IP Address for Firewall

  • 25 August 2016
  • 6 replies
  • 2439 views

Userlevel 4
Badge +9
Beginning this morning, our SonicWall gateway antivirus has started blocking the endpoint upgrade to 9.0.11.70 - clearly a false positive signature in the SonicWall AV database.
 
What are the IP address ranges for the Business Endpoint Protection service so that I can add them to my firewall exclude list?

6 replies

Userlevel 7
Badge +35
 
For proper communication, Webroot requires the following URLs and ports be accessible through any firewall or network access layer.
NOTE: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com). In these cases, you will need to use* .p4.webrootcloudav.com or *.*.webrootcloudav.com.
Ports
-------
80 and 443 – used by the agent to communicate with the Webroot® Platform and your management console. These communications are encrypted using a proprietary form of obfuscation.
URLs
------
Agent communication and updates
=============================
*.webrootcloudav.com
Agent messaging
==============
*.webroot.com
Management portal and support ticket logs upload
==========================================
*.webrootanywhere.com
Agent file downloading and uploading
===============================
wrskynet.s3.amazonaws.com/*
wrskynet-eu.s3-eu-west-1.amazonaws.com/*
wrskynet-oregon.s3-us-west-2.amazonaws.com/*
Web Filtering (elasticbeanstalk is an Amazon AWS domain)
================================================
WSAWebFilteringPortal.elasticbeanstalk.com

Should you have additional questions, please open a support ticket.
I know this is an older post, but it is still relevant to me.
 
I have a couple of servers that I am cutting off ALL traffic to/from, however I want to allow traffic from specific sources like Webroot so that the A/V can get updated.
 
Are the addresses in this post still relevant or have they changed? 
 
 
thanks in advance!
 
Tim
In my experience with Sonicwall and false positives, they generally resolve the issue the same day the false positive starts appearing. If you did set firewall rules to allow this update, you can remove them now. Mine is updated to v9.0.12.52 now without making any firewall changes.
Userlevel 7
Badge +56
It's not specific to Webroot, but only the agent needs to talk to s3 so you could potentially only allow the Webroot client to talk to it if you're concerned.
Userlevel 7
Badge +28
Is the *.s3.amazonaws.com address a generic Amazon AWS address or is it specific to Webroot. I ask because if it's a generic address then Webroot telling it's customers to allow traffic thru from that address is putting them at risk. If it's generic then anyone on the AWS service could be using it including someone who is sending malicious traffic. If we put a rule in our firewalls that the address is safe and it's generic then we are opening our networks up to who knows what.
 
Users reading this don't freak out. If Webroot owns it then we are safe. Let them respond before freaking out. I'm asking because it looks generic and I can't tell, where as the others look like they are owned by webroot.
Userlevel 4
Please allow Webroot’s path masks through the firewall, listed below:
 
*.webrootcloudav.com
Agent communication and updates
(Please note: Some firewalls do not support double dotted subdomain names with a single wildcard mask (i.e. g1.p4.webrootcloudav.com being represented by *.webrootcloudav.com) so some environments might require either *.p4.webrootcloudav.com or *.*.webrootcloudav.com)
 
*.webroot.com
Agent messaging
 
*.s3.amazonaws.com
Agent file downloading and uploading
 
WSAWebFilteringPortal.elasticbeanstalk.com
Required for agent Web Filtering, elasticbeanstalk is an amazon AWS domain
 
*.webrootanywhere.com
Management portal and support ticket logs upload
 
If you require further assistance or have any questions, please send us a reply.
 
Thank you,
Webroot SecureAnywhere Business Support

Reply