Firewall Passlist

Avoiding Firewall Issues in Nx Witness VMS (and other Powered-by-Nx Products)

Firewall issues can occur when using Nx Witness VMS and other Powered-by-Nx products. This is because these products generate internet traffic when they are connected to the internet. 

To make sure you can connect to Nx cloud services, you need to add Nx endpoints to your firewall's passlist. Check out the support article 'What Internet Traffic Will Nx Witness System Generate?' to learn more about the internet traffic that is generated by Nx products. 

Here are some recommended settings to avoid any disruptions in internet services related to Nx Witness VMS. 

There is also a Python script and a CSV file available at the bottom of the article to help diagnose connection problems and make it easier for you to upload the information to your firewall application.

With this Python script, you can confirm if all endpoints are open or closed. In case they report themselves a closed, you need to add these endpoints to the firewall passlist or make an exception in the antivirus software.

Firewall Passlist

When setting up your firewall, make sure to use a specific naming system called FQDN. 

This is important because it allows you to add specific services to your allowed list. Some services don't have a fixed IP address, so using FQDN ensures that you can add them to your firewall's allowed list.

FQDN stands for "Fully Qualified Domain Name," and it's a complete name that identifies a specific website or service on the internet.

List of FQDNs

Please note, it's important to add all the FQDNs listed below to your firewall passlist, not just the ones specific to your region. Don't worry, if you want to learn more about the different cloud components, there's a support article you can check out for more information.

For Nx Cloud Portal and Cloud DB (TCP Ports : 80, 443)

Required to connect/disconnect Systems from Cloud and maintain connections.

15.197.226.136
3.33.243.34
13.248.187.145
76.223.54.46

For Relay (TCP Ports : 80, 443, 3345; UDP Port: 3345)

Main

relay.vmsproxy.com

Americas

New York, NY 1
relay-ny.vmsproxy.com (185.59.223.85)

New York, NY 2
relay-ny2.vmsproxy.com (89.187.177.166)

New York, NY 3
dp-ny-3.vmsproxy.com (138.199.41.85)

New York, NY 4
dp-ny-4.vmsproxy.com (156.146.58.154)

Los Angeles, CA 1
relay-la.vmsproxy.com (185.152.67.150)

Los Angeles, CA 2
Dp-la-2.vmsproxy.com (84.17.45.136)

Chicago, IL
relay-chi.vmsproxy.com (89.187.181.221)

Miami, FL
relay-mia.vmsproxy.com (212.102.60.89)

Dallas, TX
relay-dp-dal-1.vmsproxy.com (89.187.175.87)

Ashburn, VA
relay-dp-ash-1.vmsproxy.com (37.19.207.90)

Seattle, WA
relay-dp-sea-1.vmsproxy.com (138.199.12.70)

Europe

Frankfurt, Germany
relay-fr.vmsproxy.com (195.181.174.35)

Amsterdam, Netherlands
relay-ams.vmsproxy.com (89.187.174.241)

Oceania

Sydney, Australia 1
relay-sy.vmsproxy.com (207.148.86.247)

Sydney, Australia 2
vultr-syd-1.vmsproxy.com (149.28.175.197)

Sydney, Australia 3
vultr-syd-2.vmsproxy.com (45.77.236.199)

Sydney, Australia 4
vultr-syd-3.vmsproxy.com (45.63.31.226)

Sydney, Australia 5
vultr-syd-4.vmsproxy.com (45.77.51.96)

Melbourne, Australia 1    
vultr-mel-1.vmsproxy.com (67.219.104.251)

Melbourne, Australia 2    
vultr-mel-2.vmsproxy.com (67.219.103.112)

Melbourne, Australia 3    
vultr-mel-3.vmsproxy.com (67.219.104.173)

Melbourne, Australia 4 
vultr-mel-4.vmsproxy.com (67.219.97.147)

China

Used for China users only, excluding Hong Kong.

cn-north-1.relay.vmsproxy.cn (52.81.101.172)

APAC region

Singapore 1
relay-sgp.vmsproxy.com (169.150.207.247)

Singapore 2
vultr-sgp-1.vmsproxy.com (139.180.209.49)

Singapore 3
vultr-sgp-2.vmsproxy.com (139.180.152.47)

Singapore 4
vultr-sgp-3.vmsproxy.com (139.180.216.14)

Singapore 5
vultr-sgp-4.vmsproxy.com (45.77.168.39)

For Connection Mediator (TCP Ports : 80, 443, 3345, UDP Port: 3345)

Americas

us-east-1.mediator.vmsproxy.com (52.7.195.88)

us-west-1.mediator.vmsproxy.com (54.153.53.233)

APAC

ap-southeast-2.mediator.vmsproxy.com (3.25.68.173)

Europe

eu-central-1.mediator.vmsproxy.com (52.58.51.230)

For License Activation / Deactivation (TCP Port : 80, 443)

Required to activate and manage licences online.

licensing.vmsproxy.com

For Update Notifications (TCP Ports: 80, 443)

updates.vmsproxy.com

beta.vmsproxy.com

For Anonymous Reporting (TCP Ports: 80, 443)

Required to send anonymous usage statistics.

stats.vmsproxy.com

stats2.vmsproxy.com

For Fetching Public IP (TCP Port: 80, 443)

Required to allow Servers to fetch a public IP for use in directing System traffic.

tools.vmsproxy.com

tools-eu.vmsproxy.com

For Speed Testing (TCP Port : 80)

speedtest.vmsproxy.com

It resolves to the following IPs based on the client location:

18.196.46.87
54.193.97.109
54.255.218.20
13.211.129.121

For Time Synchronization (TCP Port : 37, 443)

Required to synchronize Server times with Nx time-servers.

time.rfc868server.com

us-west.rfc868server.com

frankfurt.rfc868server.com

singapore.rfc868server.com

It resolves to the following IPs based on the client location:

54.67.89.126
35.157.161.236
54.254.212.230

Questions

If you have any questions related to this topic, or you want to share your experience with other community members or our team, please visit and engage in our support community or reach out to your local reseller.