How do endpoints communicate with console?
Communication between assets and the AIR console is made via the ports listed below:
  • HTTPS (443) is the default port agents use for retrieving their tasks from the console,
  • NATS (4222) (optional) is used for pushing tasks to assets in real-time. In case this port is not allowed in your environment, AIR uses HTTP(S) polling as its default task retrieval mechanism.

Notes on Firewall Rules

The console installer automatically adds inbound allow rules for the above ports to Windows Firewall.
On the other hand, the agent installer doesn't set any firewall exclusions and it is your responsibility to make sure enterprise firewall policies allow assets to access console over these ports.