Some Notes on the Machines

Remember that huge text file with all of the DHCP reservations, load average, and everything else? Well, go to:

-Monitor -> Devices
-Choose a firewall
-Go to Live Status -> Diagnostic Tools
-Choose the Snapshot tab.
-Click to download a snapshot file.

Then, in that file:

Fireware_support.tgz\
Fireware_support.tar\
Fireware_XTM_Support.tgz\
Fireware_XTM_Support.tar\
support\system\system_status.txt

Just got wind of this, a much larger list than previously known:

https://support.apple.com/en-us/HT202944

This tool, is how to make sure your firewall is set up correctly to allow StorageCraft cloud services:

https://support.storagecraft.com/s/article/StorageCraft-Cloud-Services-port-checking-utility?language=en_US

Known list at this writing:

*.facebook.com
*.facebook.net
*.fbcdn.com
*.fbcdn.net
*.instagram.com
*.cdninstagram.com
*.tfbnw.net
*.fbsbx.com
*.fb.com

Some firewalls have FQDN capability (e.g., Watchguards), which makes careful rule creation practical for a behemoth like Microsoft Office 365 and all of its related services. The info below is condensed and sorted from here. I have omitted a very few items (e.g., ports 25, 143, 465, and 993, and *.msn.com), for reasons which I hope are reasonably obvious.

Create one rule with these ports:

80, TCP
443, TCP
587, TCP
3478-81, UDP
5223, TCP
50000-59999, TCP and UDP

to the following list of locations, and it is done.

*.aadrm.com
*.aadrm.com
*.aka.ms
*.apple.com
*.aspnetcdn.com
*.aspnetcdn.com
*.assets-yammer.com
*.azure.com
*.azure.net
*.azureedge.net
*.azurerms.com
*.azurerms.com
*.azurewebsites.net
*.cloudapp.net
*.cloudapp.net
*.cloudappsecurity.com
*.cloudfront.net
*.edgekey.net
*.edgesuite.net
*.getmicrosoftkey.com
*.gfx.ms
*.live.com
*.lync.com
*.microsoft.com
*.microsoftazuread-sso.com
*.microsoftonline.com
*.microsoftonline-p.com
*.microsoftonline-p.com
*.microsoftonline-p.net
*.microsoftonline-p.net
*.microsoftstream.com
*.msappproxy.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msecnd.net
*.msedge.net
*.msft.net
*.msftauth.net
*.msocdn.com
*.mstea.ms
*.o365weve.com
*.office.com
*.office.net
*.office365.com
*.onedrive.com
*.onenote.com
*.onenote.net
*.onestore.ms
*.onmicrosoft.com
*.optimizely.com
*.outlook.com
*.phonefactor.net
*.sfbassets.com
*.sfx.ms
*.sharepoint.com
*.sharepointonline.com
*.skype.com
*.skypeassets.com
*.skypeforbusiness.com
*.sway.com
*.sway-cdn.com
*.sway-extensions.com
*.tenor.com
*.trafficmanager.net
*.trafficmanager.net
*.virtualearth.net
*.visualearth.net
*.visualstudio.com
*.windows.net
*.windowsazure.com
*.windowsazure.com
*.yammer.com
*.yammerusercontent.com
ajax.googleapis.com
ms.tific.com

Condensed from here: https://support.google.com/a/answer/2589954?hl=en:

• google.com
• googledrive.com
• google-analytics.com
• googleapis.com
• googleusercontent.com
• ytimg.com
• gstatic.com

The above are all on port 443, HTTPS, only. There is a legacy product which uses talk.google.com on port 5222, XMPP.

Here:

https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/AutoCAD-requests-to-Autodesk-servers-blocked-by-proxy-servers.html

and here:

https://knowledge.autodesk.com/search-result/caas/sfdcarticles/sfdcarticles/Collaboration-for-Revit-Proxy-Server-and-domain-exceptions-for-Autodesk-A360-services.html

and here:

https://knowledge.autodesk.com/support/fusion-360/troubleshooting/caas/sfdcarticles/sfdcarticles/Fusion-360-cannot-access-the-services-through-proxy.html

are found some very interesting items which may be helpful when configuring either firewalls or proxy servers to work with AutoDesk products. We need to except the following FQDN’s from all proxy intervention on ports 80 and 443:

*.autodesk.com
*.google-analytics.com
*.cloudfront.net
*.virtualearth.net
*.autocadws.com
*.newrelic.com
*.akamaiedge.net
*.amazonaws.com
*.s3.amazon.com
*.edgekey.net
*.getsatisfaction.com
*.autodesk360.com 
*.skyscraper.autodesk.com
*.ssl.google-analytics.com
*.js-agent.newrelic.com
*.hotjar.com
*.optimizely.com
cdn.jsdelivr.net
www.googletagmanager.com
cdn.web-platform.io
*.notifications.api.autodesk.com
*.pubsub.pubnub.com
cdn.jsdelivr.net
akamai.com
*.akamai.com
akamaitechnologies.com
*.akamaitechnologies.com
*.protolabs.com
tracepartsonline.net
*.tracepartsonline.net
mcmaster.com
*.mcmaster.com

A page has been recently deleted from the UPS web site, which included:

If I connect to UPS servers through a firewall, are there any known issues?

Because the response from the UPS server may show as unsolicited to your firewall software, you may need to configure your firewall software to accept messages from our unique range of UPS IP address ranges: “207.24.0.*”

At this writing, an in-site search on http://ups.com and a Google search still brings up the page reference, but the page is gone.

See here:

http://notes.ponderworthy.com/logmein-settings-for-routers-firewalls

All of the following ports, reportedly, have to be forwarded to the server:

25
443
444
1723
3389
4125