All Collections
FAQs and Troubleshooting
Which URLs do I need to make accessible for my sensor/agent to function?
Which URLs do I need to make accessible for my sensor/agent to function?

A list of URLs that need to be allow-listed in order for the sensor to be able to communicate

sabine avatar
Written by sabine
Updated over a week ago

Your sensor/agents communicates with multiple systems to download configuration and upload test results. Below is a list of the minimum URLs which you will need to make accessible in order for the sensor/agent to function correctly. Any additional services which you set up for testing might also need to be allow-listed in order for them to be tested correctly.

This is the primary URL for all sensor/agent communication with our backend systems
https://device-gateway.capenetworks.io

Please note: Do not use SSL decryption for the following URLs:

https://device-gateway.capenetworks.io

The sensor/agent uses one of the following methods to get the correct time:
- NTP using 0.pool.ntp.org
- If NTP is not available, the sensor/agent will get the correct time via HTTP from http://device-gateway.capenetworks.io/ on port 80. The sensor/agent will expect HTTP response code 204 with no content.

If the URL http://device-gateway.capenetworks.io/ is not accessible on port 80, the sensor/agent will get the correct time via HTTPS from https://device-gateway.capenetworks.io/ on port 443.

Note: UXI sensors/agents will attempt to use the internal NTP servers instead of using pool.ntp.org listed in the DHCP lease if specified via DHCP option 42.

Port 80 is required for http://cdn.capenetworks.io/auth

That's how the sensor/agent determines if there is a captive portal/proxy or not.

The following URLs are used by the sensor/agent to test whether it has external connectivity.  If it can't access them then the sensor/agent will report a "No connectivity" issue on the dashboard. No sensitive data is transferred to or from these locations.

Warning: if your network has a Captive Portal, depending on your setup, you probably do NOT want to allowlist the following URLs. This is because the sensor/agent might not be properly redirected to the Captive Portal. Instead, the following URLs should be accessible but result in a Captive Portal redirect response for unauthenticated clients.

http://cdn.capenetworks.io/auth
http://cdn.capenetworks.io/connectivity-check
http://35.241.22.134/auth.html
http://35.241.22.134/connectivity-check
http://captive.apple.com/hotspot-detect.html
http://connectivitycheck.gstatic.com/generate_204

Did this answer your question?