assets.nagios.com Question

[J.A.K]

Is there a documented IP range or a list of URLs to allow in firewalls for Nagios XI for updates, installs, etc. Going to things like assets.nagios.com, repo.nagios.com, vs1.nagios.com. I can't find anything and it looks like it has changed from the 72.*.*.* range to a 45.*.*.* range sometime recently for assets at least.

[gsmith]

Hi

Yes, the IP address did change. We don't publish what IP's we are using, but they typically don't
change that often.

Would allowing your machines to contact *.nagios.com cause problems for you?

Thanks

[J.A.K]

Sadly not an option. The Cisco ASA our company uses doesn't support wildcard URL filters. (And Azure Route Tables only support CIDR notation, but we can work around those). Is there a recommended list of URLs to allow then? My assumption would be:

assets.nagios.com
repo.nagios.com
exchange.nagios.com
support.nagios.com

But I do also see:

api.nagios.com
newvs1.nagios.com
vs1.nagios.com
corp.nagios.com
git.nagios.com
m1.nagios.com
etc

[ssax]

Last time I profiled the install/upgrade with wireshark it returned these (80 and 443 TCP):

Code: Select all

assets.nagios.com
api.nagios.com
repo.nagios.com
pypi.org
pypi.python.org
files.pythonhosted.org

Your system would still need access to the base/updates/optional repositories that the systems needs to install the packages. By default the package manager uses a mirrorlist so I'm unable to tell you which it would use. You could set the repositories to use a specific URL instead of the mirrorlist and then you would know what those repo IPs would be.

[J.A.K]

That's a great start if nothing else. Access to normal repos fallback on standard operations in my mind so I'll let them worry about that. Thank you for the information!