The collector plays a central role in Auvik's monitoring as it gathers data from your devices and sends it to the Auvik servers for processing. As such, it may require network administrators to tailor configurations (particularly in firewalls or proxies) to allow that communication to pass through.
- Communication between the collector and the site's internal network
- Communication between the collector and the Auvik cloud
- Using Auvik through a proxy server
- Cloud ping checks
Communication between the collector and the site's internal network
Note: It is recommended that the collector be given a static IP address; this is to ensure protocols like SNMP, Netflow (Traffic Insights) and syslog function correctly. These protocols typically are locked to a specific IP.
In order to discover devices and collect data from them, the Auvik collector uses the following protocols and ports:
| URL | Port |
| *.my.auvik.com | 443 |
| Service | Protocol/port | Types of devices |
| Ping | ICMP | All |
| SMB | TCP 445 | All devices / Used to collect SMB identification |
| SNMP | UDP 161 | All that support SNMP |
| SSH | TCP 22 | Network elements |
| Telnet * | TCP 23 | Network elements |
| WMI | TCP 5985 | All Microsoft devices |
| VMWare | TCP 443 | ESXi hosts |
* For security, using SSH instead of Telnet is recommended whenever possible
As far as connections initiated by the devices to the collector, the required ports are TCP 21 and UDP 69. The collector exposes an FTP server on port 21; this is used for backups.
Note: On linux collectors, we create a port mapping from 21 => 10021, and listen to this port.
Moreover, for collectors running on Performance sites Auvik will also bind to the following UDP ports: 514, 2055, 2056, 4432, 4739, 6343, 9995 and 9996. Port 514 will be used to receive Syslog data, and the others to collect flow data for TrafficInsights.
In addition to ensuring those ports are reachable, bear in mind that the collector application will bind to these ports. If you have a Windows service collector, we recommend you install it on a system that doesn’t already have services bound to these ports. In the case of virtual appliances, the system is dedicated to the collector therefore this is not a concern.
Auvik can initiate communications using additional ports and protocols to monitor services on your devices. By default, most service monitoring is disabled. If you decide to use service monitoring, you'll need to ensure connectivity from the collector to the target devices on the desired port.
Communication between the collector and the Auvik cloud
Auvik's collector requires Internet access to upload metadata to the cloud for persistent monitoring and discovery of your network. For this communication to occur, outbound connections from the collector to the URLs in the table below must be allowed through your firewall and web filters. The Auvik cloud never initiates connections to the collector.
Note: The collector must be able to resolve the tenant URL; we do not support connecting to a fixed IP address. We do not control the IPs assigned to for the cloud (AWS/Amazon).
For all Auvik collectors
| URL | Port |
| *.auvik.com | 443 |
| *.amazonaws.com | 443 |
| *.cloudfront.net | 443 |
| *.1e100.net | 80,443 |
| *.us.archive.ubuntu.com |
80,443 |
Specific requirements for virtual appliance collectors
In addition to the above, for the virtual appliance collectors (either OVA or bash script), you'll need to allow the following:
| URL | Port | Purpose |
| *.security.ubuntu.com | 80 | Download, install packages and upgrades |
| *.canonical.com | 80 | Download, install packages and upgrades |
| *.compute.amazonaws.com | 443 | Used by the collector to communicate with Auvik's cloud infrastructure |
| *.google.com | 80, 443 | Internet connection health check |
| 8.8.8.8, 8.8.4.4 | 53 | DNS check |
| *.pool.ntp.org | 123 | NTP - time synchronization |
Using Auvik through a Proxy
If you have a proxy controlling internet access, you will be prompted for that information while installing the collector. If you use SSL/TLS inspection in your proxy, you’ll need to whitelist the collector’s IP address to bypass the inspection.
Cloud ping checks
If you are using Auvik to monitor your Internet connections or VPN gateways, you'll need to allow ICMP from a few public IP addresses to whatever devices you want to monitor. Please refer to Auvik’s network address translation (NAT) gateway for these addresses.