Showing results for 
Search instead for 
Did you mean: 
Create Post

Orion URLs for Firewall Whitelisting

There are significant advantages to having Orion able to access the Internet, however the last few days have shown that blanket access is not the best security stance to have.

I have collated the following list of URL's with my fellow MVP's assistance in order to help you put whitelist entries in to your firewall policies to give controlled external resource access to Orion.

I have broken these into categories, as some are module specific, and clearly you have the choice to replace many of these with a *, but I wanted to provide the full URL list for those that wish to be granular in their ruleset.

Function URL Detail

These will allow centralised upgrades and license registrations to be performed

To allow display of THWACK feeds in widgets and direct import/export of templates
Core - WorldWide Map

For rendering the Worldwide map and for performing Geo lookups from SNMP data

Configuration Vulnerability Analysis

Cisco Smart Advisor

SAM hardware warranty lookups
Alerting (ServiceNow integration) https://<API-SubDomain>

If using ServiceNow alert integration. Replace API-SubDomain with your configured API URL

Add your own HelpDesk API URLS if you are using the GET/POST to URL or script actions to integrate your alerts

Alerting (SolarWinds Service Desk integration) (for non-EU customers) (for EU customers)

SolarWinds Service Desk Integration

Cloud Monitoring AWS



For monitoring AWS and Azure clouds in Orion core. List was taken from this previous post

For polling your Meraki infrastructure via central cloud management platform

Used to perform BGP data lookups

If you have the integration to the SolarWinds AppOptics SaaS APM solution
Discovery Agent (to obtain external IP) (for non-EU customers) (for EU customers)

SolarWinds Service Desk Discovery Agent for SolarWinds Orion


You will also need to be conscious of the monitoring targets you configure in Orion and add those to your whitelist policy, where for example in SAM, if you wish to monitor your Salesforce instance via HTTPS monitors in WPM or SAM, add your Salesforce FQDN, to monitor O365 then https://* and would be necessary. Ensure you bake your whitelist updates into your monitoring definition process.

If I have missed anything here, then please let me know via the comments, and I will update.


one that I notice is not on the list utilized for Netpath is, below is a post regarding it, but I noticed after I turned of internet access a number of errors in the event log referencing that it was unable to communicate to that URL via 443

@m_robertsthanks for the list!

Need to update to 'service-now'.

Alertinghttps://<API-SubDomain>.servicenow.comIf using ServiceNow alert integration. Replace API-SubDomain with your configured API URL


Thanks @christopher.t.jones123  and @monitoringlife  - I have made the updates

Very good!

Going to orions AdvancedConfiguration web page, filtering on url shows some more urls for this list. 

Like AppOptics, specific urls to HP, lenovo and dell, azure api etc.

Those of you who use OpsGenie should also include

Thanks for this helpful resource, @m_roberts!

There are a a couple additional URLs from the Advanced Configuration page in Orion, which is at http[s]://[servername]/Orion/Admin/AdvancedConfiguration/Global.aspx.

Thanks! I was having troubles tracking down the URL for the Cisco EOS dates.

If you use VictorOps -

Fundamentally, I've been trying to get an answer to what online services SolarWinds needs access to fully function, in a bare minimum allowed ruleset for some time, but not DNS.  I've asked techinical support this before without much success. 

Our instance cannot communicate with anything other than Licensing, NIST, Downloads.  Unfortunately, a restriction of the VM Firewall solution as I am told is having to use IP Host or IP Ranges for exclusions, not DNS.  Some of these URLs seems to stay within a /25 range of addresses which is manageable, some like downloads. are behind load balancers. 

It would be helpful to have a dynamically update list of IP ranges required.

On a random note, how does Open Street map (within the worldwide map) get it's data updated.

Thanks, very useful content.

@robth Firstly, I have never come across a web filters solution that cannot support hostnames for whitelist and this is a perfect example of why that should be the case. DNS poisoning issues can be dealt with by the security device having its own DNS server settings and protections.

However, if this is the case then you will have to research the IP blocks owned by the domains and use those, which you will need to either monitor for change or script to auto update the firewall.

That would be VMware NSX-V Distributed Firewall, or so I am told by our team that provide me a VM to host Solarwinds onto.

I can't agree with the reasoning DNS would protect me against DNS Poisoning, especially when the current rule set only allows communication with Solarwinds controlled/owned IP space.  Regardless, it would be a much more desirable position to simply have a ruleset that just allows the above URL list.

It's something I need to follow up and do some reading into myself on NSX-V, as it's not my area of day to day responsibility and lack the time to do so, I'll take their word for it for now.

Thanks for this list. This is exactly what I was hoping to find.

Guys, please help. Can't download shared templates from thwack:

Which exact IP we must add to our allow list?
This one is already in the list, but still cant reach thwack share:



UPDATE: there resources are also need to be whitelisted: ( ( ( ( (

Has anyone had any luck with getting their O365 / Azure monitored services showing up again after blocking Orion's access to the internet?

We permitted the respective domains, but I'm still having trouble getting the scripts monitoring our Sharepoint online and Azure database instances to run. Fails with "unable to connect to remote server", but I have confirmed Orion can contact "", "" and our Sharepoint site "". Not sure where or what else might need to be permitted?


Edit: Apparently this just needed time...even after initiating a "poll now". Also needed to permit for our Sharepoint scripts.


Edit 2: I take back my previous edit. The monitored application is still in an unknown state and tells me that it's "unable to connect to remote server". Not sure what else could need permitted at this point. 

Anyone having issues with scheduled reports after applying Firewall Whitelisting?

The scheduled report runs successfully but for those that include a chart the chart data is missing in the PDF that is received, all other data including a Custom Table appears as expected.



If I run the same report through the web console all data is displayed as expected.

What about for uploading diagnostics?

Customerportal needed for anything?

In the Core above, do those URLs include what is necessary to populate the updates available in "My Orion Deployment"?


Version history
Revision #:
11 of 11
Last update:
a week ago
Updated by: