How to Properly Allowlist the Liongard Platform

πŸ‘

Liongard Terminology

Liongard uses "allowlist" when referring to "whitelist" and "blocklist" in place of "blacklist."

There are several forms of allowlisting which you may have to do with Liongard in order to fully leverage the platform. We have detailed each below, but if you have particular questions, please open a chat with Support.

On-Premises Agent & Self-Hosted Agent

If any of your networks heavily filter outbound traffic, you may need to allowlist some hosts in order for the Agent to send data back to Liongard. The Liongard Agent sends traffic outbound via HTTPS with a destination port of 443.

Please note 5 key URLs are used by the Agent and will need to be accessible in order for the Agent to properly function.

Find the URL below that closely matches your instance URL, allowlist it (replacing the question mark with the appropriate number) and allowlist the URLs shown under it.

aus?.app.liongard.com

  • sqs.ap-southeast-2.amazonaws.com
  • s3.ap-southeast-2.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.aus?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.aus1.app.liongard.com)

us?.app.liongard.com

  • sqs.us-west-2.amazonaws.com
  • s3.us-west-2.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.us?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.us1.app.liongard.com)

ca?.app.liongard.com

  • sqs.ca-central-1.amazonaws.com
  • s3.ca-central-1.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.ca?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.ca1.app.liongard.com)

uk?.app.liongard.com

  • sqs.eu-west-2.amazonaws.com
  • s3.eu-west-2.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.uk?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.uk1.app.liongard.com)

eu?.app.liongard.com

  • sqs.eu-central-1.amazonaws.com
  • s3.eu-central-1.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.eu?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.eu1.app.liongard.com)

sa?.app.liongard.com

  • sqs.sa-east-1.amazonaws.com
  • s3.sa-east-1.amazonaws.com
  • d2thwq4mlwsvm8.cloudfront.net
  • api.sa?.app.liongard.com (Replace the ? with the number listed in your Liongard URL. For example: api.sa1.app.liongard.com)

For Debugging Purposes:

Regardless of what region you are in, troubleshooting methods for debugging inspections may additionally require access to the following URL. If you need to engage in troubleshooting inspections or engage with Liongard Support, they may ask you to also allowlist this URL:

  • s3-us-west-2.amazonaws.com

Agent IP Address

The Agent makes a call to several websites that pull the public IP address. If the IP address is not showing when navigating to Admin > Agents, then these sites may be blocked by a web filter, security monitoring, etc.

To remediate, allowlist the following addresses:

https://api.ipify.org/
https://api6.ipify.org/
https://icanhazip.com/

Allowlisting for Integrations

If you are enforcing network security for tools like ConnectWise, IT Glue, AutoTask, etc. and you are using Liongard to populate those with documentation or have ticketing enabled, then it's important you allowlist the ingest processing IP address.

To find the IP address follow these steps:

  1. Log in to Liongard
  2. Click on your profile name in the upper right-hand corner of the Navigation Screen, and then select Account Settings
  3. In the Account Setting screen, click on the My Liongard Instance tab
  4. Finally, find the row in the table labeled Integrations IP Address. This is the IP address you need to allowlist for the application you are integrating with, depending on your specific setup.

Liongard Platform

If you want to allowlist the Liongard platform itself, for instance, if you want to allow your users access to it from your internal network, then, follow the steps outlined below:

  1. Log in to Liongard
  2. Click on your profile name in the upper right-hand corner of the navigation screen, and then, select Account Settings
  3. In the Account Settings screen, click on the My LiongardInstance tab
  4. Finally, find the row in the table labeled Application IP Address. This is the IP address you need to allowlist for the Liongard application itself.

Third-party Security Tools

Third-party security tools, such as ThreatLocker and Blackfog, are known to interfere with Liongard Agent communications. To avoid complications, ensure that you have allowlisted all necessary paths or set your software into "learning mode" before deploying the Liongard Agent.

The Liongard Agent must have access to c:\program files (x86)\liongardinc\liongardagent\jobs and c:\windows\system32\windowspowershell\v1.0