This site is only for Avast Business products. For articles on AVG Business products, see AVG Business Help.

Firewall Requirements

For overall functionality, and to enable the Antivirus clients and/or the Management Consoles to authenticate/update, you must allow certain ports and URL addresses through your Firewall or Proxy Server.

Geoblocking

Avast web services are hosted in many countries around the world. Therefore, we do not recommend geoblocking in your firewall settings.

If geoblocking is necessary, we recommend you set URL Allow rules to supercede geoblocking, so Avast traffic can still be allowed.

Avast Business Managed (Hub, On-Premise Console, Antivirus Endpoints)

Ports (TCP & UDP)

  • 53 – Secure DNS services (only if using Real Site component)
  • 80 – Internet vulnerability checks and feature updates
  • 443 – Encrypted communication
  • 8080, 8090 – Communication between console and clients within local network (only for On-Premise Console)
  • 4158 – Mirror, for local updates within local network
  • 7074 – Remote Deployment within local network

URLs

  • *.avast.com
  • *.avcdn.net
  • islonline.net (Hub only, for Remote Control)
  • *.managedoffsitebackup.net (Hub only, for Cloud Backup)
  • *.sosonlinebackup.com (Hub only, for Cloud Backup)
  • URLs required by application vendors - Patch Management will download the necessary patches directly from the vendors; therefore, the connections must be allowed in order for the service to operate correctly.

Essential/Premium/Ultimate Business Security Endpoints (Unmanaged)

Ports (TCP & UDP)

  • 53 – Secure DNS services (only if using Real Site component)
  • 80 – Internet Vulnerability Checks and Feature Updates
  • 443 – Encrypted communication (only if using Real Site component)

URLs

  • *.avast.com
  • *.avcdn.net

Avast Business CloudCare

Ports

  • TCP 80 - Internet Vulnerability Checks and Feature Updates
  • TCP 443 - basic communication between the portal and the installed clients
  • UDP 123 - accessing public time servers to prevent tampering with the Content Filtering Schedule settings
  • TCP & UDP 135 - for remote deployment
  • TCP & UDP 5222 - for XMPP communication

URLs

  • *.avast.com
  • *.avg.com
  • *.avcdn.net
  • *.m.in-app.io
  • islonline.net (for Premium Remote Control)
  • *.sosonlinebackup.com (for Online Backup)
  • *.managedoffsitebackup.net (for Online Backup)
  • downloads.storagecraft.com (for ShadowProtect)
  • URLs required by application vendors - Patch Management will download the necessary patches directly from the vendors; therefore, the connections must be allowed in order for the service to operate correctly.