Configure your enterprise firewall
How to
-
Update your enterprise firewall
to allow traffic to these domains and ports. This table lists the domains that
are required for specific ETP features.
Hostname Description Protocol Port Direction *.akaetp.net HTTP data path of ETP Proxy TCP 443 Outbound etpcas.akamai.com Control channel of ETP Client and Security Connector sinkhole-etp.akamaietp.net Control channel for Security Connector logs amg.nevada.akamai.com Control channel of Security Connector *.r11.dot.dns.akasecure.net
Note: For Security Connector DNS Forwarder,dot
is the Application-Layer Protector Navigation (ALPN).DNS-over-TLS (DoT) connection for Security Connector DNS Forwarder and ETP Client 3.2.0 or later (beta) 443 or 853 For ETP Client, the port you must allow depends on the port that’s configured in the policy. In a policy, you can select port 443 or 853 for DoT.
For DNS Forwarder, the port you must allow depends on the ports configured in Security Connector for a DNS Forwarder configuration.
dnsclient.etp.akamai.com Connectivity probe for ETP Client 443 Full hostname of identity provider Identity provider *.dialin.go.akamai-access.com Identity connectors error.etp.akamai.com ETP Error Pages 80 *.akamai.com or Any IP Network Time Protocol (NTP) UDP 123 - <ETPDNS_IPv4_1>
- <ETPDNS_IPv4_2>
OR
- <ETPDNS_IPv6_1>
- <ETPDNS_IPv6_2>
- <ETPDNS_IPv4_1> and <ETPDNS_IPv4_2> are the primary and secondary IPv4 addresses of the ETP DNS servers.
- <ETPDNS_IPv6_1> and <ETPDNS_IPv6_2> are the primary and secondary IPv6 addresses of the ETP DNS servers.
These DNS servers are assigned to your ETP account.
Only allow the IPv6 server addresses if your organization uses IPv6.
ETP DNS Servers 53 You should also allow access to all hostnames that you or another administrator configured with the bypass action. Hostnames with the bypass action are directed to the Internet and do not go through ETP Proxy.
For instructions, see the product documentation for your organization’s enterprise firewall.
-
If you want to prevent users
from bypassing ETP and connecting
directly to open recursive DNS servers on the Internet, block this port.
Hostname Description Protocol Port Direction All Port where DNS servers listen for queries TCP / UDP 53 Outbound For instructions, see the product documentation for your organization’s enterprise firewall.