Required URLs, IP addresses and ports
This topic provides an overview of URLs, IP addresses and ports that must be added to the allow list (also known as whitelist) in your firewall to ensure that the Ivanti Neurons Platform and its agents can communicate.
All outbound network traffic is typically via port 443 and 8883. Network communication from Ivanti Neurons to agents is done through MQTT technology. Individual services on the Ivanti Neurons agent can communicate to Ivanti Neurons on secure port 443.
Common URLs for all environments
Registration
The table below outlines the base URLs needed for the Ivanti Neurons agent to register and communicate with the Neurons Platform. Without access to these URLs, the Neurons agent cannot register or install.
| URL | IP address |
|---|---|
| https://agentreg.ivanticloud.com | Dynamic IP (Can change often) |
| https://agentsync.ivanticloud.com | Dynamic IP (Can change often) |
| https://download.ivanticloud.com | Dynamic IP (Can change often) |
|
https://edgelocation.ivanticloud.com |
20.108.85.53 |
The Neurons Platform utilizes some features of Microsoft Azure which do not allow static IP addresses. Microsoft has a pool of IP addresses available, to use these features publicly.
If you cannot add the URLs listed above to the allow list of your firewall, the alternative would be to allow the following certificate:
*.ivanticloud.com
Content
The table below lists URLs that are needed for downloading content and updates. Access to some of these URL is required for installation of the Neurons Agent, as the Agent has to load updated .Net libraries and the .NET UI SDK.
| URL | Remark |
|---|---|
| download.visualstudio.microsoft.com | .NET RunTime/Updates |
| download.windowsupdate.com | |
| download.microsoft.com | |
|
content.ivanti.com |
Ivanti Patch data |
If you use Ivanti Neurons for Patching, manufacturer download portals also need to be accessible.
Example: http://downloadarchive.documentfoundation.org/ for LibreOffice
Landscape-specific URLs, IP addresses, and ports
Ivanti Neurons tenants can be located in different 'landscapes', depending on where you are located geographically. The landscape that holds your tenant determines what you must add to the allow list.
To determine the landscape of your tenant, go to the Ivanti Neurons sign-in page for your tenant and look at the URL. The first three characters indicate the landscape.
Current landscapes are:
- NVU for America-based (AMER) customers.
- UKU for Europe, Middle-East or Africa-based (EMEA) customers.
- MLU for Asia-Pacific-based (APAC) customers.
- FRU for EU-based customers that want to host their data inside the EU.
If you need help understanding in which landscape your environment is hosted, feel free to reach out to your account representative or Ivanti Support.
The sections below list the landscape-specific URLs, IP addresses, and ports needed for each of the Ivanti Neurons Platform services. The services available in your environment depend on which Ivanti Neurons license you have.
Click on the name of the relevant landscape to expand the list.
NVU landscape
| Service | URL | IP address | Ports |
|---|---|---|---|
| Agent (required) | |||
| Backbone Neurons Communications | nvuprd-sfc.ivanticloud.com | Dynamic | 443 (TCP) |
| Agent Communications | nvu-prd.mqtt.ivanticloud.com | 20.81.12.92 | 8883 |
| Connector Engine | Local traffic | Local traffic | 443 (TCP) |
| Connector Engine – SQL | Local traffic | Local traffic | As defined by your SQL Server instance |
| Edge Intelligence | |||
| Real-Time Engine | nvu-prd.mqtt.ivanticloud.com | 20.81.12.92 | 8883 (TCP) |
| Remote Control | |||
| Remote Control on the Endpoint machine | nvuprd-rc.ivanticloud.com | 20.75.194.96 | Port Range 44345 to 44349 (TCP) |
| Remote Control for the Analyst machine | Port Range 45344 to 45348 (TCP) | ||
| Patch Management | |||
| Patch Engine - Vendors | See Vendor list at https://forums.ivanti.com | 443/80 (TCP, outbound only) | |
| Patch Engine - Sideload | sapatchtenantfilesc49a57.blob.core.windows.net | Dynamic | 443 (TCP, outbound only) |
| Discovery | |||
| AgentlessEngine | Local traffic | Local traffic | 445 (TCP) 135 (TCP) |
| IvantiCsepEngine | Local traffic | Local traffic | 33554 (TCP and UDP) 33555 (UDP) |
| IvantiDiscoveryEngine | Local traffic | Local traffic | 137 (UDP) 53 (UDP) |
| DeploymentEngine | nvuprd-adpstat.ivanticloud.com | Dynamic | 443 (TCP) |
| Status of, for example, Deployment and Discovery Scan | |||
| Live updates of the UI (instead of refreshing the webpage) |
https://rg-nvz-prd-discoagentmgmtdisco-notifications-nvz.service.signalr.net/client/negotiate |
|
|
|
wss://rg-nvz-prd-discoagentmgmtdisco-notifications-nvz.service.signalr.net/client/ |
|
|
|
UKU landscape
| Service | URL | IP address | Ports |
|---|---|---|---|
| Agent (required) | |||
| Backbone Neurons Communications | ukuprd-sfc.ivanticloud.com | Dynamic | 443 (TCP) |
| Agent Communications | uku-prd.mqtt.ivanticloud.com | 20.49.172.247 | 8883 |
| Connector Engine | Local traffic | Local traffic | 443 (TCP) |
| Connector Engine – SQL | Local traffic | Local traffic | As defined by your SQL Server instance |
| Edge Intelligence | |||
| Real-Time Engine | uku-prd.mqtt.ivanticloud.com | 20.49.172.247 | 8883 (TCP) |
| Remote Control | |||
| Remote Control on the Endpoint machine | ukuprd-rc.ivanticloud.com | 20.77.156.96 | Port Range 44345 to 44349 (TCP) |
| Remote Control for the Analyst machine | Port Range 45344 to 45348 (TCP) | ||
| Patch Management | |||
| Patch Engine - Vendors | See Vendor list at https://forums.ivanti.com | 443/80 (TCP, outbound only) | |
| Patch Engine - Sideload | sapatchtenantfilesc49a57.blob.core.windows.net | Dynamic | 443 (TCP, outbound only) |
| Discovery | |||
| AgentlessEngine | Local traffic | Local traffic | 445 (TCP) 135 (TCP) |
| IvantiCsepEngine | Local traffic | Local traffic | 33554 (TCP and UDP) 33555 (UDP) |
| IvantiDiscoveryEngine | Local traffic | Local traffic | 137 (UDP) 53 (UDP) |
| DeploymentEngine | ukuprd-adpstat.ivanticloud.com | Dynamic | 443 (TCP) |
| Status of, for example, Deployment and Discovery Scan | |||
| Live updates of the UI (instead of refreshing the webpage) |
https://rg-uks-prd-discoagentmgmtdisco-notifications-uks.service.signalr.net/client/negotiate |
|
|
|
wss://rg-uks-prd-discoagentmgmtdisco-notifications-uks.service.signalr.net/client/ |
|
|
|
MLU landscape
| Service | URL | IP address | Ports |
|---|---|---|---|
| Agent (required) | |||
| Backbone Neurons Communications | mluprd-sfc.ivanticloud.com | Dynamic | 443 (TCP) |
| Agent Communications | mlu-prd.mqtt.ivanticloud.com | 20.53.68.63 | 8883 |
| Connector Engine | Local traffic | Local traffic | 443 (TCP) |
| Connector Engine – SQL | Local traffic | Local traffic | As defined by your SQL Server instance |
| Edge Intelligence | |||
| Real-Time Engine | mlu-prd.mqtt.ivanticloud.com | 20.53.68.63 | 8883 (TCP) |
| Remote Control | |||
| Remote Control on the Endpoint machine | mluprd-rc.ivanticloud.com | 20.53.149.64 | Port Range 44345 to 44349 (TCP) |
| Remote Control for the Analyst machine | Port Range 45344 to 45348 (TCP) | ||
| Patch Management | |||
| Patch Engine - Vendors | See Vendor list at https://forums.ivanti.com | 443/80 (TCP, outbound only) | |
| Patch Engine - Sideload | sapatchtenantfilesc49a57.blob.core.windows.net | Dynamic | 443 (TCP, outbound only) |
| Discovery | |||
| AgentlessEngine | Local traffic | Local traffic | 445 (TCP) 135 (TCP) |
| IvantiCsepEngine | Local traffic | Local traffic | 33554 (TCP and UDP) 33555 (UDP) |
| IvantiDiscoveryEngine | Local traffic | Local traffic | 137 (UDP) 53 (UDP) |
| DeploymentEngine | mluprd-adpstat.ivanticloud.com | Dynamic | 443 (TCP) |
| Status of, for example, Deployment and Discovery Scan | |||
| Live updates of the UI (instead of refreshing the webpage) |
https://rg-mlz-prd-discoagentmgmtdisco-notifications-mlz.service.signalr.net/client/negotiate |
|
|
|
wss://rg-mlz-prd-discoagentmgmtdisco-notifications-mlz.service.signalr.net/client/ |
|
|
|
FRU landscape
| Service | URL | IP address | Ports |
|---|---|---|---|
| Agent (required) | |||
| Backbone Neurons Communications | fruprd-sfc.ivanticloud.com | Dynamic | 443 (TCP) |
| Agent Communications | fru-prd.mqtt.ivanticloud.com | 20.79.245.45 | 8883 |
| Connector Engine | Local traffic | Local traffic | 443 (TCP) |
| Connector Engine – SQL | Local traffic | Local traffic | As defined by your SQL Server instance |
| Edge Intelligence | |||
| Real-Time Engine | fru-prd.mqtt.ivanticloud.com | 20.79.245.45 | 8883 (TCP) |
| Remote Control | |||
| Remote Control on the Endpoint machine | fruprd-rc.ivanticloud.com | 20.79.146.18 | Port Range 44345 to 44349 (TCP) |
| Remote Control for the Analyst machine | Port Range 45344 to 45348 (TCP) | ||
| Patch Management | |||
| Patch Engine - Vendors | See Vendor list at https://forums.ivanti.com | 443/80 (TCP, outbound only) | |
| Patch Engine - Sideload | sapatchtenantfilesc49a57.blob.core.windows.net | Dynamic | 443 (TCP, outbound only) |
| Discovery | |||
| AgentlessEngine | Local traffic | Local traffic | 445 (TCP) 135 (TCP) |
| IvantiCsepEngine | Local traffic | Local traffic | 33554 (TCP and UDP) 33555 (UDP) |
| IvantiDiscoveryEngine | Local traffic | Local traffic | 137 (UDP) 53 (UDP) |
| DeploymentEngine | fruprd-adpstat.ivanticloud.com | Dynamic | 443 (TCP) |
| Status of, for example, Deployment and Discovery Scan | |||
| Live updates of the UI (instead of refreshing the webpage) |
https://rg-fru-prd-discoagentmgmtdisco-notifications-fru.service.signalr.net/client/negotiate |
|
|
|
wss://rg-fru-prd-discoagentmgmtdisco-notifications-fru.service.signalr.net/client/ |
|
|
|