Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

How to Configure a Firewall for Specops Authentication

Specops Authentication is the hybrid cloud platform which is the foundation for uReset, Secure Service Desk, and Key Recovery. This article will detail network requirements for connecting to the Specops cloud.

Gatekeeper Servers

The Gatekeeper server enables connections to your on-prem Active Directory servers by establishing an outbound TLS-encrypted connection initiated from your internal network. Each Gatekeeper server will need access to the following hosts/URLs in order to establish a connection to the cloud:

North America Data Center

URLIP AddressProtocolPort
https://gk.specopssoft.com
100.25.107.188TCP443
https://login.specopssoft.com34.229.31.169
50.16.166.102
TCP443
http://crl.godaddy.comTCP80

EU Data Center

URLIP AddressProtocolPort
https://eu.gk.specopssoft.com
40.115.100.238TCP443
https://eu.login.specopssoft.com40.87.137.8TCP443
http://crl.godaddy.comTCP80

Proxy/SSL Inspection Requirements

Gatekeepers can use a web proxy to access these URLs; if proxy authentication is required ensure both the administrator installing the Gatekeeper and the Gatekeeper service account are authorized and no captive portals are required.

SSL inspection/MITM certificates are not supported. If the certificate presented for these URLs is not issued by Go Daddy Secure Certificate Authority – G2 the Gatekeeper server will refuse to connect.

In order to confirm your connection is properly configured, browse to https://login.specopssoft.com from a browser on your Gatekeeper server. Click in the address bar to view the certificate details (steps vary by browser; in Internet Explorer you can click the padlock to the right of the address bar). Confirm the certificate issuer is shown as expected.

End Users

End users (including users of the Specops Authentication client), administrators, and service desk users accessing the Specops Authentication Web will need access to the following URLs:

North America Data Center

URLIP AddressProtocolPort
https://login.specopssoft.com34.229.31.169
50.16.166.102
TCP443
https://js.specopsauthentication.com
34.229.31.169
50.16.166.102
TCP443
https://trust.specopsauthentication.com
34.229.31.169
50.16.166.102
TCP443
http://crl.godaddy.comTCP80

EU Data Center

URLIP AddressProtocolPort
https://eu.login.specopssoft.com40.87.137.8TCP443
https://eu.js.specopsauthentication.com
40.87.137.8TCP443
https://eu.trust.specopsauthentication.com
40.87.137.8TCP443
http://crl.godaddy.comTCP80

If end users/workstations are behind a proxy that requires authentication, it may be necessary to bypass authentication for these URLs so that end users who cannot authenticate due to a password issue can still access the Reset Password web page.

July 28, 2020

Was this article helpful?

Related Articles