How to whitelist TruGrid outbound traffic on the firewall
TruGrid software does not require any INBOUND firewall access to function. However, TruGrid software requires OUTBOUND access over TCP port 443 using HTTPS, in order to function. The TruGrid outbound communication is to various TruGrid and Azure Web Services. Restricting or denying outbound access to TruGrid software over TCP 443 will cause TruGrid to not function.
If you must deny or restrict outbound TCP 443 access in your network firewall, OS firewall, IPS / IDS systems, web proxies, antivirus and EDRs, etc., you must grant outbound TCP 443 access to TruGrid software, for the following TruGrid Web Services DNS names. Otherwise, TruGrid will not function.
If you have solutions that inspect or re-write SSL certificates, such as ZScaler, you must add below DNS list to your SSL Inspector BYPASS list; otherwise TruGrid will not function. As an alternative, or in addition, if your system supports Bypassed URLs list, please add ws.trugrid.com and app.trugrid.com to your Bypassed URLs list.
List of External DNS Names that TruGrid communicates with over TCP 443 / HTTPS:
*.cloudapp.net
*.servicebus.windows.net
*.trugrid.com
*.trugrid.net
*.secureworkspace.io
*.trafficmanager.net,
*.azurewebsites.net
*.service.signalr.net
*.blob.core.windows.net
*.azurecontainer.io
*.azure-devices.net
*.onmicrosoft.com
*.windows.net
dc.applicationinsights.azure.com
dc.applicationinsights.microsoft.com
dc.services.visualstudio.com
dc.services.visualstudio.com
*.in.applicationinsights.azure.com
{your branded CNAME URL, if any}
Information source: https://help.trugrid.com/en/article/how-to-whitelist-trugrid-outbound-traffic-on-the-firewall-1nniv4f/