Skip to main content

 

Eptura Knowledge Center

Deployment Requirements

These requirements refer to systems that require a Proxyclick client to be installed to manage communication between your access control system and Proxyclick.

Cloud-based access control systems do not need our client software, and the below steps can be skipped.

The access control client must be installed on a Windows machine with access to the public internet. The client needs to be always on to function correctly.

Hardware


Proxyclick's access control client is lightweight and has low hardware requirements. A machine of this specification, or greater, will run the client comfortably:

  • Dual-core @ 2GHz
  • 4GB RAM
  • 10GB minimum free disk space

Software


The software requirements for the Proxyclick access control client are as follows:

  • Windows 8.1, 10, Server 2012, Server 2016, Server 2019, Server 2022
  • Latest service packs and updates recommended
  • .NET Framework v4.8 or higher

Network


The client is configured in polling (outbound) mode and will establish communication with Proxyclick cloud servers via an outgoing connection.

This means you do not have to open port 443 on the public side of the network unless outbound traffic is restricted via the firewall.

Outbound traffic filtering

If outbound traffic is restricted, ensure the client can connect to Proxyclick cloud servers over port 443. Our clients do not need any inbound port forwarding from the public internet.

Traffic to the following IP addresses must be allowed. Depending on your region, the IPs used will be different; select the closest region to your installation. There will always be 4 IP addresses: two global and two region-specific.

The domain client.proxyclick-extender.com/ (port 443) will need unblocking for all the below IPs.

Domain/IP firewall unblocked list

Hostname / IP Address Comments Global  
proxyclick-extender.com Domain for unblocking Global  

client.proxyclick-extender.com

40.114.238.117 &

40.115.97.55

Use if your firewall requires additional subdomain-level unblocking Global https://client.proxyclick-extender.com/

52.255.167.22

Use if your firewall works via IP instead of hostname US East Coast https://001-useast.router.proxyclick...er.com/polling

52.254.20.216

Use if your firewall works via IP instead of hostname US East Coast https://002-useast.router.proxyclick...er.com/polling
13.74.157.199 Use if your firewall works via IP instead of hostname Europe https://003-europe.router.proxyclick...er.com/polling
40.91.225.172 Use if your firewall works via IP instead of hostname Europe https://004-europe.router.proxyclick...er.com/polling

Connection to the Access Control system

The Access Control system API or SDK port needs to be accessible from the machine our client is installed on, and your Access Control Administrator must confirm the port is available. When possible, the specific access control system’s documentation will note a method of testing this connection. Note that the port is often configurable.

System-specific outbound port list

Access Control System Default Port of access control API Connection test from client machine
Net2 Access Control 8025 See ACS Documentation
S2 Netbox 80 See ACS Documentation
C-Cure 9000 80 See ACS Documentation
OnGuard 8080 See ACS Documentation
AC2000 443 See ACS Documentation
AEOS 8443 See ACS Documentation
Gentec 4590 See ACS Documentation
Gallagher Command Centre 8904 See ACS Documentation
AMAG 443 See ACS Documentation

The above covers the requirements for the Proxyclick client to communicate with Proxyclick servers successfully. The client then needs to be connected to the ACS server on the secure side of the network.

Notes on Proxyclick client to Proxyclick server communication

  • The client and server utilize mutual authentication to communicate securely. Both the client and server have to trust each other's certificate and communicate over TLS-encrypted channels (WebSockets)
  • The two rows where we mention ‘Global’ are used for specific outbound HTTPS traffic, we do not guarantee a specific region, but these are hosted in EU data centers.

If the above hardware and software requirements have been met and you are confident in the network set up, you can mark them as complete on your checklist.