Solved

Feature request - Use only standard ports

  • 15 July 2019
  • 6 replies
  • 440 views

Userlevel 2
Badge +6
I'd like to submit a feature request to have Webroot DNS only use standard ports (preferably only port 80 and/or 443). If we're expected to use custom ports, then we're setting up for failure. Some environments won't have these ports open. My understanding is that Cisco umbrella works completely on 443. Would like to see the same with Webroot DNS.

If this isn't the right place for feature requests, please let me know where I should post this.

Adrian V.
icon

Best answer by JonathanB 23 July 2019, 23:42

@NicCrockett - the information you referenced in the guide it perfect. The current version of the agent - 1.3.3.36 - was a significant evolution as it allowed us to start using Google Cloud to host the DNS servers. This not only brought a stability and performance boost, but is also when the agent was updated to start using port 443 for agent communication (5222 as backup).

Of note, the previous agent (pre 1.3.3.35) needed port 53 and 7777. This is no longer necessary and the documentation will be updated shortly to reflect this.

Love the recommendations @avdlaan. Suggestions like this is how the product evolves - keep them coming!
View original

6 replies

Userlevel 7
Badge +26
@avdlaan, I'm not a user of Webroot's DNS product. However, I know a bit about DNS and ports. Your suggestion sounds reasonable, but I'd need to know what Webroot is expecting to be open.

As a rule of thumb, I suggest anyone who's maintaining a network use a tool like GRCs Shields Up. This tool can tell you about ports that might be open externally to your network that you might be unaware of. Obviously, if you have a port open for a reason that's understandable. This tool will tell you this and might show you some you're unaware of too. I suggest using this tool, not to promote it, but to know what ports you have open publicly. This is just a suggestion to know what ports are open to your network.

FYI, you have to vote on your own idea. The system doesn't do it for you like most idea and feature request systems. You got my vote! 😁

If I can offer any additional help let me know. I'll just need details since I don't use the DNS product.

Sincerely,
Userlevel 2
Badge +6
Hi NicCrockett,

I'm not talking about incoming ports here, I'm talking about the ports used for outgoing traffic by Webroot DNS. I'm also quite familiar with how to check what ports are open, and I'm not sure how that's relevant to my post.

Webroot DNS uses (and requires) port 7777 which is a non-standard port, and will be blocked in any tightened network (see more here - https://answers.webroot.com/Webroot/ukp.aspx?pid=17&vw=1&app=vw&solutionid=2886).

I would like to see this changed to 443 so that there is a much higher possibility of this working even in locked-down environments, hence the reason for this feature request.
Userlevel 7
Badge +26
@avdlaan,

I'm sorry if I offended you by suggesting that you check your open ports. Unfortunately, in a forum, like this one, I don't know the level of knowledge a poster possesses. You apparently know something about properly managing a network. So again, I apologize.

As for your current feature request, I still think it's not a bad idea. However, remember what I said in my last post. I don't use the DNS product, so I can only speculate and offer generic ideas. Also, you might want to edit your original post to say that this is specific to outbound ports. My original suggestion was based on what could break inbound, but now I know your needing a change to the outbound ports used.

Unfortunately the link you posted doesn't work. It looks like it's tied to your browser session when you looked it up or I have to be logged into a specific support site for Webroot. However, I did find the following on that support site. This might be what you were looking at or something else. Going off this page, port 7777 isn't the only port required, nor is TCP the only protocol. However, you'll notice one IP Address uses port 443 and 5222, and only uses TCP.

Given this conflicting information, I suggest you contact support and find out what is really required. If what's below isn't correct, suggest to them that they should update their documentation.



Sorry if I can't be of more help!

Sincerely,
NicCrockett
Userlevel 1
Badge +5
@NicCrockett - the information you referenced in the guide it perfect. The current version of the agent - 1.3.3.36 - was a significant evolution as it allowed us to start using Google Cloud to host the DNS servers. This not only brought a stability and performance boost, but is also when the agent was updated to start using port 443 for agent communication (5222 as backup).

Of note, the previous agent (pre 1.3.3.35) needed port 53 and 7777. This is no longer necessary and the documentation will be updated shortly to reflect this.

Love the recommendations @avdlaan. Suggestions like this is how the product evolves - keep them coming!
Userlevel 2
Badge +6
Thanks Jonathan, great news!
Userlevel 7
Badge +26
@JonathanB, if Webroot moved to Google Cloud it's not surprising Webroot had to start using port 443. Google is all about secure web traffic and in truth it's a good approach, so I can't really argue with them. I do wish they weren't so pushy about it though. 🙄 Thanks for the explanation of the documentation!

Sincerely,
NicCrockett

Reply