This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Firewall Requirements

This Article Applies to:

  • Avast Business Hub
  • Avast Business On-Premise Console
  • Avast Business CloudCare
  • Avast Small Business Solutions
  • Avast Small Office Protection
  • Avast Business Antivirus
  • Avast Business Antivirus Pro
  • Avast Business Antivirus Pro Plus
  • Avast Business CloudCare Antivirus

 

For overall functionality, and to enable the Antivirus client and/or the management console to authenticate/update, you must allow certain ports and URL addresses through the firewall or proxy server on your endpoints.

 

Business Hub, On-Premise Console, and Managed Local Clients

Ports

  • UDP 53 DoH enabled – Secure DNS services (if using Real Site)
  • TCP 80 – Internet vulnerability checks and feature updates
  • TCP/UDP 443* – Encrypted communication
  • TCP 8080*, 8090* – Communication between the On-Premise Console and clients within local network
  • TCP 4158 – Mirror, for local updates within local network
  • TCP 7074 – Remote Deployment within local network
  • TCP 7500 - For push notification services

*These default ports can be modified during or after On-Premise Console setup if needed. Note that any changes should be reflected in the firewall configuration.

URLs

  • *.avast.com
  • *.avcdn.net
  • islonline.net (if using Remote Control)
  • *.managedoffsitebackup.net (if using Cloud Backup)
  • *.sosonlinebackup.com (if using Cloud Backup)
  • URLs required by application vendors (if using Patch Management - it downloads the necessary patches directly from the vendors; therefore, the connections must be allowed for the service to operate correctly)

CloudCare

Ports

  • TCP 80 - Internet vulnerability checks and feature updates
  • TCP 443 - Basic communication between the portal and the installed clients
  • UDP 123 - Accessing public time servers to prevent tampering with the Content Filtering Schedule settings
  • TCP/UDP 135 - Remote Deployment
  • TCP/UDP 5222 - XMPP communication

URLs

  • *.avast.com
  • *.avg.com
  • *.avcdn.net
  • *.m.in-app.io
  • islonline.net (if using Premium Remote Control)
  • *.sosonlinebackup.com (if using Cloud Backup)
  • *.managedoffsitebackup.net (if using Cloud Backup)
  • URLs required by application vendors (if using Patch Management - it downloads the necessary patches directly from the vendors; therefore, the connections must be allowed for the service to operate correctly)

Unmanaged Local Clients

Ports

  • UDP 53 DoH enabled – Secure DNS services (if using Real Site)
  • TCP 80 – Internet vulnerability checks and feature updates
  • TCP/UDP 443 – Encrypted communication
  • TCP 7500 - For push notification services

URLs

  • *.avast.com
  • *.avcdn.net

Geoblocking

Avast web services are hosted in many countries around the world. Therefore, we do not recommend geoblocking in your firewall settings. If geoblocking is necessary, we recommend setting URL Allow rules to supersede geoblocking, so Avast traffic can still be allowed.

 

Other Articles In This Section:

System Requirements

Antivirus v. 21.3 (Windows) Requirements

Disabling Windows Defender for Windows Server OS

Related Articles:

Quick Start: Avast Business Hub

Quick Start: Unmanaged Small Business Solutions and Small Office Protection

Creating Memory Dumps on Windows