The Systems Management (PCSM) dynamic load balancing technology means that no single IP address is ever assigned to the PCSM configuration. This greatly increases our platform resilience as we have no single point of failure.
If you are configuring a firewall for Systems Management, access should be open, outbound to the following IP addresses:
IP addresses for the tunnel server grid
Agent to Agent connectivity and remote takeover (RDP, Screenshare VNC etc) is dependent on a "Tunnel server" to initiate the connection between devices. Tunnel servers are connection relays hosted by Panda Security and build connections between devices to enable remote takeover sessions to occur. These tunnel servers are located around the globe to provide maximum coverage and the best performance depending on your location.
To make the most out of the tunnel server grid, please ensure that the IP addresses relevant to your geographic location are open on your perimetral devices and your endpoints' firewalls. Access should be open, outbound, on TCP port 443:
US East (Virginia)
South America (Sao Paulo)
Middle East (Bahrain)
22.214.171.124IP Addresses for Future Use
US East (Virginia)
In addition to IP addresses, some firewalls, proxies or security appliances may require access to the URL of the service as well as the IP address. If you are using a proxy or security appliance, ensure that the relevant URL's to your platform are whitelisted. Please note that they are all https / 443 outbound:URLs
For future reference
- Port 13300 (TCP/UDP) used for agent discovery.
Please note that part of streamlining Agent-to-platform communication for this release requires the deprecation of Connection Brokers. As functionality becomes increasingly reliant on the Agent Process rather than the Agent Service, Connection Brokers add a level of complexity that is no longer necessary.
- Port 13229 (TCP/UDP), for local cache connection.
- Port 6800 (TCP) - used for Agent communication with the process used to obtain software installers for Software Management policies.
- Ports 5223, 2195, 2196, 1640 for Apple Push Notification Services.
Consider reviewing the following Support article: What are the minimum system requirements for running the Systems Management Agent?