16.4. Operation Behind Firewall

If the Intra2net System is not used directly on the Internet, but behind a firewall, some connections have to be allowed on it.


Intra2net has the right to change the IP addresses behind the DNS names at any time and without prior notice. Only changes to the DNS name will be announced in advance. If your firewall does not accept DNS names and cannot update them regularly, it is advisable to either check the DNS names on a regular basis or to release all connections from the Intra2net system to the corresponding ports.

Intra2net systems must be able to establish connections (outgoing connections) to the following targets:

TargetProtocolTarget Port / Packet TypeFunction
update.intra2net.comTCP443 (https)System updates, anti-spam updates, licenses, coordination of antivirus updates
avupdate.intra2net.comTCP443 (https)Antivirus Update Data
*.avcloud.intra2net.comTCP443 (https)Antivirus cloud for real-time scanning of virus checksums
avfpc.intra2net.comTCP443 (https)Antivirus cloud for real-time queries of false positives
*.intra2net.pool.ntp.ntp.org or NTP server of choiceTCP and UDP123 (ntp)Time Synchronization
support.intra2net.comTCP5000 to 5050Manufacturer Remote Maintenance
Your DNS ServerTCP and UDP53 (dns)Name Resolution
Multiple ServersTCP2703Razor Spam Detection
Multiple ServersICMPEcho-Request (Ping)Connection Monitoring

Other possible services to be activated are email (POP3 and SMTP) as well as HTTP, HTTPS and FTP for the Intra2net system proxy.

If you want to use the services listed below, you must open the corresponding ports for incoming connections from the Internet:

ProtocolDestination portFunction
TCP443 (https)

Web groupware, Activesync, remote maintenance

Note: The port number used for web groupware and remote maintenance can be changed. Activesync works on port 443 only.

TCP80 (http)Issuing and renewing certificates via Let's Encrypt
TCP25 (smtp)Receive incoming emails via SMTP (MX record points to external IP)
TCP587 (smtp-submission)Sending emails by external users
TCP993 (imaps)Retrieval of emails and groupware data by external users
UDP500 and 4500Incoming VPN connections