Deployment Requirements
The below requirements refer to systems that require a Proxyclick client to be installed to manage communication between your access control system and Proxyclick.
Cloud-based access control systems do not need our client software, and the below steps may be skipped.
The access control client must be installed on a Windows machine with access to the public internet. The client needs to be always on to function correctly.
Hardware
Proxyclick's access control client is lightweight and has low hardware requirements. A machine of this specification, or greater, will run the client comfortably:
- Dual-core @ 2GHz
- 4GB RAM
- 10GB minimum free disk space
Software
The software requirements for the Proxyclick access control client are as follows:
- Windows 8.1, 10, Server 2012, Server 2016, and Server 2019
- Latest service packs and updates recommended
- .NET Framework v4.8 or higher
Network
The client is configured in polling (outbound) mode and will establish communication with Proxyclick cloud servers via an outgoing connection.
This means you do not have to open port 443 on the public side of the network unless outbound traffic is restricted via the firewall.
Outbound traffic filtering
If outbound traffic is restricted, ensure the client can connect to Proxyclick cloud servers over port 443. Our clients do not need any inbound port forwarding from the public internet.
Traffic to the following IP addresses (please expand the table below) must be allowed. Depending on your region, the IPs used will be different - select the closest region to your installation. There will always be 4 IP addresses: two global and two region-specific.
The domain client.proxyclick-extender.com/ (port 443) will need unblocking for all the below IPs.
Domain/IP firewall unblocked list
| Hostname / IP Address | Comments | Global | |
|---|---|---|---|
| proxyclick-extender.com | Domain for unblocking | Global | |
|
client.proxyclick-extender.com 40.114.238.117 & 40.115.97.55 |
Use if your firewall requires additional subdomain-level unblocking | Global | https://client.proxyclick-extender.com/ |
|
52.255.167.22 |
Use if your firewall works via IP instead of hostname | US East Coast | https://001-useast.router.proxyclick...er.com/polling |
|
52.254.20.216 |
Use if your firewall works via IP instead of hostname | US East Coast | https://002-useast.router.proxyclick...er.com/polling |
| 13.74.157.199 | Use if your firewall works via IP instead of hostname | Europe | https://003-europe.router.proxyclick...er.com/polling |
| 40.91.225.172 | Use if your firewall works via IP instead of hostname | Europe | https://004-europe.router.proxyclick...er.com/polling |
Connection to the access control system
The access control system API or SDK port needs to be accessible from the machine our client is installed on, and your access control administrator would have to confirm the port is available. When possible, the specific access control system’s documentation will note a method of testing this connection. Please note that the port is often configurable.
System-specific outbound port list
| Access Control System | Default Port of access control API | Connection test from client machine |
|---|---|---|
| Net2 Access Control | 8025 | See ACS Documentation |
| S2 Netbox | 80 | See ACS Documentation |
| C-Cure 9000 | 80 | See ACS Documentation |
| OnGuard | 8080 | See ACS Documentation |
| AC2000 | 443 | See ACS Documentation |
| AEOS | 8443 | See ACS Documentation |
| Gentec | 4590 | See ACS Documentation |
| Gallagher Command Centre | 8904 | See ACS Documentation |
| AMAG | 443 | See ACS Documentation |
The above covers the requirements for the Proxyclick client to communicate with Proxyclick servers successfully. The client then needs to be connected to the ACS server on the secure side of the network.
Notes on Proxyclick client to Proxyclick server communication
- The client and server utilize mutual authentication to communicate securely. Both the client and server have to trust each other's certificate and communicate over TLS-encrypted channels (WebSockets)
- The two rows where we mention ‘Global’ are used for specific outbound HTTPS traffic, we do not guarantee a specific region, but these are hosted in EU data centers.
If the above hardware and software requirements have been met and you are confident in the network setup, you may mark them as complete on your checklist.