NTT
en-US

Agent Deployment Articles

Firewall Settings


Outbound firewall settings

All agents use an outbound internet connection for probing traffic to targets and controller traffic to the SEI controller.

Before agent deployment, check firewall settings for outbound probing and controller traffic. Configure Outbound Firewall settings if:

  • Agent will be probing internet-accessible targets
  • Firewall policy restricts outbound internet access in general
Outbound firewall settings
Protocol Ports Destination IP Direction Purpose
Probing traffic: Required for agents to complete probing sessions with targets outside of the firewall
TCP 80/443 Configured HTTP(S) targets Outbound HTTP(S) target addresses
TCP Configured Speed Test port (Default 8080) Configured Speed Test targets Outbound Speed Test target addresses
ICMP NA Configured ICMP targets Outbound
  • ICMP Probes to default and custom targets
  • ICMP Time exceeded messages from external servers should not be blocked by firewall for path tracing
UDP Configured UDP Port (Default 5001) Configured UDP targets Outbound UDP target addresses
UDP Configured UDP Port (Default 5001) for managed UDP targets and UDP port 33434 for other targets UDP/ICMP Targets for which hop trace is enabled Outbound Hop tracing on Linux and Mac OS (only ICMP is used on Windows OS where the agent just executes tracert command
Controller traffic: Required for Agent to connect to Service Experience Insights
TCP 443 *.edgelq.com Outbound Access to SEI controllers (HTTP2 must be supported when an HTTP proxy is configured)
UDP 53 DNS Server IP Outbound DNS Lookups
UDP 3478, 19302 * Outbound Stun server - used to determine public IP Address


Inbound Firewall Settings

Static and Cloud Agents can be optionally configured as “managed targets” that respond to probing from other agents. This requires the agent to reply to inbound probing traffic.

  • Managed target agents do not support NAT traversal.
  • If the destination “managed target” agent is behind a firewall or NAT, the source agent will send probing data to the external IP and the firewall or NAT must be instructed to route the inbound traffic to the agent’s internal IP.
  • Set inbound firewall policy after configuring the firewall to route inbound probing traffic to the managed target.
Click to expand


Inbound firewall settings
Protocol Ports Source IP Direction Purpose
Required for agents to respond to inbound probing from other agents
TCP 80/443 * or addresses of originating agents sending inbound probing traffic Inbound HTTP(S) targets
TCP Configured Speed Test port (Default 8080) * or addresses of originating agents sending inbound probing traffic Inbound Speed Test targets
ICMP N/A * or or addresses of originating agents sending inbound probing traffic Inbound ICMP targets
UDP Configured UDP Port (Default 5001) * or addresses of originating agents sending inbound probing traffic Inbound UDP targets
UDP Configured UDP Port (Default 5001) * or addresses of originating agents sending inbound probing traffic Inbound Enables agent to respond to traceroute sessions from Static Agents, Cloud Agents, and Mobile Agents for macOS. Mobile Agents for Windows use ICMP to execute tracert command.

Articles in this section
Return to top
About Contact Terms of Use Privacy Site Map
NTT

Copyright © 2023 NTT Limited


In This Article