If your devices will operate behind a corporate network, we recommend allow-listing our firewall rules.
In this article:
Firewall Rules FAQ
Are firewall rules required?
Not every organization will need to add these firewall rules to their network. However, if your organization uses firewalls at any location that uses Esper-managed devices, you’ll need to allow these rules for those devices to communicate with the console.
What’s the relation between firewall rules and Esper Agent versions?
Each time you onboard an Android device to Esper, Esper installs an Esper Agent version. We record what kinds of updates we make to the software in our Esper Agent release notes. Some features, such as our Current Firewall Rules, will only work with a minimum version of Esper Agent. Because of this, we recommend keeping your devices on the most up-to-date version.
Viewing Firewall Rules
A detailed list of our firewall rules can be found in our Firewall Rules Requirements article. Not sure what rules to enable? Go to Profile > Tenant Settings.
In Tenant Settings, you’ll see the Legacy or Current Firewall Rules. You'll see the Current Firewall Rules if your tenant’s devices are at or above the minimum Esper Agent version. If the devices are below the minimum version, you’ll see the Legacy Firewall Rules and Current Firewall Rules.
Current Firewall Rules view
In this tenant, the devices are above the minimum version, so only the Current Firewall Rules are visible.
Legacy Firewall Rules view
A tenant where devices are below the minimum Esper Agent version. The Legacy firewall rules will appear at the top, and the Current Firewall Rules can be viewed by scrolling down.
Regardless if your devices are at or above the minimum Esper Agent, you’ll need to add '.shoonyacloud.com (TCP: 443) if your devices use Android Enterprise provisioning.
Enabling and Disabling Static URL
If you’re concerned about enabling *.amazonaws.com, you can use Esper’s streamer service. Learn more about streamer, a service that provides a static URL alternative. You may need to enable proxy access through your router as well.
To enable static URL, click on the Enable static URL toggle.
You can enable it regardless of whether or not you’re using Legacy or Current Firewall rules.
Once enabled, you’ll be prompted to add one of the following rules to your Firewall allow list:
- streamer.esper.cloud (TCP: 443) or *.esper.cloud (TCP: 443)
When disabling the service, you’ll be prompted to add the following URL to your allowlist:
- *.amazonaws.com (TCP: 443 | TCP: 8883)