This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Orion URLs for Firewall Whitelisting

There are significant advantages to having Orion able to access the Internet, however the last few days have shown that blanket access is not the best security stance to have.

I have collated the following list of URL's with my fellow MVP's assistance in order to help you put whitelist entries in to your firewall policies to give controlled external resource access to Orion.

I have broken these into categories, as some are module specific, and clearly you have the choice to replace many of these with a *.solarwinds.com, but I wanted to provide the full URL list for those that wish to be granular in their ruleset.

Function URL Detail
Core

https://downloads.solarwinds.com
https://api.solarwinds.com
https://installer.solarwinds.com
https://licenseserver.solarwinds.com
https://licensestatusserver.solarwinds.com
https://www.solarwinds.com
https://documentation.solarwinds.com
https://www.documentation.solarwinds.com
https://customerportal.solarwinds.com
static.solarwinds.com

These will allow centralised upgrades and license registrations to be performed
Core - THWACK 

http(s)://thwackfeeds.solarwinds.com
http(s)://thwack.api.solarwinds.com

To allow display of THWACK feeds in widgets and direct import/export of templates
Core - WorldWide Map

http://open.mapquestapi.com/
https://api.openstreetmap.org/

For rendering the Worldwide map and for performing Geo lookups from SNMP data
NCM

https://nvd.nist.gov/feeds/json/cve/1.1
https://nvd.nist.gov/feeds/json/cpematch/1.0

Configuration Vulnerability Analysis
NCM

https://wsgx.cisco.com 

Cisco Smart Advisor
SAM

https://api.dell.com
https://support.hpe.com
https://*.ibm.com
https://supportapi.lenovo.com
http://support.lenovo.com

SAM hardware warranty lookups
Alerting (ServiceNow integration) https://<API-SubDomain>.service-now.com

If using ServiceNow alert integration. Replace API-SubDomain with your configured API URL

Add your own HelpDesk API URLS if you are using the GET/POST to URL or script actions to integrate your alerts

Alerting (SolarWinds Service Desk integration)

https://api.samanage.com (for non-EU customers)
https://apieu.samanage.com (for EU customers)

SolarWinds Service Desk Integration

Cloud Monitoring AWS

https://amazonaws.com
https://aws.amazon.com
autoscaling.*.amazonaws.com

https://*.awsstatic.com
https://*.amazontrust.com
https://ec2.*.amazonaws.com
https://events.*.amazonaws.com
monitoring.*.amazonaws.com
thwack-static.s3.amazonaws.com
thwack-admin.thwack-apps.solarwinds.com

Azure
https://login.microsoftonline.com
https://management.azure.com
https://management.core.windows.net

 

For monitoring AWS and Azure clouds in Orion core. List was taken from this previous post
Meraki

https://dashboard.meraki.com
https://api.meraki.com

For polling your Meraki infrastructure via central cloud management platform
NetPath

https://stat.ripe.net

Used to perform BGP data lookups
AppOptics

http://my.appoptics.com
https://my.appoptics.com
https://api.appoptics.com

If you have the integration to the SolarWinds AppOptics SaaS APM solution
Discovery Agent

https://opendns.com (to obtain external IP)
https://agt.samanage.com (for non-EU customers)
https://agteu.samanage.com (for EU customers)

SolarWinds Service Desk Discovery Agent for SolarWinds Orion

You will also need to be conscious of the monitoring targets you configure in Orion and add those to your whitelist policy, where for example in SAM, if you wish to monitor your Salesforce instance via HTTPS monitors in WPM or SAM, add your Salesforce FQDN, to monitor O365 then https://*.office365.com and https://ps.outlook.com would be necessary. Ensure you bake your whitelist updates into your monitoring definition process.

If I have missed anything here, then please let me know via the comments, and I will update.

Parents
  • Fundamentally, I've been trying to get an answer to what online services SolarWinds needs access to fully function, in a bare minimum allowed ruleset for some time, but not DNS.  I've asked techinical support this before without much success. 

    Our instance cannot communicate with anything other than Licensing, NIST, Downloads.  Unfortunately, a restriction of the VM Firewall solution as I am told is having to use IP Host or IP Ranges for exclusions, not DNS.  Some of these URLs seems to stay within a /25 range of addresses which is manageable, some like downloads. are behind load balancers. 

    It would be helpful to have a dynamically update list of IP ranges required.

    On a random note, how does Open Street map (within the worldwide map) get it's data updated.

Reply
  • Fundamentally, I've been trying to get an answer to what online services SolarWinds needs access to fully function, in a bare minimum allowed ruleset for some time, but not DNS.  I've asked techinical support this before without much success. 

    Our instance cannot communicate with anything other than Licensing, NIST, Downloads.  Unfortunately, a restriction of the VM Firewall solution as I am told is having to use IP Host or IP Ranges for exclusions, not DNS.  Some of these URLs seems to stay within a /25 range of addresses which is manageable, some like downloads. are behind load balancers. 

    It would be helpful to have a dynamically update list of IP ranges required.

    On a random note, how does Open Street map (within the worldwide map) get it's data updated.

Children
No Data