Skip to main content
To Customer Support To Customer Support
We are currently trialling Webroot SecureAnywhere.

 

The majority of our servers are blocked for internet access.  They have traditional pattern based AV and retrieve their updates from a local management server.

 

If I am to consider adopting SecureAnywhere across our network, I would also have to consider opening up internet access on our servers.

 

 

Due to the nature of the service, I understand that it's not possible to identify a range of public IP addresses associated with it.

 

If I restrict the access on the servers to just port 443, will this allow the SecureAnywhere client to communicate fully with the Webroot Cloud servers or would I need to open up port 80 also?

 
Here's the list of servers that WSA needs to communicate with to function.  You'll just need ports 443 and 80 for these:

 

*.webrootcloudav.com

Agent communication and updates

(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e.

 

g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)

*.webroot.com

Agent messaging

 

*.s3.amazonaws.com

Agent file downloading and uploading

WSAWebFilteringPortal.elasticbeanstalk.com

Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain

 

*.webrootanywhere.com

Management portal and support ticket logs upload

 

That way you don't have to open up your servers to the whole Internet, just to the specific servers that we need to talk to.

Reply


Terms & Conditions