Your sensor/agents communicates with multiple systems to download configuration and upload test results. Below is a list of the minimum URLs which you will need to make accessible in order for the sensor/agent to function correctly. Any additional services which you set up for testing might also need to be allow-listed in order for them to be tested correctly.
This is the primary URL for all sensor/agent communication with our backend systems
Please note: Do not use SSL decryption for the following URLs:
The sensor/agent uses one of the following methods to get the correct time:
- NTP using 0.pool.ntp.org
- If NTP is not available, the sensor/agent will get the correct time via HTTP from http://device-gateway.capenetworks.io/ on port 80. The sensor/agent will expect HTTP response code 204 with no content.
Note: UXI sensors/agents will attempt to use the internal NTP servers instead of using pool.ntp.org listed in the DHCP lease if specified via DHCP option 42.
Port 80 is required for http://cdn.capenetworks.io/auth
That's how the sensor/agent determines if there is a captive portal/proxy or not.
The following URLs are used by the sensor/agent to test whether it has external connectivity. If it can't access them then the sensor/agent will report a "No connectivity" issue on the dashboard. No sensitive data is transferred to or from these locations.
Warning: if your network has a Captive Portal, depending on your setup, you probably do NOT want to allowlist the following URLs. This is because the sensor/agent might not be properly redirected to the Captive Portal. Instead, the following URLs should be accessible but result in a Captive Portal redirect response for unauthenticated clients.
Additional information: https://help.capenetworks.com/en/articles/1966715-my-sensor-cannot-connect