one that I notice is not on the list utilized for Netpath is stat.ripe.net, below is a post regarding it, but I noticed after I turned of internet access a number of errors in the event log referencing that it was unable to communicate to that URL via 443

https://thwack.solarwinds.com/t5/NPM-Discussions/NetPath-and-stat-ripe-net/m-p/285456

@m_robertsthanks for the list!

Need to update to 'service-now'.

Thanks @christopher.t.jones123  and @monitoringlife  - I have made the updates

Very good!

Going to orions AdvancedConfiguration web page, filtering on url shows some more urls for this list. 

Like AppOptics, specific urls to HP, lenovo and dell, azure api etc.

Those of you who use OpsGenie should also include https://api.opsgenie.com. 

Thanks for this helpful resource, @m_roberts!

There are a a couple additional URLs from the Advanced Configuration page in Orion, which is at http[s]://[servername]/Orion/Admin/AdvancedConfiguration/Global.aspx.

Thanks! I was having troubles tracking down the URL for the Cisco EOS dates.

If you use VictorOps - https://alert.victorops.com

Fundamentally, I've been trying to get an answer to what online services SolarWinds needs access to fully function, in a bare minimum allowed ruleset for some time, but not DNS.  I've asked techinical support this before without much success. 

Our instance cannot communicate with anything other than Licensing, NIST, Downloads.  Unfortunately, a restriction of the VM Firewall solution as I am told is having to use IP Host or IP Ranges for exclusions, not DNS.  Some of these URLs seems to stay within a /25 range of addresses which is manageable, some like downloads. are behind load balancers. 

It would be helpful to have a dynamically update list of IP ranges required.

On a random note, how does Open Street map (within the worldwide map) get it's data updated.

Thanks, very useful content.

@robth Firstly, I have never come across a web filters solution that cannot support hostnames for whitelist and this is a perfect example of why that should be the case. DNS poisoning issues can be dealt with by the security device having its own DNS server settings and protections.

However, if this is the case then you will have to research the IP blocks owned by the domains and use those, which you will need to either monitor for change or script to auto update the firewall.

That would be VMware NSX-V Distributed Firewall, or so I am told by our team that provide me a VM to host Solarwinds onto.

I can't agree with the reasoning DNS would protect me against DNS Poisoning, especially when the current rule set only allows communication with Solarwinds controlled/owned IP space.  Regardless, it would be a much more desirable position to simply have a ruleset that just allows the above URL list.

It's something I need to follow up and do some reading into myself on NSX-V, as it's not my area of day to day responsibility and lack the time to do so, I'll take their word for it for now.

Thanks for this list. This is exactly what I was hoping to find.

Guys, please help. Can't download shared templates from thwack:

Which exact IP we must add to our allow list?
This one is already in the list, but still cant reach thwack share:

UPDATE: there resources are also need to be whitelisted:

74.115.13.122 (thwackfeeds.solarwinds.com)

104.27.150.17 (twhack.com)

74.115.13.97 (thwack.api.solarwinds.com)

99.84.233.181 (thwack.solarwinds.com)

99.83.191.119 (thwackfeeds.solawinds.com)

Has anyone had any luck with getting their O365 / Azure monitored services showing up again after blocking Orion's access to the internet?

We permitted the respective domains, but I'm still having trouble getting the scripts monitoring our Sharepoint online and Azure database instances to run. Fails with "unable to connect to remote server", but I have confirmed Orion can contact "login.microsoftonline.com", "portal.azure.com" and our Sharepoint site "Company1.sharepoint.com". Not sure where or what else might need to be permitted?

Edit: Apparently this just needed time...even after initiating a "poll now". Also needed to permit graph.microsoft.com for our Sharepoint scripts.

Edit 2: I take back my previous edit. The monitored application is still in an unknown state and tells me that it's "unable to connect to remote server". Not sure what else could need permitted at this point. 

Anyone having issues with scheduled reports after applying Firewall Whitelisting?

The scheduled report runs successfully but for those that include a chart the chart data is missing in the PDF that is received, all other data including a Custom Table appears as expected.

If I run the same report through the web console all data is displayed as expected.

What about sftpsupport.solarwinds.com for uploading diagnostics?

Customerportal needed for anything?

In the Core above, do those URLs include what is necessary to populate the updates available in "My Orion Deployment"?

Kevin

Thanks @m_roberts. Really useful list 🙂

@jklundy  if you are uploading directly from the Orion server, then yes you will need to add the file upload URL's to your whitelist. Note that with the ability to generate diags via the Orion web UI now, downloading them to your local PC then uploading may be used.

Yes, the 'Core' URL's above should allow your Orion to be managed via My Orion Deployment for upgrades.

@grizzlyferrett What happens when you view the Orion web page the scheduled report is from via a browser on the Orion primary server, do you get the same issues?

@m_robertsWhen viewing from the Orion Web Page the report appears as I would expect with data in the charts. Its only when the report is scheduled to run and email the report that the data is missing from the chart.

Since the Security Incident we now block all Outbound HTTP and HTTPS traffic from our SolarWinds environment unless we can determine the destination, the change in functionality of the scheduled reports ties in with this change.

Sorry, can you confirm if you RDP'ing to the Orion primary server and using a browser on that machine to view the report page in question? The reason for this, is that this essentially mimics how the Schedule report function works and I wanted to see if that works or not.

If this fails as well, Wireshark the traffic on the Orion server when performing the page requests to see what the flow of traffic is, to see if anything is being blocked.

@m_robertsYes, if I RDP to the Main Poller (Primary Orion Server) and using Firefox on that machine I can successfully view the report.

I will take your advice and Wireshark the traffic, I suspect I need to amend the Firewall Rules to allow the SolarWinds to talk to something. We use Office365 so there may even be something that gets blocked when the email is sent.