The CacheFlow appliance needs to access a number of IP addresses through a firewall in order to do the following functions:
1. Upload diagnostic information such as the sysinfo, eventlog, and sysinfo-stats snapshots
2. Download the Blue Coat WebFilter database
3. Download the Cachepulse database
4. Download software updates
5. Allow remote diagnostics
6. Download CacheFlow License
In most ISP deployments, client IP reflection is enabled and the firewall will allow the client IP addresses access to the internet. However the firewall may not allow the CacheFlow's IP address to access the Internet. The CacheFlow will use its IP address as the originating address for the tcp connection. Therefore the CacheFlow's IP address must have access to the OCS over TCP_80 and TCP_443
The following is the list of hostnames that the CacheFlow appliance needs access to in order to perform the functions listed below:
Allows the CacheFlow appliance to upload heartbeat information to the heartbeat server.
Used when the send command uploads diagnostic information to Blue Coat.
Used when a remote diagnostic sessions is required by support.
Used when downloading Cachepulse and Blue Coat WebFilter databases. This server has several geographically-distributed PoPs, and is subject to occasional load-balancing changes. It doesn't change often (for a given deployment), but it has changed several times in the past.
Used to download software updates directly to the CacheFlow appliance.
Used to retrieve the "birth-certificate" of a device.
Used to download the CacheFlow license for CF version 3.4 and newer