Skip to main content
Skip table of contents

Connectivity requirements

Overview

Find the connectivity requirements of every Nexthink product in the reference tables below. You can configure some of the products to use either a secure or a non-secure channel for specific services. Depending on their configuration, you may be required to allow connections through a different port number.

If the rule-based Collector assignment is turned on, the TCP channel of Collector also connects to the Nexthink web interface. Collectors use this connection to ask for their assigned Engine (classic).

Collector can no longer use a UDP channel to send end-user analytics to the Engine (classic). That data, as well as coordination data and updates, is transmitted through the TCP channel. The default is to use TCP port 443 for all Collector communications.

Ensure that your firewall has the TCP 443 port open for your Nexthink instance fully qualified domain names (FQDN) like <instance>.<region>.nexthink.cloud and <instance>.data.<region>.nexthink.cloud, where:

  • <instance> is the name of the Nexthink instance

  • <region> is the name of the localization of the instance

    • us for the United States

    • eu for the European Union

    • pac for the Asia-Pacific region

    • meta for the Middle East, Turkey and Africa

For each connection, the tables indicate the transport protocol used. When an application protocol handles the connection over the transport layer, the name of the application protocol precedes the name of the transport protocol.

Web interface

Port number

Protocol

Direction

Reason

Domain

443

HTTPS / TCP

OUT

Access to the Nexthink web inteface

Nextink instance FQDN, link pattern:

<instance>.<region>.nexthink.cloud

Collector

Port number

Protocol

Direction

Reason

443

WebSocket / TCP / HTTPS

OUT

Default communication channel to reach a Nexthink instance.

 
In addition, the Windows Collector calls a Windows API method once every 24 hours, which triggers a connection for the client to the domain controller operations through TCP port 135. Ephemeral TCP ports in the 49152-65535 range are used for service responses.

Data Enricher (classic)

Port number

Protocol

Direction

Reason

Domain

53

DNS / UDP

OUT

Resolving destination names by reverse IP

 

389

LDAP / TCP

OUT

Connection to Active Directory (non secure)

 

443

HTTPS / TCP

OUT

Send AD and DNS data

agora.reg.nexthink.cloud (where reg is the availability region of the customer)

636

LDAPs / TCP

OUT

Connection to Active Directory (secure)

 

Finder (classic)

Nexthink Finder is a Windows-only desktop application whose functionality is now available within the Nexthink web interface. Nexthink can now be used directly from a browser and most functions no longer require an additional desktop application.

Port number

Protocol

Direction

Reason

Domain

25

SMTP / TCP

OUT

Send email in case of errors

 

80

HTTP / TCP

OUT

Connection to the documentation website

doc.nexthink.com

HTTP / TCP

OUT

Verification of security certificates

ocsp.verisign.com

443

HTTPS / TCP

OUT

Connection to the documentation website

doc.nexthink.com

docs.nexthink.com

WebSocket / TCP

OUT

User connection to the web interface

Nexthink instance fully qualified domain name (FQDN)

HTTPS / TCP

OUT

Application installation and software updates

Nexthink instance fully qualified domain name (FQDN)

HTTPS / TCP

OUT

Support telemetry

alib.nexthink.com

HTTPS / TCP

OUT

Connection to Nexthink Library

library.nexthink.com

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.