have any questions related to this topic or you want to share your experience with other community members or our team, please visit and engage in our support community or reach out to your local reseller.

Related articles

Comments

0 comments

Article is closed for comments.