Whitelisting requirements for IP addresses and URLs


Connecting to the Datto RMM Web Portal

To allow seamless connectivity to the Datto RMM Web Portal, and between Agents, you must open TCP port 443 outbound through your firewall.

If your company has a more aggressive security posture for outbound traffic (e.g. port blocking and IP address access lists), then you may need to whitelist a number of IP addresses, as well as open up port 443 to allow Datto RMM to make the required connections. The IP addresses you must whitelist are specific to your platform, and you only need to whitelist the ones associated with your platform.

For information about the platform your site is hosted on, refer to Datto RMM platforms.

Connecting Agents through the tunnel server grid

Unless a peer-to-peer connection can be established between devices, Agent to Agent connectivity and remote takeover are managed by a tunnel server over an encrypted connection. Tunnel servers are connection relays located around the globe to provide maximum coverage and the best performance depending on your location. They are automatically available to all users.

When a remote takeover session is initiated:

  1. The admin device performs a DNS query to find the nearest tunnel server. The tunnel server is picked based on the proximity to the admin device.
  1. A connection is made to a load-balanced tunnel server cluster.
  1. Finally, a connection is established to the remote device.

To make the most of the tunnel server grid, please ensure that the IP addresses relevant to your geographic location are whitelisted and outbound traffic on port 443 is open on your own and your endpoints' firewalls.

Stateful Packet Inspection

It is strongly recommended that any Stateful Packet Inspection be turned off for access to any centrastage.net address, and that all attempts possible are made to guarantee that TCP connections to the cc.centrastage.net addresses are not terminated in cases of inactivity. (These connections may be inactive for up to 180 seconds at a time if no client activity is detected.)

Whitelist the following IP addresses and URLS


Want to talk about it? Head on over to our Community Forum!
Forward this topic to others
Provide feedback for the Documentation team