Skip to main content
Skip table of contents

Firewall Whitelisting and Web Proxy Setting

LAST UPDATED: FEB 14, 2025

Firewall Whitelisting for Docker Installation and D3 Proxy Agent Container Image

If internet traffic is blocked by default, specific domains or IP addresses must be whitelisted to enable the download of the Docker package and the D3 container images that are hosted on Google Container Registry (GCR).

Domains to Whitelist

  1. Docker (for downloading Docker packages):

    • http://download.docker.com

  2. Google Container Registry (previously for downloading container images):

    • http://gcr.io

    • storage.googleapis.com

  3. Azure Container Registry (transitioning to source for downloading container images):

    • d3soar.azurecr.io

Checking IP Addresses for Whitelisting

To determine the IP addresses associated with the domains that require access, use the nslookup command.

EXAMPLE

The above screenshot demonstrates that the domain download.docker.com resolves to multiple IP addresses.

To enable access, one can either:

  • Allow traffic to the domain: Whitelisting download.docker.com ensures consistent access without needing to track specific IP addresses.

  • Allow traffic to a list of resolved IP addresses: If whitelisting by domain is not possible, use nslookup from your server to retrieve all the public IP addresses associated with the domain. Ensure that all resolved IP addresses are included in the whitelist.

Using D3 Proxy Agent with a Web Proxy Server

To route D3 proxy agent’s outbound internet connections to a web proxy server, some configuration changes are required.

  1. Open docker-compose.yml, then add the following to the environment section:

    YAML
    HTTP_PROXY=<Web Proxy Server:Port>
    
    HTTPS_PROXY=<Web Proxy Server:Port>
    
    NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>

The docker-compose.yml file should now resemble the following:

YAML
version: "3.3"
services:
  d3agent:
    image: "d3soar.azurecr.io/d3prod/d3agent:<D3 vSOC version>"
    restart: always
    environment:
      - REMOTE_SERVER_URL=<D3 vSOC Url>
      - PROXY_IDENTITY=<D3 vSOC Agent Security Token>
      - PYTHON_REMOTE_URL=http://<Docker Host IP>:<Docker Host Port>/
      - PYTHON_REMOTE_GUID=7e036a86dbee40d9913c3794e779eae4
      - SERVICE_DISPLAY_NAME=<Proxy Agent Display Name>
      - DOCKER_GID=<Docker Group ID>
      - DOCKER_PORT=<Docker Host Port>
      - HTTP_PROXY=<Web Proxy Server IP:Port>
      - HTTPS_PROXY=<Web Proxy Server IP:Port>
      - NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
  
  d3executor:
    image: "d3soar.azurecr.io/d3prod/d3executor:<D3 vSOC version>"
    ports:
      - "<Docker Host Port>:9090"
    restart: always
    environment:
      - EXECUTOR_GUID=7e036a86dbee40d9913c3794e779eae4
      - HTTP_PROXY=<Web Proxy Server IP:Port>
      - HTTPS_PROXY=<Web Proxy Server IP:Port>
      - NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>

The HTTP_PROXY and HTTPS_PROXY variables specify the web proxy server's HTTP and HTTPS connections, respectively. Additional addresses, such as private IPs, DNS names, and other local integration host addresses that should bypass the proxy, must be included in the NO_PROXY variable.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.