Orion URLs for Firewall Whitelisting

There are significant advantages to having Orion able to access the Internet, however the last few days have shown that blanket access is not the best security stance to have.

I have collated the following list of URL's with my fellow MVP's assistance in order to help you put whitelist entries in to your firewall policies to give controlled external resource access to Orion.

I have broken these into categories, as some are module specific, and clearly you have the choice to replace many of these with a *.solarwinds.com, but I wanted to provide the full URL list for those that wish to be granular in their ruleset.

Function URL Detail
Core

https://downloads.solarwinds.com
https://api.solarwinds.com
https://installer.solarwinds.com
https://licenseserver.solarwinds.com
https://licensestatusserver.solarwinds.com
https://www.solarwinds.com

These will allow centralised upgrades and license registrations to be performed
Core - THWACK 

http(s)://thwackfeeds.solarwinds.com
http(s)://thwack.api.solarwinds.com

To allow display of THWACK feeds in widgets and direct import/export of templates
Core - WorldWide Map

http://open.mapquestapi.com/
https://api.openstreetmap.org/

For rendering the Worldwide map and for performing Geo lookups from SNMP data
NCM

https://nvd.nist.gov/feeds/json/cve/1.1
https://nvd.nist.gov/feeds/json/cpematch/1.0

Configuration Vulnerability Analysis
NCM

https://wsgx.cisco.com 

Cisco Smart Advisor
SAM

https://api.dell.com
https://support.hpe.com
https://*.ibm.com
https://supportapi.lenovo.com
http://support.lenovo.com

SAM hardware warranty lookups
Alerting (ServiceNow integration) https://<API-SubDomain>.service-now.com

If using ServiceNow alert integration. Replace API-SubDomain with your configured API URL

Add your own HelpDesk API URLS if you are using the GET/POST to URL or script actions to integrate your alerts

Alerting (SolarWinds Service Desk integration)

https://api.samanage.com (for non-EU customers)
https://apieu.samanage.com (for EU customers)

SolarWinds Service Desk Integration

Cloud Monitoring AWS

https://amazonaws.com
https://aws.amazon.com
autoscaling.*.amazonaws.com
https://*.awsstatic.com
https://*.amazontrust.com
https://ec2.*.amazonaws.com
https://events.*.amazonaws.com
monitoring.*.amazonaws.com

Azure
https://login.microsoftonline.com
https://management.azure.com
https://management.core.windows.net

 

For monitoring AWS and Azure clouds in Orion core. List was taken from this previous post
Meraki

https://dashboard.meraki.com
https://api.meraki.com

For polling your Meraki infrastructure via central cloud management platform
NetPath

https://stat.ripe.net

Used to perform BGP data lookups
AppOptics

http://my.appoptics.com
https://my.appoptics.com
https://api.appoptics.com

If you have the integration to the SolarWinds AppOptics SaaS APM solution
Discovery Agent

https://opendns.com (to obtain external IP)
https://agt.samanage.com (for non-EU customers)
https://agteu.samanage.com (for EU customers)

SolarWinds Service Desk Discovery Agent for SolarWinds Orion

You will also need to be conscious of the monitoring targets you configure in Orion and add those to your whitelist policy, where for example in SAM, if you wish to monitor your Salesforce instance via HTTPS monitors in WPM or SAM, add your Salesforce FQDN, to monitor O365 then https://*.office365.com and https://ps.outlook.com would be necessary. Ensure you bake your whitelist updates into your monitoring definition process.

If I have missed anything here, then please let me know via the comments, and I will update.

Parents Reply Children
No Data