Question
Can I get a list of URLs that need to be whitelisted for All CC Products?
Answer
Here's the list below:
*CCL
The operating systems for CCL must be: Windows Server 2008 R2 or newer, Windows 7 or newer
Port 443 should be all we need. All of the traffic is HTTPS.
CCLite needs to have access to the following URLS (IPs as of 3/19/18):
-
- nexus.commandcentral.com - 52.32.152.175
- admin.commandcentral.com - 96.127.93.163
- api.commandcentral.com - 96.127.93.163
- connector.crimereports.com - 52.222.65.129
- idm.imw.motorolasolutions.com - 52.222.113.243
- imw.motorolasolutions.com
- Crimedataingest.usgov.commandcentral.com
*For Vault
- Idmx509.imw.motorolasolutions.com:443
- 2.android.pool.ntp.org:123
- Api.commandcentral.com:443
- S3-us-gov-west-1.amazonaws.com:443
- s3-us-gov-west-1.amazonaws.com:443
- imw.motorolasolutions.com:443
- imw.motorolasolutions.com:9032
*For Command Central
- do-not-reply@imw.motorolasolutions.com
*for emails:
- mail.imw.motorolasolutions.com 160.1.80.115
- mail.imw.motorolasolutions.com 52.61.98.137
- Sendgrid.com 168.245.65.31 and 168.245.28.148 (Old 198.37.156.94 as of March 22,22)
The following is specific to download issues and might help with playback issues on the CCE/CC Sharing side.
- *.blob.core.usgovcloudapi.net
- *.blob.core.windows.net
- https://evidence.commandcentral.com/media-download/*
For Customers with VMEL, below is the network whitelist for Evidence Library (EL5 / ELC / EL Cloud). All of the following are required by the customer.
Item Reason
- *.evidencelibrary.com.com Application
- *.azure.us Identity & Authentication
- *.onmicrosoft.com.com Identity & Authentication
- *.microsoftonline.us Identity & Authentication
- *.windows.net Identity & Authentication
- *.microsoftonline-p.com Identity & Authentication
- *.usgovcloudapi.net Storage Services (Azure) - Queues, Blobs
- *.launchdarkly.com Feature Toggle Services (Feature Flags)
- *.influxcloud.net:8086 Telemetry & Metrics
- *.services.visualstudio.com Telemetry & Metrics
- *.secure.aadcdn. microsoftonline-p.com Content Rendering for Microsoft Authentication
For Orchestrate:
Emails from Orchestrate:
- Orchestrate@motorolasolutions.com Note:both US and CA instances send emails from this address.
For CommandCentral US GOV:
- admin.commandcentral.com
- admin-api.usgov.commandcentral.com
- aware.commandcentral.com
- api2.commandcentral.com
- audit.usgov.commandcentral.com
- aware-api.usgov.commandcentral.com
- aware-publisher-ws.usgov.commandcentral.com
- awarewebclientprod.blob.core.windows.net
- collaboration-tools-service-production.usgov.commandcentral.com
- community.commandcentral.com
- cc911.commandcentral.com
- drive.usgov.commandcentral.com
- evidence.commandcentral.com
- evidence.usgov.commandcentral.com
- idm.imw.motorolasolutions.com
- jail.usgov.commandcentral.com
- jail.commandcentral.com
- lsm.usgov.commandcentral.com
- public-shares.commandcentral.com
- public-shares.usgov.commandcentral.com
- records.commandcentral.com
- records.usgov.commandcentral.com
- rms.commandcentral.com
- search.commandcentral.com
- search.usgov.commandcentral.com
- sharing.commandcentral.com
- userpreferences.usgov.commandcentral.com
- vault.commandcentral.com
It would be best if they allowed traffic from the whole: *.commandcentral.com domain - this way when we add new api's they won't need to modify it.
Also please note that we need the websocket connection allowed from: aware-publisher-ws.usgov.commandcentral.com otherwise there won't be any data.
CA:
- idm.imw.motorolasolutions.ca
- aware.commandcentral.ca
- admin.commandcentral.ca
- audit.usgov.commandcentral.ca
- admin-api.usgov.commandcentral.ca
- aware-api.usgov.commandcentral.ca
- api2.commandcentral.ca
- aware-publisher-ws.usgov.commandcentral.ca
- awarewebclientprod.blob.core.windows.net
- orchestrate-acm.commandcentral.ca
- egress.ent.commandcentral.ca