Firewall Whitelisting and Web Proxy Setting
LAST UPDATED: FEB 14, 2025
Firewall Whitelisting for Docker Installation and D3 Proxy Agent Container Image
If internet traffic is blocked by default, specific domains or IP addresses must be whitelisted to enable the download of the Docker package and the D3 container images that are hosted on Google Container Registry (GCR).
Domains to Whitelist
Docker (for downloading Docker packages):
http://download.docker.com
Google Container Registry (previously for downloading container images):
http://gcr.io
storage.googleapis.com
Azure Container Registry (transitioning to source for downloading container images):
d3soar.azurecr.io
Checking IP Addresses for Whitelisting
To determine the IP addresses associated with the domains that require access, use the nslookup
command.
EXAMPLE

The above screenshot demonstrates that the domain download.docker.com
resolves to multiple IP addresses.
To enable access, one can either:
Allow traffic to the domain: Whitelisting
download.docker.com
ensures consistent access without needing to track specific IP addresses.Allow traffic to a list of resolved IP addresses: If whitelisting by domain is not possible, use
nslookup
from your server to retrieve all the public IP addresses associated with the domain. Ensure that all resolved IP addresses are included in the whitelist.
Using D3 Proxy Agent with a Web Proxy Server

To route D3 proxy agent’s outbound internet connections to a web proxy server, some configuration changes are required.
Open
docker-compose.yml
, then add the following to the environment section:YAMLHTTP_PROXY=<Web Proxy Server:Port> HTTPS_PROXY=<Web Proxy Server:Port> NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>
The docker-compose.yml
file should now resemble the following:
version: "3.3"
services:
d3agent:
image: "d3soar.azurecr.io/d3prod/d3agent:<D3 vSOC version>"
restart: always
environment:
- REMOTE_SERVER_URL=<D3 vSOC Url>
- PROXY_IDENTITY=<D3 vSOC Agent Security Token>
- PYTHON_REMOTE_URL=http://<Docker Host IP>:<Docker Host Port>/
- PYTHON_REMOTE_GUID=7e036a86dbee40d9913c3794e779eae4
- SERVICE_DISPLAY_NAME=<Proxy Agent Display Name>
- DOCKER_GID=<Docker Group ID>
- DOCKER_PORT=<Docker Host Port>
- HTTP_PROXY=<Web Proxy Server IP:Port>
- HTTPS_PROXY=<Web Proxy Server IP:Port>
- NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>
volumes:
- /var/run/docker.sock:/var/run/docker.sock
d3executor:
image: "d3soar.azurecr.io/d3prod/d3executor:<D3 vSOC version>"
ports:
- "<Docker Host Port>:9090"
restart: always
environment:
- EXECUTOR_GUID=7e036a86dbee40d9913c3794e779eae4
- HTTP_PROXY=<Web Proxy Server IP:Port>
- HTTPS_PROXY=<Web Proxy Server IP:Port>
- NO_PROXY=localhost,127.0.0.1,<Docker Host IP>,<Other local integration host address,...>
The HTTP_PROXY
and HTTPS_PROXY
variables specify the web proxy server's HTTP and HTTPS connections, respectively. Additional addresses, such as private IPs, DNS names, and other local integration host addresses that should bypass the proxy, must be included in the NO_PROXY
variable.