What IP addresses need to be allowed on a firewall for CacheFlow to function properly
Article ID: 167260
Updated On:
Products
CacheFlow Appliance Software
Issue/Introduction
The CacheFlow appliance needs to access a number of IP addresses through a firewall in order to do the following functions:
1. Upload diagnostic information such as the sysinfo, eventlog, and sysinfo-stats snapshots
2. Download the Blue Coat WebFilter database
3. Download the Cachepulse database
4. Download software updates
5. Allow remote diagnostics
6. Download CacheFlow License
In most ISP deployments, client IP reflection is enabled and the firewall will allow the client IP addresses access to the internet. However the firewall may not allow the CacheFlow's IP address to access the Internet. The CacheFlow will use its IP address as the originating address for the tcp connection. Therefore the CacheFlow's IP address must have access to the OCS over TCP_80 and TCP_443
1. Upload diagnostic information such as the sysinfo, eventlog, and sysinfo-stats snapshots
2. Download the Blue Coat WebFilter database
3. Download the Cachepulse database
4. Download software updates
5. Allow remote diagnostics
6. Download CacheFlow License
In most ISP deployments, client IP reflection is enabled and the firewall will allow the client IP addresses access to the internet. However the firewall may not allow the CacheFlow's IP address to access the Internet. The CacheFlow will use its IP address as the originating address for the tcp connection. Therefore the CacheFlow's IP address must have access to the OCS over TCP_80 and TCP_443
Resolution
The following is the list of hostnames that the CacheFlow appliance needs access to in order to perform the functions listed below:
1. hb.bluecoat.com
Allows the CacheFlow appliance to upload heartbeat information to the heartbeat server.
2. upload.bluecoat.com
Used when the send command uploads diagnostic information to Blue Coat.
3. cacheflow-remote-support.bluecoat.com
Used when a remote diagnostic sessions is required by support.
4. cacheflow-list.es.bluecoat.com
Used when downloading Cachepulse and Blue Coat WebFilter databases. This server has several geographically-distributed PoPs, and is subject to occasional load-balancing changes. It doesn't change often (for a given deployment), but it has changed several times in the past.
5. bto.bluecoat.com
Used to download software updates directly to the CacheFlow appliance.
6. abrca.bluecoat.com
Used to retrieve the "birth-certificate" of a device.
7. device-services.es.bluecoat.com
Used to download the CacheFlow license for CF version 3.4 and newer
1. hb.bluecoat.com
Allows the CacheFlow appliance to upload heartbeat information to the heartbeat server.
2. upload.bluecoat.com
Used when the send command uploads diagnostic information to Blue Coat.
3. cacheflow-remote-support.bluecoat.com
Used when a remote diagnostic sessions is required by support.
4. cacheflow-list.es.bluecoat.com
Used when downloading Cachepulse and Blue Coat WebFilter databases. This server has several geographically-distributed PoPs, and is subject to occasional load-balancing changes. It doesn't change often (for a given deployment), but it has changed several times in the past.
5. bto.bluecoat.com
Used to download software updates directly to the CacheFlow appliance.
6. abrca.bluecoat.com
Used to retrieve the "birth-certificate" of a device.
7. device-services.es.bluecoat.com
Used to download the CacheFlow license for CF version 3.4 and newer
Feedback
Powered by
