Avoiding Firewall Issues in Nx Witness VMS (and other Powered-by-Nx Products)
Firewall issues can occur when using Nx Witness VMS and other Powered-by-Nx products. This is because these products generate internet traffic when they are connected to the internet.
To make sure you can connect to Nx cloud services, you need to add Nx endpoints to your firewall's passlist. Check out the support article 'What Internet Traffic Will Nx Witness System Generate?' to learn more about the internet traffic that is generated by Nx products.
Here are some recommended settings to avoid any disruptions in internet services related to Nx Witness VMS.
There is also a Python script and a CSV file available at the bottom of the article to help diagnose connection problems and make it easier for you to upload the information to your firewall application.
With this Python script, you can confirm if all endpoints are open or closed. In case they report themselves a closed, you need to add these endpoints to the firewall passlist or make an exception in the antivirus software.
Firewall Passlist
When setting up your firewall, make sure to use a specific naming system called FQDN.
This is important because it allows you to add specific services to your allowed list. Some services don't have a fixed IP address, so using FQDN ensures that you can add them to your firewall's allowed list.
FQDN stands for "Fully Qualified Domain Name," and it's a complete name that identifies a specific website or service on the internet.
List of FQDNs
Please note, it's important to add all the FQDNs listed below to your firewall passlist, not just the ones specific to your region. Don't worry, if you want to learn more about the different cloud components, there's a support article you can check out for more information.
For Nx Cloud Portal and Cloud DB (TCP Ports : 80, 443)
Required to connect/disconnect Systems from Cloud and maintain connections.
15.197.226.136
3.33.243.34
13.248.187.145
76.223.54.46
For Relay (TCP Ports : 80, 443, 3345; UDP Port: 3345)
Main
relay.vmsproxy.com
Americas
New York, NY 1
relay-ny.vmsproxy.com (185.59.223.85)
New York, NY 2
relay-ny2.vmsproxy.com (89.187.177.166)
New York, NY 3
dp-ny-3.vmsproxy.com (138.199.41.85)
New York, NY 4
dp-ny-4.vmsproxy.com (156.146.58.154)
Los Angeles, CA 1
relay-la.vmsproxy.com (185.152.67.150)
Los Angeles, CA 2
Dp-la-2.vmsproxy.com (84.17.45.136)
Chicago, IL
relay-chi.vmsproxy.com (89.187.181.221)
Miami, FL
relay-mia.vmsproxy.com (212.102.60.89)
Dallas, TX
relay-dp-dal-1.vmsproxy.com (89.187.175.87)
Ashburn, VA
relay-dp-ash-1.vmsproxy.com (37.19.207.90)
Seattle, WA
relay-dp-sea-1.vmsproxy.com (138.199.12.70)
Europe
Frankfurt, Germany
relay-fr.vmsproxy.com (195.181.174.35)
Amsterdam, Netherlands
relay-ams.vmsproxy.com (89.187.174.241)
Oceania
Sydney, Australia 1
relay-sy.vmsproxy.com (207.148.86.247)
Sydney, Australia 2
vultr-syd-1.vmsproxy.com (149.28.175.197)
Sydney, Australia 3
vultr-syd-2.vmsproxy.com (45.77.236.199)
Sydney, Australia 4
vultr-syd-3.vmsproxy.com (45.63.31.226)
Sydney, Australia 5
vultr-syd-4.vmsproxy.com (45.77.51.96)
Melbourne, Australia 1
vultr-mel-1.vmsproxy.com (67.219.104.251)
Melbourne, Australia 2
vultr-mel-2.vmsproxy.com (67.219.103.112)
Melbourne, Australia 3
vultr-mel-3.vmsproxy.com (67.219.104.173)
Melbourne, Australia 4
vultr-mel-4.vmsproxy.com (67.219.97.147)
China
Used for China users only, excluding Hong Kong.
cn-north-1.relay.vmsproxy.cn (52.81.101.172)
APAC region
Singapore 1
relay-sgp.vmsproxy.com (169.150.207.247)
Singapore 2
vultr-sgp-1.vmsproxy.com (139.180.209.49)
Singapore 3
vultr-sgp-2.vmsproxy.com (139.180.152.47)
Singapore 4
vultr-sgp-3.vmsproxy.com (139.180.216.14)
Singapore 5
vultr-sgp-4.vmsproxy.com (45.77.168.39)
For Connection Mediator (TCP Ports : 80, 443, 3345, UDP Port: 3345)
Americas
us-east-1.mediator.vmsproxy.com (52.7.195.88)
us-west-1.mediator.vmsproxy.com (54.153.53.233)
APAC
ap-southeast-2.mediator.vmsproxy.com (3.25.68.173)
Europe
eu-central-1.mediator.vmsproxy.com (52.58.51.230)
For License Activation / Deactivation (TCP Port : 80, 443)
Required to activate and manage licences online.
licensing.vmsproxy.com
For Update Notifications (TCP Ports: 80, 443)
updates.vmsproxy.com
beta.vmsproxy.com
For Anonymous Reporting (TCP Ports: 80, 443)
Required to send anonymous usage statistics.
stats.vmsproxy.com
stats2.vmsproxy.com
For Fetching Public IP (TCP Port: 80, 443)
Required to allow Servers to fetch a public IP for use in directing System traffic.
tools.vmsproxy.com
tools-eu.vmsproxy.com
For Speed Testing (TCP Port : 80)
speedtest.vmsproxy.com
It resolves to the following IPs based on the client location:
18.196.46.87
54.193.97.109
54.255.218.20
13.211.129.121
For Time Synchronization (TCP Port : 37, 443)
Required to synchronize Server times with Nx time-servers.
time.rfc868server.com
us-west.rfc868server.com
frankfurt.rfc868server.com
singapore.rfc868server.com
It resolves to the following IPs based on the client location:
54.67.89.126
35.157.161.236
54.254.212.230
Questions
If you have any questions related to this topic, or you want to share your experience with other community members or our team, please visit and engage in our support community or reach out to your local reseller.
Comments
0 comments
Article is closed for comments.